Trustix: Security Vulnerabilities
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.
CVSS Score
1.2
EPSS Score
0.001
Published
2001-03-12
Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.
CVSS Score
10.0
EPSS Score
0.835
Published
2000-12-19
dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
CVSS Score
7.2
EPSS Score
0.001
Published
2000-12-11
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
CVSS Score
10.0
EPSS Score
0.009
Published
2000-11-14
Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.
CVSS Score
7.2
EPSS Score
0.001
Published
2000-11-14
Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
CVSS Score
4.6
EPSS Score
0.0
Published
2000-10-20
rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.
CVSS Score
10.0
EPSS Score
0.346
Published
2000-07-16
Page 7