Bsdi » Bsd Os » 2.1 : Security Vulnerabilities, CVEs,

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly.

Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file.

Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable.

Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.

Local users can start Sendmail in daemon mode and gain root privileges.

Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.

MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.

Buffer overflow of rlogin program using TERM environmental variable.

Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.

Buffer overflow in University of Washington's implementation of IMAP and POP servers.

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

Buffer overflow in xlock program allows local users to execute commands as root.

Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.

Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.

DNS cache poisoning via BIND, by predictable query IDs.

Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.