This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Digital First view 1995-10-13
Product Unix Last view 2001-03-12
Version 4.0 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:digital:unix

Activity : Overall

Related : CVE

  Date Alert Description
5 2001-03-12 CVE-2000-0315

traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks.

5 2001-03-12 CVE-2000-0314

traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero.

2.1 1999-02-15 CVE-1999-0714

Vulnerability in Compaq Tru64 UNIX edauth command.

7.2 1999-02-01 CVE-1999-0358

Digital Unix 4.0 has a buffer overflow in the inc program of the mh package.

7.2 1999-01-25 CVE-1999-1458

Buffer overflow in at program in Digital UNIX 4.0 allows local users to gain root privileges via a long command line argument.

5 1998-01-05 CVE-1999-0513

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

10 1997-02-06 CVE-1999-0046

Buffer overflow of rlogin program using TERM environmental variable.

10 1995-10-13 CVE-1999-0073

Telnet allows a remote client to specify environment variables including LD_LIBRARY_PATH, allowing an attacker to bypass the normal system libraries and gain root access.

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-21 Exploitation of Session Variables, Resource IDs and other Trusted Credentials
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-42 MIME Conversion
CAPEC-44 Overflow Binary Resource File
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-58 Restful Privilege Elevation
CAPEC-67 String Format Overflow in syslog()
CAPEC-92 Forced Integer Overflow
CAPEC-100 Overflow Buffers
CAPEC-123 Buffer Attacks
CAPEC-167 Lifting Sensitive Data from the Client

Open Source Vulnerability Database (OSVDB)

id Description
8765 Digital Unix mh Package inc Local Overflow
8763 Digital Unix at Command Line Argument Privilege Escalation
7575 Multiple Vendor traceroute Source Address Modification
7574 Multiple Vendor traceroute Large waittime DoS
7407 Compaq Tru64 UNIX edauth Security Information Disclosure
1008 Multiple Vendor telnetd LD_LIBRARY_PATH Environment Variable Privilege Escala...
951 Multiple Vendor rlogin TERM Variable Overflow
916 Multiple Vendor ICMP Broadcast Flood DoS (smurf)

Snort® IPS/IDS

Date Description
2014-01-10 ld_library_path
RuleID : 712-community - Type : PROTOCOL-TELNET - Revision : 16
2014-01-10 ld_library_path
RuleID : 712 - Type : PROTOCOL-TELNET - Revision : 16