CVE-2006-0177 – Cray UNICOS /usr/bin/script - Command Line Argument Local Overflow
https://notcve.org/view.php?id=CVE-2006-0177
Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local users to gain privileges by (1) invoking /usr/bin/script with a long command line argument or (2) setting the -c option of /etc/nu to the name of a file containing a long line. • https://www.exploit-db.com/exploits/27065 https://www.exploit-db.com/exploits/27066 http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0343.html http://www.securityfocus.com/bid/16205 https://exchange.xforce.ibmcloud.com/vulnerabilities/24276 •
CVE-2006-0178
https://notcve.org/view.php?id=CVE-2006-0178
Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local users to have an unknown impact via format string specifiers in the quote command. NOTE: because the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability. • http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0343.html http://www.securityfocus.com/bid/16205 https://exchange.xforce.ibmcloud.com/vulnerabilities/24277 •
CVE-2003-0028
https://notcve.org/view.php?id=CVE-2003-0028
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. Desbordamiento de entero en la función xdrmem_getbytes(), y posiblemente otras funciones, de librerias XDR (representación de datos externos) derivadas de SunRPC, incluyendo libnsl, libc y glibc permite a atacantes remotos ejecutar código arbitrario mediante ciertos valores enteros en campos de longitud. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html http://marc.info/?l=bugtraq&m=104810574423662&w=2 http://marc.info/?l=bugtraq&m=104811415301340&w=2 http://marc.info/?l=bugtraq&m=104860855114117&w=2 http://marc.info/?l=bugtraq&m=104878237121402&w=2 http://marc.info/? •
CVE-2001-0891
https://notcve.org/view.php?id=CVE-2001-0891
Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16 for CRAY UNICOS and SGI IRIX allows a local user to gain root privileges by using qsub to submit a batch job whose name contains formatting characters. Vulnerabilidad en el formateado de cadenas en el demonio NQS (nqsdaemon) en NQE 3.3.0.16 para CRAY UNICOS permite que un usuario local obtenga privilegios de root usando qsub para enviar un proceso job cuyo nombre contiene caracteres de formatado. • ftp://patches.sgi.com/support/free/security/advisories/20020101-01-I http://marc.info/?l=bugtraq&m=100695627423924&w=2 http://www.osvdb.org/3275 http://www.securityfocus.com/bid/3590 https://exchange.xforce.ibmcloud.com/vulnerabilities/7618 •
CVE-1999-1300
https://notcve.org/view.php?id=CVE-1999-1300
Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users to read arbitrary files and modify system accounting configuration. • http://ciac.llnl.gov/ciac/bulletins/b-31.shtml •