Vulnerabilites related to caldera - openlinux_server
cve-2001-1030
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 04:44
Severity ?
EPSS score ?
Summary
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/197727 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6862 | vdb-entry, x_refsource_XF | |
| http://www.redhat.com/support/errata/RHSA-2001-097.html | vendor-advisory, x_refsource_REDHAT | |
| http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01 | vendor-advisory, x_refsource_IMMUNIX | |
| http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3 | vendor-advisory, x_refsource_MANDRAKE | |
| http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt | vendor-advisory, x_refsource_CALDERA | |
| http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T04:44:06.644Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20010718 Squid httpd acceleration acl bug enables portscanning", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/197727", }, { name: "squid-http-accelerator-portscanning(6862)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862", }, { name: "RHSA-2001:097", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2001-097.html", }, { name: "IMNX-2001-70-031-01", tags: [ "vendor-advisory", "x_refsource_IMMUNIX", "x_transferred", ], url: "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01", }, { name: "MDKSA-2001:066", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3", }, { name: "CSSA-2001-029.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred", ], url: "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt", }, { name: "20010719 TSLSA-2001-0013 - Squid", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2001-07-18T00:00:00", descriptions: [ { lang: "en", value: "Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2002-02-06T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20010718 Squid httpd acceleration acl bug enables portscanning", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/197727", }, { name: "squid-http-accelerator-portscanning(6862)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862", }, { name: "RHSA-2001:097", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2001-097.html", }, { name: "IMNX-2001-70-031-01", tags: [ "vendor-advisory", "x_refsource_IMMUNIX", ], url: "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01", }, { name: "MDKSA-2001:066", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3", }, { name: "CSSA-2001-029.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", ], url: "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt", }, { name: "20010719 TSLSA-2001-0013 - Squid", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2001-1030", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20010718 Squid httpd acceleration acl bug enables portscanning", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/197727", }, { name: "squid-http-accelerator-portscanning(6862)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862", }, { name: "RHSA-2001:097", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2001-097.html", }, { name: "IMNX-2001-70-031-01", refsource: "IMMUNIX", url: "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01", }, { name: "MDKSA-2001:066", refsource: "MANDRAKE", url: "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3", }, { name: "CSSA-2001-029.0", refsource: "CALDERA", url: "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt", }, { name: "20010719 TSLSA-2001-0013 - Squid", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2001-1030", datePublished: "2002-06-25T04:00:00", dateReserved: "2002-01-31T00:00:00", dateUpdated: "2024-08-08T04:44:06.644Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2001-0980
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-08 04:37
Severity ?
EPSS score ?
Summary
docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6854 | vdb-entry, x_refsource_XF | |
| http://www.calderasystems.com/support/security/advisories/CSSA-2001-026.0.txt | vendor-advisory, x_refsource_CALDERA | |
| http://www.securityfocus.com/bid/3052 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T04:37:07.022Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "docview-httpd-command-execution(6854)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/6854", }, { name: "CSSA-2001-026.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred", ], url: "http://www.calderasystems.com/support/security/advisories/CSSA-2001-026.0.txt", }, { name: "3052", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/3052", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2001-07-17T00:00:00", descriptions: [ { lang: "en", value: "docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2002-02-06T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "docview-httpd-command-execution(6854)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/6854", }, { name: "CSSA-2001-026.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", ], url: "http://www.calderasystems.com/support/security/advisories/CSSA-2001-026.0.txt", }, { name: "3052", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/3052", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2001-0980", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "docview-httpd-command-execution(6854)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/6854", }, { name: "CSSA-2001-026.0", refsource: "CALDERA", url: "http://www.calderasystems.com/support/security/advisories/CSSA-2001-026.0.txt", }, { name: "3052", refsource: "BID", url: "http://www.securityfocus.com/bid/3052", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2001-0980", datePublished: "2002-03-09T05:00:00", dateReserved: "2002-01-31T00:00:00", dateUpdated: "2024-08-08T04:37:07.022Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2001-0851
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-08 04:37
Severity ?
EPSS score ?
Summary
Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3 | vendor-advisory, x_refsource_MANDRAKE | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7461 | vdb-entry, x_refsource_XF | |
| http://www.novell.com/linux/security/advisories/2001_039_kernel2_txt.html | vendor-advisory, x_refsource_SUSE | |
| http://www.redhat.com/support/errata/RHSA-2001-142.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.linuxsecurity.com/advisories/other_advisory-1683.html | vendor-advisory, x_refsource_ENGARDE | |
| http://www.caldera.com/support/security/advisories/CSSA-2001-038.0.txt | vendor-advisory, x_refsource_CALDERA | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000432 | vendor-advisory, x_refsource_CONECTIVA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T04:37:06.400Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MDKSA-2001:082", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3", }, { name: "linux-syncookie-bypass-filter(7461)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7461", }, { name: "SuSE-SA:2001:039", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2001_039_kernel2_txt.html", }, { name: "RHSA-2001:142", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2001-142.html", }, { name: "ESA-20011106-01", tags: [ "vendor-advisory", "x_refsource_ENGARDE", "x_transferred", ], url: "http://www.linuxsecurity.com/advisories/other_advisory-1683.html", }, { name: "CSSA-2001-38.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred", ], url: "http://www.caldera.com/support/security/advisories/CSSA-2001-038.0.txt", }, { name: "CLA-2001:432", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000432", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2001-11-02T00:00:00", descriptions: [ { lang: "en", value: "Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2002-02-26T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "MDKSA-2001:082", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3", }, { name: "linux-syncookie-bypass-filter(7461)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7461", }, { name: "SuSE-SA:2001:039", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2001_039_kernel2_txt.html", }, { name: "RHSA-2001:142", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2001-142.html", }, { name: "ESA-20011106-01", tags: [ "vendor-advisory", "x_refsource_ENGARDE", ], url: "http://www.linuxsecurity.com/advisories/other_advisory-1683.html", }, { name: "CSSA-2001-38.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", ], url: "http://www.caldera.com/support/security/advisories/CSSA-2001-038.0.txt", }, { name: "CLA-2001:432", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000432", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2001-0851", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MDKSA-2001:082", refsource: "MANDRAKE", url: "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3", }, { name: "linux-syncookie-bypass-filter(7461)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7461", }, { name: "SuSE-SA:2001:039", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2001_039_kernel2_txt.html", }, { name: "RHSA-2001:142", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2001-142.html", }, { name: "ESA-20011106-01", refsource: "ENGARDE", url: "http://www.linuxsecurity.com/advisories/other_advisory-1683.html", }, { name: "CSSA-2001-38.0", refsource: "CALDERA", url: "http://www.caldera.com/support/security/advisories/CSSA-2001-038.0.txt", }, { name: "CLA-2001:432", refsource: "CONECTIVA", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000432", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2001-0851", datePublished: "2002-03-09T05:00:00", dateReserved: "2001-11-22T00:00:00", dateUpdated: "2024-08-08T04:37:06.400Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2003-0658
Vulnerability from cvelistv5
Published
2003-09-03 04:00
Modified
2024-08-08 01:58
Severity ?
EPSS score ?
Summary
Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2003-0658 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T01:58:11.118Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2003-0658", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2003-08-26T00:00:00", descriptions: [ { lang: "en", value: "Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-17T08:23:15", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2003-0658", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2003-0658", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2003-0658", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2003-0658", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2003-0658", datePublished: "2003-09-03T04:00:00", dateReserved: "2003-08-06T00:00:00", dateUpdated: "2024-08-08T01:58:11.118Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-0512
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:49
Severity ?
EPSS score ?
Summary
startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/8737.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/4400 | vdb-entry, x_refsource_BID | |
| http://www.calderasystems.com/support/security/advisories/CSSA-2002-005.0.txt | vendor-advisory, x_refsource_CALDERA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T02:49:28.632Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "kde-startkde-search-directory(8737)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://www.iss.net/security_center/static/8737.php", }, { name: "4400", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/4400", }, { name: "CSSA-2002-005.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred", ], url: "http://www.calderasystems.com/support/security/advisories/CSSA-2002-005.0.txt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2002-03-29T00:00:00", descriptions: [ { lang: "en", value: "startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2002-08-17T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "kde-startkde-search-directory(8737)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://www.iss.net/security_center/static/8737.php", }, { name: "4400", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/4400", }, { name: "CSSA-2002-005.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", ], url: "http://www.calderasystems.com/support/security/advisories/CSSA-2002-005.0.txt", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-0512", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "kde-startkde-search-directory(8737)", refsource: "XF", url: "http://www.iss.net/security_center/static/8737.php", }, { name: "4400", refsource: "BID", url: "http://www.securityfocus.com/bid/4400", }, { name: "CSSA-2002-005.0", refsource: "CALDERA", url: "http://www.calderasystems.com/support/security/advisories/CSSA-2002-005.0.txt", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-0512", datePublished: "2003-04-02T05:00:00", dateReserved: "2002-06-07T00:00:00", dateUpdated: "2024-08-08T02:49:28.632Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-0004
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 02:35
Severity ?
EPSS score ?
Summary
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7909 | vdb-entry, x_refsource_XF | |
| http://online.securityfocus.com/advisories/3969 | vendor-advisory, x_refsource_HP | |
| http://www.debian.org/security/2002/dsa-102 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.redhat.com/support/errata/RHSA-2002-015.html | vendor-advisory, x_refsource_REDHAT | |
| http://online.securityfocus.com/advisories/3833 | vendor-advisory, x_refsource_HP | |
| http://marc.info/?l=bugtraq&m=101128661602088&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/3886 | vdb-entry, x_refsource_BID | |
| http://www.novell.com/linux/security/advisories/2002_003_at_txt.html | vendor-advisory, x_refsource_SUSE | |
| http://marc.info/?l=bugtraq&m=101147632721031&w=2 | vendor-advisory, x_refsource_MANDRAKE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T02:35:17.414Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "linux-at-exetime-heap-corruption(7909)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7909", }, { name: "HPSBTL0302-034", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://online.securityfocus.com/advisories/3969", }, { name: "DSA-102", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2002/dsa-102", }, { name: "RHSA-2002:015", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2002-015.html", }, { name: "HPSBTL0201-021", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://online.securityfocus.com/advisories/3833", }, { name: "20020117 '/usr/bin/at 31337 + vuln' problem + exploit", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=101128661602088&w=2", }, { name: "3886", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/3886", }, { name: "SuSE-SA:2002:003", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2002_003_at_txt.html", }, { name: "MDKSA-2002:007", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=101147632721031&w=2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2002-01-17T00:00:00", descriptions: [ { lang: "en", value: "Heap corruption vulnerability in the \"at\" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2002-06-16T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "linux-at-exetime-heap-corruption(7909)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7909", }, { name: "HPSBTL0302-034", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://online.securityfocus.com/advisories/3969", }, { name: "DSA-102", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2002/dsa-102", }, { name: "RHSA-2002:015", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2002-015.html", }, { name: "HPSBTL0201-021", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://online.securityfocus.com/advisories/3833", }, { name: "20020117 '/usr/bin/at 31337 + vuln' problem + exploit", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=101128661602088&w=2", }, { name: "3886", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/3886", }, { name: "SuSE-SA:2002:003", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2002_003_at_txt.html", }, { name: "MDKSA-2002:007", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://marc.info/?l=bugtraq&m=101147632721031&w=2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-0004", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heap corruption vulnerability in the \"at\" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "linux-at-exetime-heap-corruption(7909)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7909", }, { name: "HPSBTL0302-034", refsource: "HP", url: "http://online.securityfocus.com/advisories/3969", }, { name: "DSA-102", refsource: "DEBIAN", url: "http://www.debian.org/security/2002/dsa-102", }, { name: "RHSA-2002:015", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2002-015.html", }, { name: "HPSBTL0201-021", refsource: "HP", url: "http://online.securityfocus.com/advisories/3833", }, { name: "20020117 '/usr/bin/at 31337 + vuln' problem + exploit", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=101128661602088&w=2", }, { name: "3886", refsource: "BID", url: "http://www.securityfocus.com/bid/3886", }, { name: "SuSE-SA:2002:003", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2002_003_at_txt.html", }, { name: "MDKSA-2002:007", refsource: "MANDRAKE", url: "http://marc.info/?l=bugtraq&m=101147632721031&w=2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-0004", datePublished: "2002-06-25T04:00:00", dateReserved: "2002-01-02T00:00:00", dateUpdated: "2024-08-08T02:35:17.414Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-0164
Vulnerability from cvelistv5
Published
2002-04-05 05:00
Modified
2024-08-08 02:42
Severity ?
EPSS score ?
Summary
Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T02:42:27.955Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "CLSA-2002:529", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000529", }, { name: "228529", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-228529-1", }, { name: "20021001-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", "x_transferred", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20021001-01-P", }, { name: "20021024 GLSA: xfree", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=103547625009363&w=2", }, { name: "xfree86-mitshm-memory-access(8706)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/8706", }, { name: "4396", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/4396", }, { name: "DSA-380", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2003/dsa-380", }, { name: "CSSA-2002-SCO.14", tags: [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred", ], url: "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.14/CSSA-2002-SCO.14.txt", }, { name: "RHSA-2003:067", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2003-067.html", }, { name: "CSSA-2002-009.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred", ], url: "http://www.linuxsecurity.com/advisories/caldera_advisory-2006.html", }, { name: "1017429", tags: [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1017429.1-1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2002-03-29T00:00:00", descriptions: [ { lang: "en", value: "Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "CLSA-2002:529", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000529", }, { name: "228529", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-228529-1", }, { name: "20021001-01-P", tags: [ "vendor-advisory", "x_refsource_SGI", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20021001-01-P", }, { name: "20021024 GLSA: xfree", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=103547625009363&w=2", }, { name: "xfree86-mitshm-memory-access(8706)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/8706", }, { name: "4396", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/4396", }, { name: "DSA-380", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2003/dsa-380", }, { name: "CSSA-2002-SCO.14", tags: [ "vendor-advisory", "x_refsource_CALDERA", ], url: "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.14/CSSA-2002-SCO.14.txt", }, { name: "RHSA-2003:067", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2003-067.html", }, { name: "CSSA-2002-009.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", ], url: "http://www.linuxsecurity.com/advisories/caldera_advisory-2006.html", }, { name: "1017429", tags: [ "vendor-advisory", "x_refsource_SUNALERT", ], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1017429.1-1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-0164", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "CLSA-2002:529", refsource: "CONECTIVA", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000529", }, { name: "228529", refsource: "SUNALERT", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-228529-1", }, { name: "20021001-01-P", refsource: "SGI", url: "ftp://patches.sgi.com/support/free/security/advisories/20021001-01-P", }, { name: "20021024 GLSA: xfree", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=103547625009363&w=2", }, { name: "xfree86-mitshm-memory-access(8706)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/8706", }, { name: "4396", refsource: "BID", url: "http://www.securityfocus.com/bid/4396", }, { name: "DSA-380", refsource: "DEBIAN", url: "http://www.debian.org/security/2003/dsa-380", }, { name: "CSSA-2002-SCO.14", refsource: "CALDERA", url: "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.14/CSSA-2002-SCO.14.txt", }, { name: "RHSA-2003:067", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2003-067.html", }, { name: "CSSA-2002-009.0", refsource: "CALDERA", url: "http://www.linuxsecurity.com/advisories/caldera_advisory-2006.html", }, { name: "1017429", refsource: "SUNALERT", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1017429.1-1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-0164", datePublished: "2002-04-05T05:00:00", dateReserved: "2002-04-02T00:00:00", dateUpdated: "2024-08-08T02:42:27.955Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-0835
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:03
Severity ?
EPSS score ?
Summary
Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/5596 | vdb-entry, x_refsource_BID | |
| ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt | vendor-advisory, x_refsource_CALDERA | |
| http://www.iss.net/security_center/static/10003.php | vdb-entry, x_refsource_XF | |
| http://online.securityfocus.com/advisories/4449 | vendor-advisory, x_refsource_HP | |
| http://www.redhat.com/support/errata/RHSA-2002-162.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.redhat.com/support/errata/RHSA-2002-165.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T03:03:49.217Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "5596", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/5596", }, { name: "CSSA-2002-044.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred", ], url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt", }, { name: "pxe-dhcp-dos(10003)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://www.iss.net/security_center/static/10003.php", }, { name: "HPSBTL0209-066", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://online.securityfocus.com/advisories/4449", }, { name: "RHSA-2002:162", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2002-162.html", }, { name: "RHSA-2002:165", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2002-165.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2002-08-30T00:00:00", descriptions: [ { lang: "en", value: "Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2002-11-14T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "5596", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/5596", }, { name: "CSSA-2002-044.0", tags: [ "vendor-advisory", "x_refsource_CALDERA", ], url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt", }, { name: "pxe-dhcp-dos(10003)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://www.iss.net/security_center/static/10003.php", }, { name: "HPSBTL0209-066", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://online.securityfocus.com/advisories/4449", }, { name: "RHSA-2002:162", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2002-162.html", }, { name: "RHSA-2002:165", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2002-165.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-0835", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "5596", refsource: "BID", url: "http://www.securityfocus.com/bid/5596", }, { name: "CSSA-2002-044.0", refsource: "CALDERA", url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt", }, { name: "pxe-dhcp-dos(10003)", refsource: "XF", url: "http://www.iss.net/security_center/static/10003.php", }, { name: "HPSBTL0209-066", refsource: "HP", url: "http://online.securityfocus.com/advisories/4449", }, { name: "RHSA-2002:162", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2002-162.html", }, { name: "RHSA-2002:165", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2002-165.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-0835", datePublished: "2004-09-01T04:00:00", dateReserved: "2002-08-08T00:00:00", dateUpdated: "2024-08-08T03:03:49.217Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2001-12-06 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| caldera | openlinux_server | 3.1 | |
| caldera | openlinux_workstation | 3.1 | |
| caldera | openlinux | 2.3 | |
| caldera | openlinux_edesktop | 2.4 | |
| caldera | openlinux_eserver | 2.3.1 | |
| linux | linux_kernel | 2.0 | |
| linux | linux_kernel | 2.2.0 | |
| linux | linux_kernel | 2.4.0 | |
| suse | suse_linux | 6.3 | |
| suse | suse_linux | 6.4 | |
| suse | suse_linux | 7.0 | |
| suse | suse_linux | 7.1 | |
| suse | suse_linux | 7.2 | |
| suse | suse_linux | 7.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:caldera:openlinux_server:3.1:*:*:*:*:*:*:*", matchCriteriaId: "0A218B67-B87B-4A5E-B9EF-EF39ADEAD9FC", vulnerable: true, }, { criteria: "cpe:2.3:a:caldera:openlinux_workstation:3.1:*:*:*:*:*:*:*", matchCriteriaId: "BB41DE44-C3A1-4CC9-ACA7-4EC171D68910", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:caldera:openlinux:2.3:*:*:*:*:*:*:*", matchCriteriaId: "23B38FCC-2C86-4E84-860B-EBAE0FA123B6", vulnerable: true, }, { criteria: "cpe:2.3:o:caldera:openlinux_edesktop:2.4:*:*:*:*:*:*:*", matchCriteriaId: "B211BCBF-CB17-4D32-B6FE-A34D86C4FBF9", vulnerable: true, }, { criteria: "cpe:2.3:o:caldera:openlinux_eserver:2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "D11E0075-50CD-4A16-9A89-56DEF5263BCF", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:2.0:*:*:*:*:*:*:*", matchCriteriaId: "96A6EE7E-C79C-4B25-AFF0-C6638CB3C99A", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "146F7A77-A950-4CAD-BDA9-C239696F569D", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "C24A129D-2E5E-436C-95DE-AE75D2E8D092", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:6.3:*:*:*:*:*:*:*", matchCriteriaId: "0AD0FF64-05DF-48C2-9BB5-FD993121FB2E", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:6.4:*:*:*:*:*:*:*", matchCriteriaId: "7786607A-362E-4817-A17E-C76D6A1F737D", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "C9E7D75A-333E-4C63-9593-F64ABA5D1CE3", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:7.1:*:*:*:*:*:*:*", matchCriteriaId: "819868A7-EB1E-4CA9-8D71-72F194E5EFEB", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:7.2:*:*:*:*:*:*:*", matchCriteriaId: "0519FF7D-363E-4530-9E63-6EA3E88432DC", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:7.3:*:*:*:*:*:*:*", matchCriteriaId: "FAE3FF4F-646F-4E05-A08A-C9399DEF60F1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.", }, ], id: "CVE-2001-0851", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2001-12-06T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000432", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.caldera.com/support/security/advisories/CSSA-2001-038.0.txt", }, { source: "cve@mitre.org", url: "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.linuxsecurity.com/advisories/other_advisory-1683.html", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/2001_039_kernel2_txt.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2001-142.html", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7461", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000432", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.caldera.com/support/security/advisories/CSSA-2001-038.0.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.linuxsecurity.com/advisories/other_advisory-1683.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2001_039_kernel2_txt.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2001-142.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7461", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-02-27 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:caldera:openlinux_server:3.1:*:*:*:*:*:*:*", matchCriteriaId: "0A218B67-B87B-4A5E-B9EF-EF39ADEAD9FC", vulnerable: true, }, { criteria: "cpe:2.3:a:caldera:openlinux_workstation:3.1:*:*:*:*:*:*:*", matchCriteriaId: "BB41DE44-C3A1-4CC9-ACA7-4EC171D68910", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:2.2:*:68k:*:*:*:*:*", matchCriteriaId: "E040A866-0D2C-40E1-B1FB-DB600B389E27", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:2.2:*:alpha:*:*:*:*:*", matchCriteriaId: "CE1C944A-E5F1-49DE-B069-2A358123B535", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:2.2:*:arm:*:*:*:*:*", matchCriteriaId: "D71083B4-1736-4501-8DE8-BC24AC1447AA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:2.2:*:ia-32:*:*:*:*:*", matchCriteriaId: "E9D468DB-C4AE-4ACB-B3B7-2FAEA90D6A49", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:2.2:*:powerpc:*:*:*:*:*", matchCriteriaId: "2A32E486-2598-41B3-B6DB-3CC46D239AFC", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:2.2:*:sparc:*:*:*:*:*", matchCriteriaId: "AAEE18D8-AA3B-47A3-AA7C-AAFF7591F391", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:*", matchCriteriaId: "3BE1E3D8-2BB1-4FFA-9BC9-7AF347D26190", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*", matchCriteriaId: "DF49BF03-C25E-4737-84D5-892895C86C58", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*", matchCriteriaId: "D2019E0E-426B-43AF-8904-1B811AE171E8", vulnerable: true, }, { criteria: "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*", matchCriteriaId: "55C5FC1A-1253-4390-A4FC-573BB14EA937", vulnerable: true, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "4371A667-18E1-4C54-B2E1-6F885F22F213", vulnerable: true, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*", matchCriteriaId: "5B28763D-8F4B-45E5-82FA-AB7E54C18EBF", vulnerable: true, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*", matchCriteriaId: "205EF72B-7334-4AE0-9CA6-D2E8E5910C8E", vulnerable: true, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*", matchCriteriaId: "613A22EC-D93C-48B0-B97C-3E0DDFBD0B62", vulnerable: true, }, { criteria: "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*", matchCriteriaId: "DBA2E3A3-EB9B-4B20-B754-EEC914FB1D47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*", matchCriteriaId: "344610A8-DB6D-4407-9304-916C419F648C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*", matchCriteriaId: "B7EC2B95-4715-4EC9-A10A-2542501F8A61", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*", matchCriteriaId: "64775BEF-2E53-43CA-8639-A7E54F6F4222", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*", matchCriteriaId: "FD6576E2-9F26-4857-9F28-F51899F1EF48", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.0:*:i386:*:*:*:*:*", matchCriteriaId: "4DC9842D-E23B-4B9F-A7BF-57C3BA3DE398", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.1:*:alpha:*:*:*:*:*", matchCriteriaId: "7F3FAAB3-7A8A-42E5-9DCE-E4A843CED1B9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.1:*:i386:*:*:*:*:*", matchCriteriaId: "C8783A6D-DFD8-45DD-BF03-570B1B012B44", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*", matchCriteriaId: "ED36543D-C21B-4B4B-A6AD-6E19B08B5DD7", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.2:*:alpha:*:*:*:*:*", matchCriteriaId: "6EAAC51F-9DC5-4026-8147-1B74975D6183", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.2:*:i386:*:*:*:*:*", matchCriteriaId: "6A1EF00A-52E9-4FD8-98FD-3998225D8655", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*", matchCriteriaId: "9D47D6FE-56A9-42CF-9A9B-AEE272C061F7", vulnerable: true, }, { criteria: "cpe:2.3:o:slackware:slackware_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "C2A9C005-4392-4C95-9B92-98EEC73EFE73", vulnerable: true, }, { criteria: "cpe:2.3:o:slackware:slackware_linux:7.1:*:*:*:*:*:*:*", matchCriteriaId: "F0297F56-5F41-48FD-AB47-36E3BD2AB7E7", vulnerable: true, }, { criteria: "cpe:2.3:o:slackware:slackware_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "78D76664-F4AC-470A-9686-3F708922A340", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:6.4:*:i386:*:*:*:*:*", matchCriteriaId: "8A206E1C-C2EC-4356-8777-B18D7069A4C3", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:6.4:*:ppc:*:*:*:*:*", matchCriteriaId: "6E2FE291-1142-4627-A497-C0BB0D934A0B", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:6.4:alpha:*:*:*:*:*:*", matchCriteriaId: "49BC7C7E-046C-4186-822E-9F3A2AD3577B", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:7.0:*:i386:*:*:*:*:*", matchCriteriaId: "2FE69F6F-6B17-4C87-ACA4-A2A1FB47206A", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:7.0:*:ppc:*:*:*:*:*", matchCriteriaId: "467A30EB-CB8F-4928-AC8F-F659084A9E2B", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:7.0:*:sparc:*:*:*:*:*", matchCriteriaId: "714C1439-AB8E-4A8B-A783-D60E9DDC38D4", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:7.0:alpha:*:*:*:*:*:*", matchCriteriaId: "62CAE5B0-4D46-4A93-A343-C8E9CB574C62", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:7.1:*:ppc:*:*:*:*:*", matchCriteriaId: "65CB09B5-0DE1-49AE-B87E-3C04EEA3E281", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:7.1:*:sparc:*:*:*:*:*", matchCriteriaId: "0944FD27-736E-4B55-8D96-9F2CA9BB9B05", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:7.1:*:x86:*:*:*:*:*", matchCriteriaId: "373BB5AC-1F38-4D0A-97DC-08E9654403EE", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:7.1:alpha:*:*:*:*:*:*", matchCriteriaId: "B5E71DA3-F4A0-46AF-92A2-E691C7A65528", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:7.2:*:i386:*:*:*:*:*", matchCriteriaId: "1975A2DD-EB22-4ED3-8719-F78AA7F414B2", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:7.3:*:i386:*:*:*:*:*", matchCriteriaId: "19F606EE-530F-4C06-82DB-52035EE03FA3", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:7.3:*:ppc:*:*:*:*:*", matchCriteriaId: "A0E896D5-0005-4E7E-895D-B202AFCE09A1", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux:7.3:*:sparc:*:*:*:*:*", matchCriteriaId: "5A8B313F-93C7-4558-9571-DE1111487E17", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap corruption vulnerability in the \"at\" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.", }, { lang: "es", value: "Corrupción de memoria en el comando \"at\" permite que usuarios locales ejecuten código arbitrario haciendo uso de un tiempo de ejecución mal escrito (lo que provoca que at libere la misma memoria dos veces).", }, ], id: "CVE-2002-0004", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-02-27T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=101128661602088&w=2", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=101147632721031&w=2", }, { source: "cve@mitre.org", url: "http://online.securityfocus.com/advisories/3833", }, { source: "cve@mitre.org", url: "http://online.securityfocus.com/advisories/3969", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.debian.org/security/2002/dsa-102", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/2002_003_at_txt.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2002-015.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/3886", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7909", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=101128661602088&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=101147632721031&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://online.securityfocus.com/advisories/3833", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://online.securityfocus.com/advisories/3969", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.debian.org/security/2002/dsa-102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2002_003_at_txt.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2002-015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/3886", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7909", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", lastModified: "2007-03-14T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| caldera | openlinux_server | 3.1.1 | |
| caldera | openlinux_workstation | 3.1.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:caldera:openlinux_server:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "59A82AD5-A42D-49FF-A9D4-A57C8433A5A1", vulnerable: true, }, { criteria: "cpe:2.3:a:caldera:openlinux_workstation:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C31B1A4A-96AD-4322-8AF3-733D66DBB50E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries.", }, { lang: "es", value: "starkde en KDE para Caldera OpenLinux 2.3 a 3.1.1 establece la variable de entorno LD_LIBRARY_PATH incluyendo el directorio actual de trabajo (.) lo que podría permitir a usuarios locales ganar privilegios de otros usuarios locales que ejecuten starkde mediante librerías que sean caballos de troya.", }, ], id: "CVE-2002-0512", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-08-12T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.calderasystems.com/support/security/advisories/CSSA-2002-005.0.txt", }, { source: "cve@mitre.org", url: "http://www.iss.net/security_center/static/8737.php", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/4400", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.calderasystems.com/support/security/advisories/CSSA-2002-005.0.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.iss.net/security_center/static/8737.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/4400", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2001-07-18 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| caldera | openlinux_server | 3.1 | |
| immunix | immunix | 6.2 | |
| immunix | immunix | 7.0 | |
| immunix | immunix | 7.0_beta | |
| mandrakesoft | mandrake_single_network_firewall | 7.2 | |
| squid | squid_web_proxy | 2.3stable3 | |
| squid | squid_web_proxy | 2.3stable4 | |
| mandrakesoft | mandrake_linux | 7.1 | |
| mandrakesoft | mandrake_linux | 7.2 | |
| mandrakesoft | mandrake_linux | 8.0 | |
| mandrakesoft | mandrake_linux_corporate_server | 1.0.1 | |
| redhat | linux | 7.0 | |
| trustix | secure_linux | 1.1 | |
| trustix | secure_linux | 1.01 | |
| trustix | secure_linux | 1.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:caldera:openlinux_server:3.1:*:*:*:*:*:*:*", matchCriteriaId: "0A218B67-B87B-4A5E-B9EF-EF39ADEAD9FC", vulnerable: true, }, { criteria: "cpe:2.3:a:immunix:immunix:6.2:*:*:*:*:*:*:*", matchCriteriaId: "DB0F79BE-8EBF-44D8-83A1-9331669BED54", vulnerable: true, }, { criteria: "cpe:2.3:a:immunix:immunix:7.0:*:*:*:*:*:*:*", matchCriteriaId: "660CA978-FDA1-4D48-8162-9CB9243A1B7E", vulnerable: true, }, { criteria: "cpe:2.3:a:immunix:immunix:7.0_beta:*:*:*:*:*:*:*", matchCriteriaId: "1A2889C6-8DE0-4432-812A-F2A5C4A08897", vulnerable: true, }, { criteria: "cpe:2.3:a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*", matchCriteriaId: "7A188467-3856-4599-A2CD-BD2655974B63", vulnerable: true, }, { criteria: "cpe:2.3:a:squid:squid_web_proxy:2.3stable3:*:*:*:*:*:*:*", matchCriteriaId: "1D5299EE-5CA6-4A9E-9543-BDB0ADF9ED68", vulnerable: true, }, { criteria: "cpe:2.3:a:squid:squid_web_proxy:2.3stable4:*:*:*:*:*:*:*", matchCriteriaId: "69466E6B-CD99-4A6F-87EE-1CC430573509", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*", matchCriteriaId: "3EC1FF5D-5EAB-44D5-B281-770547C70D68", vulnerable: true, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*", matchCriteriaId: "0A8FBD5A-2FD0-43CD-AC4B-1D6984D336FE", vulnerable: true, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "4371A667-18E1-4C54-B2E1-6F885F22F213", vulnerable: true, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "97E09AD9-F057-4264-88BB-A8A18C1B1246", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "29B186E5-7C2F-466E-AA4A-8F2B618F8A14", vulnerable: true, }, { criteria: "cpe:2.3:o:trustix:secure_linux:1.1:*:*:*:*:*:*:*", matchCriteriaId: "9D0DFB12-B43F-4207-A900-464A97F5124D", vulnerable: true, }, { criteria: "cpe:2.3:o:trustix:secure_linux:1.01:*:*:*:*:*:*:*", matchCriteriaId: "9406727E-365C-466F-8406-82B393537559", vulnerable: true, }, { criteria: "cpe:2.3:o:trustix:secure_linux:1.2:*:*:*:*:*:*:*", matchCriteriaId: "13EBB2F7-712E-4CB1-B4B4-5F0851F3D37E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.", }, ], id: "CVE-2001-1030", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2001-07-18T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01", }, { source: "cve@mitre.org", url: "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt", }, { source: "cve@mitre.org", url: "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2001-097.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/archive/1/197727", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2001-097.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/archive/1/197727", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2001-07-17 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| caldera | openlinux_server | 3.1 | |
| caldera | openlinux_workstation | 3.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:caldera:openlinux_server:3.1:*:*:*:*:*:*:*", matchCriteriaId: "0A218B67-B87B-4A5E-B9EF-EF39ADEAD9FC", vulnerable: true, }, { criteria: "cpe:2.3:a:caldera:openlinux_workstation:3.1:*:*:*:*:*:*:*", matchCriteriaId: "BB41DE44-C3A1-4CC9-ACA7-4EC171D68910", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page.", }, ], id: "CVE-2001-0980", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2001-07-17T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.calderasystems.com/support/security/advisories/CSSA-2001-026.0.txt", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/3052", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/6854", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.calderasystems.com/support/security/advisories/CSSA-2001-026.0.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/3052", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/6854", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-03-15 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| caldera | openlinux_server | 3.1 | |
| caldera | openlinux_server | 3.1.1 | |
| caldera | openlinux_workstation | 3.1 | |
| caldera | openlinux_workstation | 3.1.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:caldera:openlinux_server:3.1:*:*:*:*:*:*:*", matchCriteriaId: "0A218B67-B87B-4A5E-B9EF-EF39ADEAD9FC", vulnerable: true, }, { criteria: "cpe:2.3:a:caldera:openlinux_server:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "59A82AD5-A42D-49FF-A9D4-A57C8433A5A1", vulnerable: true, }, { criteria: "cpe:2.3:a:caldera:openlinux_workstation:3.1:*:*:*:*:*:*:*", matchCriteriaId: "BB41DE44-C3A1-4CC9-ACA7-4EC171D68910", vulnerable: true, }, { criteria: "cpe:2.3:a:caldera:openlinux_workstation:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C31B1A4A-96AD-4322-8AF3-733D66DBB50E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges.", }, { lang: "es", value: "Vulnerabilidad en la extensión MIT-SHM del servidor X en Linux permite a usuarios locales leer y escribir arbitrariamente memoria compartida, y posiblemente causar una denegación de servicio o ganar privilegios.", }, ], id: "CVE-2002-0164", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-03-15T05:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://patches.sgi.com/support/free/security/advisories/20021001-01-P", }, { source: "cve@mitre.org", url: "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.14/CSSA-2002-SCO.14.txt", }, { source: "cve@mitre.org", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000529", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=103547625009363&w=2", }, { source: "cve@mitre.org", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-228529-1", }, { source: "cve@mitre.org", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1017429.1-1", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2003/dsa-380", }, { source: "cve@mitre.org", url: "http://www.linuxsecurity.com/advisories/caldera_advisory-2006.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2003-067.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/4396", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/8706", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://patches.sgi.com/support/free/security/advisories/20021001-01-P", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.14/CSSA-2002-SCO.14.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000529", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=103547625009363&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-228529-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1017429.1-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2003/dsa-380", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.linuxsecurity.com/advisories/caldera_advisory-2006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2003-067.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/4396", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/8706", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| caldera | openlinux_server | 3.1 | |
| caldera | openlinux_server | 3.1.1 | |
| caldera | openlinux_workstation | 3.1 | |
| caldera | openlinux_workstation | 3.1.1 | |
| redhat | pre-execution_environment | 0.1 | |
| hp | secure_os | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:caldera:openlinux_server:3.1:*:*:*:*:*:*:*", matchCriteriaId: "0A218B67-B87B-4A5E-B9EF-EF39ADEAD9FC", vulnerable: true, }, { criteria: "cpe:2.3:a:caldera:openlinux_server:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "59A82AD5-A42D-49FF-A9D4-A57C8433A5A1", vulnerable: true, }, { criteria: "cpe:2.3:a:caldera:openlinux_workstation:3.1:*:*:*:*:*:*:*", matchCriteriaId: "BB41DE44-C3A1-4CC9-ACA7-4EC171D68910", vulnerable: true, }, { criteria: "cpe:2.3:a:caldera:openlinux_workstation:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C31B1A4A-96AD-4322-8AF3-733D66DBB50E", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:pre-execution_environment:0.1:*:*:*:*:*:*:*", matchCriteriaId: "B2522945-D94F-4F8D-8705-87D15AE3B41D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:secure_os:1.0:*:linux:*:*:*:*:*", matchCriteriaId: "B345284D-6842-47C0-B823-B5DDC30CC8A6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.", }, { lang: "es", value: "El servidor Preboot eXecution Environment (PXE) permite a atacantes remotos causar una denegación de servicio (caída) mediante ciertos paquetes DHCP (Dinamic Host Configuraion Protocol) de teléfonos Voz-sobre-IP (VOIP).", }, ], id: "CVE-2002-0835", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-10-04T04:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt", }, { source: "cve@mitre.org", url: "http://online.securityfocus.com/advisories/4449", }, { source: "cve@mitre.org", url: "http://www.iss.net/security_center/static/10003.php", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2002-162.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2002-165.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/5596", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://online.securityfocus.com/advisories/4449", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.iss.net/security_center/static/10003.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2002-162.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2002-165.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/5596", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2003-10-20 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| caldera | openlinux_server | 3.1.1 | |
| caldera | openlinux_workstation | 3.1.1 | |
| caldera | openserver | 5.0.7 | |
| sco | unixware | 7.1.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:caldera:openlinux_server:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "59A82AD5-A42D-49FF-A9D4-A57C8433A5A1", vulnerable: true, }, { criteria: "cpe:2.3:a:caldera:openlinux_workstation:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C31B1A4A-96AD-4322-8AF3-733D66DBB50E", vulnerable: true, }, { criteria: "cpe:2.3:a:caldera:openserver:5.0.7:*:*:*:*:*:*:*", matchCriteriaId: "A9DF541B-46A7-4C9C-93F5-A6872E27259D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sco:unixware:7.1.3:*:*:*:*:*:*:*", matchCriteriaId: "67E12F60-B4AF-4EF1-A4AA-5E9F0B8B0690", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.", }, ], id: "CVE-2003-0658", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2003-10-20T04:00:00.000", references: [ { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2003-0658", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2003-0658", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }