CVE-2005-4352
https://notcve.org/view.php?id=CVE-2005-4352
The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap." • http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041178.html http://secunia.com/advisories/25691 http://securitytracker.com/id?1015454 http://www.redteam-pentesting.de/advisories/rt-sa-2005-16.txt http://www.securityfocus.com/archive/1/421426/100/0/threaded http://www.securityfocus.com/archive/1/471457 http://www.securityfocus.com/bid/16170 https://exchange.xforce.ibmcloud.com/vulnerabilities/24036 •
CVE-2003-0914
https://notcve.org/view.php?id=CVE-2003-0914
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value. ISC BIND 8.3.x antes de 8.3.7, y 8.4.x antes de 8.4.3 permite a atacantes remotos envenenar la cache mediante un servidor de nombres malicioso que devuelve respuestas negativas con un valor TTL (time to live) largo. • ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-003.0/CSSA-2004-003.0.txt ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33/CSSA-2003-SCO.33.txt http://secunia.com/advisories/10542 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57434 http://www.debian.org/security/2004/dsa-409 http://www.kb.cert.org/vuls/id/734644 http://www.trustix.org/errata/misc/2003/TSL-2003-0044-bind.asc.txt https://oval.cisecurity.org/repository& •
CVE-2003-0694 – Sendmail SMTP Address prescan Memory Corruption
https://notcve.org/view.php?id=CVE-2003-0694
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. La función de prescan en Sendmail 8.12.9 permite a atacantes remotos ejecutar código arbitrario mediante ataques de desbordamiento de búfer, como se demostró usando la función parseaddr en parseaddr.c. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742 http://marc.info/?l=bugtraq&m=106381604923204&w=2 http://marc.info/?l=bugtraq&m=106382859407683&w=2 http://marc.info/?l=bugtraq&m=106383437615742&w=2 http://marc.info/? •
CVE-2003-0681 – Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun
https://notcve.org/view.php?id=CVE-2003-0681
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. Un "desbordamiento de búfer potencial en el análisis de reglas" (ruleset parsing) en Sendmail 8.12.9 cuando se usan los conjuntos de reglas no estándar: (1) receptor, (2) final, o (3) receptores de envoltorio específicos del enviador de correo, tienen consecuencias desconocidas. • https://www.exploit-db.com/exploits/23154 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742 http://marc.info/?l=bugtraq&m=106383437615742&w=2 http://marc.info/?l=bugtraq&m=106398718909274&w=2 http://www.debian.org/security/2003/dsa-384 http://www.kb.cert.org/vuls/id/108964 http://www.mandriva.com/security/advisories?name=MDKSA-2003:092 http://www.redhat.com/support/errata/RHSA-2003-283.html http://www.securityfocus.com/bid/8649 http://www •
CVE-2001-0554 – Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - 'TelnetD' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2001-0554
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function. • https://www.exploit-db.com/exploits/21018 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.asc ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-012.txt.asc ftp://patches.sgi.com/support/free/security/advisories/20010801-01-P ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.10/CSSA-2001-SCO.10.txt http://archives.neohapsis.com/archives/hp/2001-q4/0014.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000413 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •