[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Cluster 06: VEN-others



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



- -----Original Message-----
From: Steven M. Christey [mailto:coley@linus.mitre.org]
Sent: Thursday, June 17, 1999 2:11 PM
To: cve-review@linus.mitre.org
Subject: Cluster 06: VEN-others



This cluster has 2 vulnerabilities.

- ------------------------------------------
Candidate: CAN-1999-0358
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: BUGTRAQ:Jan29,1999
Reference: COMPAQ:SSRT0583U

Digital Unix 4.0 has a buffer overflow in the inc program of the mh
package.

Modify:  Ref'd SSRT has an 'at' vulnerable as well supposedly fixed by
the patch.  Shouldn't this be included as a seperate CVE in this
cluster. ref:BugTraq "Digital Unix Buffer Overflows: Exploits" from
Lamont Granquist for both as well.

- ------------------------------------------
Candidate: CAN-1999-0433
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: SUSE:Mar28,1999
Reference: BUGTRAQ:Mar21,1999

XFree86 startx command is vulnerable to a symlink attack, allowing
local
users to create files in restricted directories, possibly allowing
them to gain privileges or cause a denial of service.

Accept

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2

iQA/AwUBN3qQ3RIUaHPadf5hEQKsIwCghsEhK1K5DADqO/8j4ioyDiO+mGgAoIpD
1CHkMIMD9JCdpP69rSmrLSVF
=EBBr
-----END PGP SIGNATURE-----

 
Page Last Updated: May 22, 2007