The tool "bull_check" at the URL http://www-frec.bull.com/docs/download.htm#y2k has been updated to check if any of these updates need to be installed on your AIX-4 system. ---------- Forwarded message ---------- Date: Thu, 19 Aug 1999 12:39:07 -0500 From: AIX Service Mail Server <aixservat_private> To: Ciaran.Deignanat_private Subject: Security_APARs This is a list of security related APARs for current releases of AIX. To facilitate ease of ordering all security related APARs for each release can be ordered using the following packaging APARs. AIX 4.3: IY03152 (updated 08/99) AIX 4.2: IY03151 (updated 08/99) AIX 4.1: IY03150 (updated 08/99) APARs can be ordered using FixDist. For additional information on FixDist send e-mail with a subject of "FixDist" to aixservat_private, or refer to the following URL: http://service.software.ibm.com/rs6k/fixes.html =========================================================================== AIX 4.3 APARs IX72045 CDE LOGIN GIVES INVALID USER NAME MESSAGE BEFORE PW ENTERED IX72553 SECURITY: VULNERABILITY IN I/O SIGNAL HANDLING IX73077 SECURITY: FTP BOUNCE VULNERABILITY IX73214 SECURITY: TELNET DENIAL OF SERVICE ATTACK IX73438 SECURITY: VULNERABILITY IN DTAPPGATHER IX73586 SECURITY HOLE IN FTP, TFTP, UTFTP IX73836 /ETC/HOSTS.EQUIV IS ALLOWING WRONG USERS TO LOG IN IX73951 SECURITY: ROUTED SHOULD IGNORE TRACE PACKETS IX73961 PCNFSD DAEMON UPDATES WTMP FILE INCORRECTLY IX74296 PROGRAMS USING LEX GENERATED SOURCE COREDUMP IX74599 SECURITY: VULNERABILITY IN DIGEST IX74793 SECURITY HOLE IN TN3270 IX74802 CSH CORE DUMPS WHEN ENV VARIABLE IS LONGER THAN 2K IX75275 SECURITY: LOGSYMPTOM FOLLOWS SYMLINKS IX75554 SECURITY: TIMEX CREATES INSECURE TEMPORARY FILES IX75564 ETHERNET DRIVER PASSES PACKETS TOO SMALL CAUSING CRASH IX75761 BAD FILE HANDLE CAN CRASH LOCK DAEMON IX75840 SECURITY: DEAD.LETTER CREATED WITH GROUP PRINTQ IX75864 SECURITY: /BIN/MAN CREATES INSECURE TEMPORARY FILES IX76039 SECURITY: DPID2 CORE DUMPS IN WORLD WRITABLE DIRECTORY IX76040 SECURITY: SNMPD LOG FILE FOLLOWS SYMLINKS IX76049 SECURITY: CDE TRASHINFO FILE CREATED WORLD-WRITABLE IX76960 BIND: CERT ADVISORY CA-98.05 IX76962 BIND: CERT ADVISORY CA-98.05 IX77338 SECURITY: SORT CREATES INSECURE TEMPORARY FILES IX77508 CDE MAILER (DTMAIL) ALLOWS A USER TO READ A MAILBOX WHICH THE IX77592 SECURITY: PORTMAP CREATES INSECURE TEMPORARY FILES IX78071 IFCONFIG.AT HAVE A WRONG FILE PERMISSIONS IX78202 SECURITY: BUFFER OVERFLOWS IN XTERM AND AIXTERM. IX78248 SECURITY: VULNERABILITY IN GROUP SHUTDOWN IX78349 SECURITY: BAD PERMISSIONS ON /ETC/SECURITY/LOGIN.CFG IX78564 SECURITY:LONG FONTNAMES CAN OVERFLOW BUFFERS IN FONTSERVER IX78612 SECURITY: BUFFER OVERFLOWS IN XAW AND XMU. IX78646 SECURITY: RC.NET.SERIAL CREATES INSECURE TEMPORARY FILES IX78719 NFS V2 DOES NOT HANDLE 65535 AS A UID IX78732 SECURITY: FILES IN /VAR/DT ARE CREATED INSECURELY BY CDE LOGIN IX79136 SECURITY: INSECURE TEMPORARY FILES IN DIAGSUP SCRIPTS IX79139 SECURITY: ACLPUT/ACLEDIT CREATE INSECURE TEMPORARY FILES IX79679 "RCP SECURITY PROBLEM" IX79681 SECURITY: INSECURE TEMPORARY FILES IN CMDMISC SCRIPTS IX79682 SECURITY: INSECURE TEMPORARY FILES IN CMDSCCS SCRIPTS IX79683 SECURITY: INSECURE TEMPORARY FILES IN CMDTZ SCRIPTS IX79700 SECURITY: INSECURE TEMPORARY FILES IN CMDNLS SCRIPTS IX79701 SECURITY: INSECURE TEMPORARY FILES IN CMDTEXT SCRIPTS IX79857 SECURITY HOLE IX79909 NSLOOKUP CORE DUMPS WITH LONG STRINGS IX79979 SECURITY: VULNERABILITY IN GROUP SHUTDOWN IX80036 SECURITY: CRON CREATES INSECURE LOCK FILE IX80387 SECURITY: INSECURE CREATION OF LPD LOCK FILE IX80391 SECURITY: INSECURE TEMPORARY FILES IN CMDSNAP SCRIPTS IX80470 SECURITY: PTRACE() PROBLEM WITH SET-GID PROGRAMS IX80510 SECURITY: DON'T INHERIT CLOSED STDIN,STDOUT,STDERR DESCRIPTORS IX80543 SECURITY:LIBNSL BUFFER OVERRUNS IX80548 SECURITY: RAS SCRIPTS SHOULDN'T FOLLOW SYMLINKS IX80549 SECURITY: /BIN/MORE CREATES INSECURE TEMPORARY FILES IX80762 SECURITY: /BIN/VI CREATES INSECURE TEMPORARY FILES IX80792 SECURITY: BUFFER OVERFLOWS IN IMAPD IX81058 SECURITY: INSECURE TEMPORARY FILES IN CMDBSYS SCRIPTS IX81077 SECURITY: TTYLOCK() ALLOWS CREATION OF WORLD-READABLE FILES IX81078 SECURITY: INSECURE TEMPORARY FILES IN CMDFILES SCRIPTS IX81442 SECURITY: VULNERABILITY IN RPC.TTDBSERVERD IX81507 SECURITY: MORE VULNERABILITIES IN PCNFSD IX81999 POST COMMAND SHOULD NOT BE SUID IX82002 FORCE REXECD USER PRIVILEDGES IX83542 RESERVED IX83752 SECURITY: VULNERABILITY IN AUTOFS IX84493 SECURITY: VULNERABILITY IN SETGID EXECUTABLES IX84642 SECURITY: VULNERABILITY IN INFOEXPLORER DAEMON (INFOD) IX85233 SECURITY : MAILBOX GETS CORRUPTED IX85556 SECURITY: BUFFER OVERFLOW IN FTP CLIENT IX85600 BOOTP: CERT ADVISORY IX86845 SVCAUTH_UNIX CRASH ON NEGATIVE NUMBER IX87016 REMBAK FAILS WHEN INVOKED WITH VERY LONG USERNAME/HOSTNAME IX87727 STOP UNCOMMENTING RPC DAEMONS IN /ETC/INETD.CONF AFTER NFS IX88021 ADD FINGER TIMEOUT IX88263 SECURITY: SNAP MAY LEAK SENSITIVE INFORMATION IX88633 SECURITY: INSECURE TEMPORARY FILES IN /SBIN/RC.BOOT IX89415 SECURITY: XAUTH IS BROKEN IN 4.3.X IX89419 SECURITY: BUFFER OVERFLOW IN DTSPCD IX89687 SECURITY: NFS SCRIPTS CREATE INSECURE TEMPORARY FILES IY00892 INSECURE TEMPORARY FILES IN BOS.PERF PACKAGING SCRIPT IY01439 SECURITY: INSECURE TEMPORARY FILES IN /ETC/RC.POWERFAIL IY02120 SECURITY: BUFFER OVERFLOW IN NSLOOKUP IY02397 SECURITY: NON-ROOT USERS CAN USE PTRACE TO CRASH THE SYSTEM =========================================================================== AIX 4.2 APARs IX59743 RDIST HAS A SECURITY HOLE. IX60069 /VAR/DT SECURITY PROBLEM IX60892 BUFFER OVERFLOW CAUSES CORE DUMP IN TZSET() IX61125 POSSIBLE BUFFER OVERFLOW BUG IN /USR/BIN/AT IX61127 SECURITY: POSSIBLE BUFFER OVERFLOW IN RWHOD IX61199 NETWORK INTERFACES PADDING TO MINIMUM LENGTH LEAVE OLD DATA IN IX61304 CERTS VU#12851:SENDMAIL GIVES LOCAL USER ACCESS TO DEFAULT USER IX61305 CERTS#12002:SENDMAIL LETS USER BECOME ROOT WITH CHFN COMMAND IX61858 LARGE ICMP PACKETS CAN CRASH MACHINE IX62144 BUFFER OVERFLOW IN GETHOSTBYNAME() IX62428 CERT: SYN FLOOD DENIAL-OF-SERVICE ATTACKS IX63068 CERT: SENDMAIL SIGHUP VULNERABILITY IX64204 SECURITY: LQUERYPV ALLOWS NON-ROOT USER TO READ ANY FILE IX64443 CERTS:VU#3075 SENDMAIL VULNERABILITY IX65281 SECURITY: HOSTS.EQUIV SHOULD BE IGNORED IF WORLD-WRITABLE IX65473 CERT: BUFFER OVERFLOW IN TALKD IX65538 CERT: FTPD RACE CONDITION IN SIGNAL HANDLING IX65685 SECURITY: BUFFER OVERFLOW IN /USR/SBIN/LOGIN IX66068 /USR/SBIN/MOUNT CREATES ROOT-OWNED CORE IX66232 CORE DUMP FOR ILLEGAL LENGTH STRING IN SOME LVM COMMANDS IX66344 SECURITY: LIBPATH USED FOR SETGID EXECUTABLES IX66352 SECURITY: BUFFER OVERFLOWS IN LIBXT.A IX66405 /TMP/XLOGFILE HAS WRONG PERMISSION. IX66461 BUFFER OVERFLOW IN LIBXT.A IX66819 RECONNECTING A TCP SOCKET CAN CRASH THE SYSTEM IX66824 SECURITY: BUFFER OVERFLOWS IN LIBX11.A IX66950 SECURITY: BUFFER OVERFLOW IN /USR/LIB/ERRDEMON IX67318 CERT: POSSIBLE BUFFER OVERFLOW IN FINGER DAEMON IX67325 /TMP/LAST_UUID PERMISSIONS AND MISSING SYMBOLS IX67377 CERT: BUFFER OVERFLOW IN NLS ENVIRONMENT VARIABLES IX68087 SECURITY: VULNERABILITY IN RPC.PCNFSD IX68191 SECURITY: BUFFER OVERFLOWS IN XLOCK IX68250 BUFFER OVERFLOWS IN /USR/SBIN/MOUNT IX68707 SECURITY: X11 RESOURCE MANAGER BUFFER OVERFLOW. IX68769 CERT : CMSD SECURITY PROBLEM IX68801 SECURITY: POSSIBLE BUFFER OVERFLOW IN GECOS HANDLING IX69106 BUFFER OVERFLOW IN DTTERM. IX69113 BUFFER OVERFLOW IN XTERM. IX69169 SECURITY: BUFFER OVERFLOW IN WRITESRV DAEMON IX69171 SECURITY: BUFFER OVERFLOW IN /BIN/RCP IX69180 SECURITY: BUFFER OVERFLOW IN DTACTION IX69704 SECURITY: BUFFER OVERFLOW IN AIXTERM IX69714 CERT: VULNERABILITY IN YPPROC_XFR RPC IX70035 LARGE MMAP REGION CAN RUN OUT OF PAGING SPACE AND HANG IX70233 SECURITY: /USR/BIN/VACATION VULNERABILITY IX70237 SECURITY: CACHE POISONING IX70239 SECURITY: DISALLOW SENDMAIL -C FOR USERS IN GROUP SYSTEM IX70263 CERT CA-97.09: VULNERABILITY IN IMAP/POP IX70389 /ETC/HOSTS.EQUIV IS ALLOWING WRONG USERS TO LOGIN IX70396 SECURITY: COPYCORE CREATES WORLD-READABLE DUMPS IX70397 SECURITY: VULNERABILITY IN SRCMSTR IX70660 SECURITY: SYSLOG DENIAL-OF-SERVICE VULNERABILITY IX70766 POSSIBLE COREDUMP IN TPARM() ROUTINE IX70815 MAKE NSLOOKUP SUID ROOT ONLY FOR RES_INIT IX70875 SECURITY: BUFFER OVERFLOW IN RDIST IX70886 SECURITY: FTP CLIENT INTERPRETS SERVER PROVIDED FILENAMES IX70916 ONLY ALLOW LOOPBACK AS INTERFACE FOR PORTMAP REGISTER IX70918 SECURITY: RPC.MOUNTD ALLOWS FILENAME DISCOVERY IX71277 SECURITY: VULNERABILITY IN LIBISODE.A IX71403 SECURITY: BUFFER OVERFLOWS IN RNETRC() IX71405 SECURITY: DISCARD LOOPBACK PACKETS ON EXTERNAL INTERFACES IX71517 SECURITY: VULNERABILITY IN PIODMGRSU IX71581 SYSTEM FILE COULD BE OVERWRITTEN BY DTAPPINTEGRATE IX71779 SECURITY: VULNERABILITY IN I/O SIGNAL HANDLING IX71795 SECURITY: VULNERABILITY IN /USR/SBIN/PORTMIR IX71806 NFSV3 ACCESS FOR OTHERS INCORRECT IX71810 SECURITY: BAD TEMPORARY FILE CREATED FROM /USR/BIN/CFGMIR IX71927 CDE LOGIN GIVES INVALID USER NAME MESSAGE BEFORE PW ENTERED IX72021 SECURITY: BUFFER OVERFLOW IN XDAT IX73022 NFS UID MISMATCH POSSIBLE ON CREATE IX73076 SECURITY: FTP BOUNCE VULNERABILITY IX73430 SEC: /USR/SBIN/MKLV SHELL SCRIPT HAS SET-UID BIT SET IX73437 SECURITY: VULNERABILITY IN DTAPPGATHER IX73580 SECURITY: TELNET DENIAL OF SERVICE ATTACK IX73755 PTY_SETNAME MISMANAGES THE PROCESS CREDENTIAL IX73893 PCNFSD DAEMON UPDATES WTMP FILE INCORRECTLY IX73949 SECURITY: ROUTED SHOULD IGNORE TRACE PACKETS IX74023 PROGRAMS USING LEX GENERATED SOURCE COREDUMPS IX74335 SECURITY: NFS NOT HANDLING EXPORTS CORRECTLY IX75157 BAD FILE HANDLE CAN CRASH LOCK DAEMON IX75195 ETHERNET DRIVER PASSES PACKETS TOO SMALL CAUSING CRASH IX75417 SECURITY HOLE IN TN3270 IX76015 NFS V2 DOES HANDLE 65535 AS A UID IX76268 SECURITY: LOGSYMPTOM FOLLOWS SYMLINKS IX76269 SECURITY: DPID2 CORE DUMPS IN WORLD WRITABLE DIRECTORY IX76270 SECURITY HOLE IN FTP, TFTP, UTFTP IX76272 SECURITY: VULNERABILITY IN DIGEST IX76276 SECURITY: DEAD.LETTER CREATED WITH GROUP PRINTQ IX76853 SECURITY: TIMEX CREATES INSECURE TEMPORARY FILES IX76861 REFRESHING INETD TOO MANY TIMES CAN KILL IT IX76863 SECURITY: SNMPD LOG FILE FOLLOWS SYMLINKS IX76867 SECURITY: /BIN/MAN CREATES INSECURE TEMPORARY FILES IX76872 BOS.NET.TCP.CLIENT UPDATES RE-ENABLE SNMP AND DPID2 IX76875 SECURITY: NON-ROOT USERS CAN CREATE AND BIND TO AF_NDD SOCKETS IX76878 SECURITY: CDE TRASHINFO FILE CREATED WORLD-WRITABLE IX76879 REMOVE POTENTIAL SECURITY EXPOSURE FROM NETLSD IX76886 SECURITY: SORT CREATES INSECURE TEMPORARY FILES IX76959 BIND: CERT ADVISORY CA-98.05 IX76984 LIBBSD SLEEP() RACE CONDITION IX77009 CORE FILE MAY CONTAIN DATA FROM OTHER USERS IX77089 SETUPTERM CAN CORE DUMP IX77506 CDE MAILER (DTMAIL) ALLOWS A USER TO READ A MAILBOX WHICH THE IX77830 SECURITY: BUFFER OVERFLOWS IN XTERM AND AIXTERM. IX77902 IFCONFIG.AT HAVE A WRONG FILE PERMISSIONS IX78596 SECURITY: VULNERABILITY IN GROUP SHUTDOWN IX78616 SECURITY:LONG FONTNAMES CAN OVERFLOW BUFFERS IN FONTSERVER IX78641 "RCP SECURITY PROBLEM" IX78673 SECURITY: BUFFER OVERFLOWS IN XAW AND XMU. IX78729 SECURITY: FILES IN /VAR/DT ARE CREATED INSECURELY BY CDE LOGIN IX79037 SECURITY: INSECURE TEMPORARY FILES IN DIAGSUP SCRIPTS IX79447 SECURITY: CRON CREATES INSECURE LOCK FILE IX79473 SECURITY: INSECURE TEMPORARY FILES IN CMDTEXT SCRIPTS IX79836 SECURITY: VULNERABILITY IN GROUP SHUTDOWN IX79893 SECURITY: PORTMAP CREATES INSECURE TEMPORARY FILES IX80138 SECURITY: INSECURE CREATION OF LPD LOCK FILE IX80791 SECURITY: BUFFER OVERFLOWS IN IMAPD IX81232 SECURITY: BAD PERMISSIONS ON /ETC/SECURITY/LOGIN.CFG IX81317 FORCE REXECD USER PRIVILEDGES IX81360 SECURITY: /BIN/MORE CREATES INSECURE TEMPORARY FILES IX81361 SECURITY: INSECURE TEMPORARY FILES IN CMDFILES SCRIPTS IX81364 SECURITY: INSECURE TEMPORARY FILES IN CMDMISC SCRIPTS IX81366 SECURITY: INSECURE TEMPORARY FILES IN CMDNLS SCRIPTS IX81369 SECURITY: INSECURE TEMPORARY FILES IN CMDSCCS SCRIPTS IX81370 SECURITY: INSECURE TEMPORARY FILES IN CMDTZ SCRIPTS IX81377 SECURITY: /BIN/VI CREATES INSECURE TEMPORARY FILES IX81441 SECURITY: VULNERABILITY IN RPC.TTDBSERVERD IX81506 SECURITY: MORE VULNERABILITIES IN PCNFSD IX81579 SECURITY: DON'T INHERIT CLOSED STDIN,STDOUT,STDERR DESCRIPTORS IX82703 SECURITY:LIBNSL BUFFER OVERRUNS IX84230 SECURITY : MAILBOX GETS CORRUPTED IX85206 SECURITY: INSECURE TEMPORARY FILES IN CMDBSYS SCRIPTS IX85555 SECURITY: BUFFER OVERFLOW IN FTP CLIENT IX85599 BOOTP: CERT ADVISORY IX86841 SVCAUTH_UNIX CRASH ON NEGATIVE NUMBER IX87003 REMBAK FAILS WHEN INVOKED WITH VERY LONG USERNAME/HOSTNAME IX87730 STOP UNCOMMENTING RPC DAEMONS IN /ETC/INETD.CONF AFTER NFS IX88020 ADD FINGER TIMEOUT IX88195 SECURITY: INSECURE TEMPORARY FILES IN CMDSNAP SCRIPTS IX88261 SECURITY: SNAP MAY LEAK SENSITIVE INFORMATION IX89281 SECURITY: VULNERABILITY IN INFOEXPLORER DAEMON (INFOD) IX89893 SECURITY: BUFFER OVERFLOW IN DTSPCD IY01573 SECURITY: NFS SCRIPTS CREATE INSECURE TEMPORARY FILES IY01610 SECURITY: INSECURE TEMPORARY FILES IN /ETC/RC.POWERFAIL =========================================================================== AIX 4.1 APARs IX55363 CERT ADVISORY CA-95:17 - YPUPDATED VULNERABILITY IX55931 CERT ADVISORY ON RPC.STATD IX56717 DDTERM PROBLEM AND 256 BYTES LOST AT EACH FAILING OPEN. IX57720 SECURITY PROBLEM IN SENDMAIL IX58516 /TMP/XLOGFILE HAS WRONG PERMISSION. IX59453 LARGE ICMP PACKETS CAN CRASH MACHINE IX59742 RDIST HAS A SECURITY HOLE. IX60068 /VAR/DT SECURITY PROBLEM IX60680 SECURITY: POSSIBLE BUFFER OVERFLOW IN RWHOD IX60873 NETWORK INTERFACES PADDING TO MINIMUM LENGTH LEAVE OLD DATA IN IX60890 BUFFER OVERFLOW CAUSES CORE DUMP IN TZSET() IX60894 POSSIBLE BUFFER OVERFLOW FOR TZ IX61019 BUFFER OVERFLOW IN GETHOSTBYNAME() IX61031 BUFFER OVERFLOW IN LIBXT.A IX61162 CERTS VU#12851:SENDMAIL GIVES LOCAL USER ACCESS TO DEFAULT USER IX61306 CERTS#12002:SENDMAIL LETS USER BECOME ROOT WITH CHFN COMMAND IX62476 CERT: SYN FLOOD DENIAL-OF-SERVICE ATTACKS IX64203 SECURITY: LQUERYPV ALLOWS NON-ROOT USER TO READ ANY FILE IX64459 CERTS:VU#3075 SENDMAIL VULNERABILITY IX65472 CERT: BUFFER OVERFLOW IN TALKD IX65537 CERT: FTPD RACE CONDITION IN SIGNAL HANDLING IX65682 SECURITY: BUFFER OVERFLOW IN /USR/SBIN/LOGIN IX65979 /TMP/LAST_UUID SHOULD NOT BE WORLD WRITABLE AND RPC__PKT_NAME ER IX66055 /USR/SBIN/MOUNT CREATES ROOT-OWNED CORE IX66231 CORE DUMP FOR ILLEGAL LENGTH STRING IN SOME LVM COMMANDS IX66340 SECURITY: LIBPATH USED FOR SETGID EXECUTABLES IX66449 SECURITY: BUFFER OVERFLOWS IN LIBXT.A IX66679 SECURITY: "PIPEBUG IN SENDMAIL" IX66736 SECURITY: BUFFER OVERFLOWS IN LIBX11.A IX66826 LIBBSD SLEEP() RACE CONDITION IX67272 /ETC/HOSTS.EQUIV IS ALLOWING WRONG USERS TO LOGIN IX67276 WHEN PRINCIPAL NAME EXCEEDS 1024 CHARACTERS SECD CORES IX67317 CERT: POSSIBLE BUFFER OVERFLOW IN FINGER DAEMON IX67407 CERT: BUFFER OVERFLOW IN NLS ENVIRONMENT VARIABLES IX67601 SECURITY: HOSTS.EQUIV SHOULD BE IGNORED IF WORLD-WRITABLE IX68086 SECURITY: VULNERABILITY IN RPC.PCNFSD IX68143 SECURITY: VULNERABILITY IN SRCMSTR IX68190 SECURITY: BUFFER OVERFLOWS IN XLOCK IX68249 BUFFER OVERFLOWS IN /USR/SBIN/MOUNT IX68412 RECONNECTING A TCP SOCKET CAN CRASH THE SYSTEM IX68688 SECURITY: POSSIBLE BUFFER OVERFLOW IN GECOS HANDLING IX68706 SECURITY: X11 RESOURCE MANAGER BUFFER OVERFLOW. IX68749 CERT : CMSD SECURITY PROBLEM IX68834 CORE FILE MAY CONTAIN DATA FROM OTHER USERS IX69083 BUFFER OVERFLOW IN DTTERM. IX69104 BUFFER OVERFLOW IN XTERM. IX69168 SECURITY: BUFFER OVERFLOW IN WRITESRV DAEMON IX69170 SECURITY: BUFFER OVERFLOW IN /BIN/RCP IX69179 SECURITY: BUFFER OVERFLOW IN DTACTION IX69698 SECURITY: BUFFER OVERFLOW IN AIXTERM IX70029 LARGE MMAP REGION CAN RUN OUT OF PAGING SPACE AND HANG IX70100 ONLY ALLOW LOOPBACK AS INTERFACE FOR PORTMAP REGISTER IX70171 POSSIBLE COREDUMP IN SETUPTERM() IX70236 SECURITY: CACHE POISONING IX70238 SECURITY: DISALLOW SENDMAIL -C FOR USERS IN GROUP SYSTEM IX70352 POSSIBLE COREDUMP IN TPARM() ROUTINE IX70367 SECURITY: COPYCORE CREATES WORLD-READABLE DUMPS IX70368 SECURITY: BUFFER OVERFLOW IN /USR/LIB/ERRDEMON IX70370 CERT: MKNOD RACE CONDITION AND BUFFER OVERFLOW IX70400 REFRESHING INETD TOO MANY TIMES CAN KILL IT IX70659 SECURITY: SYSLOG DENIAL-OF-SERVICE VULNERABILITY IX70876 SECURITY: BUFFER OVERFLOW IN RDIST IX70885 SECURITY: FTP CLIENT INTERPRETS SERVER PROVIDED FILENAMES IX71125 SECURITY: RPC.MOUNTD ALLOWS FILENAME DISCOVERY IX71366 SECURITY: DISCARD LOOPBACK PACKETS ON EXTERNAL INTERFACES IX71391 SECURITY: BUFFER OVERFLOWS IN RNETRC() IX71464 MAKE NSLOOKUP SUID ROOT ONLY FOR RES_INIT IX71478 SECURITY: VULNERABILITY IN LIBISODE.A IX71514 SECURITY: VULNERABILITY IN PIODMGRSU IX71580 SYSTEM FILE COULD BE OVERWRITTEN BY DTAPPINTEGRATE IX71832 SECURITY: VULNERABILITY IN I/O SIGNAL HANDLING IX72020 SECURITY: BUFFER OVERFLOW IN XDAT IX73075 SECURITY: FTP BOUNCE VULNERABILITY IX73427 SECURITY: TELNET DENIAL OF SERVICE ATTACK IX73436 SECURITY: VULNERABILITY IN DTAPPGATHER IX73615 SECURITY: DEAD.LETTER CREATED WITH GROUP PRINTQ IX73948 SECURITY: ROUTED SHOULD IGNORE TRACE PACKETS IX74022 PROGRAMS USING LEX GENERATED SOURCE COREDUMPS IX74421 CSH CORE DUMPS WHEN ENV VARIABLE IS LONGER THAN 2K IX74457 FIXED VULNERABILITY IN DIGEST IX74663 SEC: /USR/SBIN/MKLV SHELL SCRIPT HAS SET-UID BIT SET IX74773 ETHERNET DRIVER PASSES PACKETS TOO SMALL CAUSING CRASH IX75149 SECURITY: /BIN/MAN CREATES INSECURE TEMPORARY FILES IX76195 SECURITY HOLE IN TN3270 IX76329 SECURITY HOLE IN FTP, TFTP, UTFTP IX76330 SECURITY: TIMEX CREATES INSECURE TEMPORARY FILES IX76331 SECURITY: NON-ROOT USERS CAN CREATE AND BIND TO AF_NDD SOCKETS IX76332 SECURITY: LOGSYMPTOM FOLLOWS SYMLINKS IX76333 SECURITY: SNMPD LOG FILE FOLLOWS SYMLINKS IX76334 SECURITY: CDE TRASHINFO FILE CREATED WORLD-WRITABLE IX76522 PTY_SETNAME MISMANAGES THE PROCESS CREDENTIAL - 3 IX76717 SECURITY: NOTIFYMETH CREATES WORLD-WRITABLE FILES IX76846 SECURITY: SORT CREATES INSECURE TEMPORARY FILES IX76877 REMOVE POTENTIAL SECURITY EXPOSURE FROM NETLSD IX76958 BIND: CERT ADVISORY CA-98.05 IX77509 CDE MAILER (DTMAIL) ALLOWS A USER TO READ A MAILBOX WHICH THE IX77913 SECURITY: BUFFER OVERFLOWS IN XTERM AND AIXTERM. IX78350 IFCONFIG.AT HAVE A WRONG FILE PERMISSIONS IX78696 SECURITY: FILES IN /VAR/DT ARE CREATED INSECURELY BY CDE LOGIN IX78711 CERT: VULNERABILITY IN YPPROC_XFR RPC IX78956 SECURITY: BUFFER OVERFLOWS IN XAW AND XMU. IX78957 SECURITY:LONG FONTNAMES CAN OVERFLOW BUFFERS IN FONTSERVER IX79044 SECURITY: INSECURE TEMPORARY FILES IN DIAGSUP SCRIPTS IX79472 SECURITY: INSECURE TEMPORARY FILES IN CMDTEXT SCRIPTS IX80137 SECURITY: INSECURE CREATION OF LPD LOCK FILE IX80158 SECURITY: INSECURE TEMPORARY FILES IN CMDMISC SCRIPTS IX80160 SECURITY: INSECURE TEMPORARY FILES IN CMDNLS SCRIPTS IX80163 SECURITY: INSECURE TEMPORARY FILES IN CMDSCCS SCRIPTS IX80183 SECURITY: INSECURE TEMPORARY FILES IN CMDTZ SCRIPTS IX80840 SECURITY:LIBNSL BUFFER OVERRUNS IX80882 POST COMMAND SHOULD NOT BE SUID IX81440 SECURITY: VULNERABILITY IN RPC.TTDBSERVERD IX81505 SECURITY: MORE VULNERABILITIES IN PCNFSD IX81651 SECURITY: DON'T INHERIT CLOSED STDIN,STDOUT,STDERR DESCRIPTORS IX81914 SECURITY: BAD PERMISSIONS ON /ETC/SECURITY/LOGIN.CFG IX83911 SVCAUTH_UNIX CRASH ON NEGATIVE NUMBER IX83929 SECURITY: /BIN/VI CREATES INSECURE TEMPORARY FILES IX83932 SECURITY: INSECURE TEMPORARY FILES IN CMDFILES SCRIPTS IX83943 SECURITY: /BIN/MORE CREATES INSECURE TEMPORARY FILES IX84640 SECURITY: VULNERABILITY IN INFOEXPLORER DAEMON (INFOD) IX85553 SECURITY: BUFFER OVERFLOW IN FTP CLIENT IX85598 BOOTP: CERT ADVISORY IX85650 SECURITY: INSECURE TEMPORARY FILES IN CMDBSYS SCRIPTS IX87728 STOP UNCOMMENTING RPC DAEMONS IN /ETC/INETD.CONF AFTER NFS IX88018 ADD FINGER TIMEOUT IX89806 SECURITY: BUFFER OVERFLOW IN DTSPCD IY00254 SECURITY: NFS SCRIPTS CREATE INSECURE TEMPORARY FILES ===========================================================================
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:59:15 PDT