RSS   Podatności dla 'Iplanet ical'   RSS

2000-12-11
 
CVE-2000-1074

 

 
csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory.

 
 
CVE-2000-1073

 

 
csstart program in iCal 2.1 Patch 2 searches for the cshttpd program in the current working directory, which allows local users to gain root privileges by creating a Trojan Horse cshttpd program in a directory and calling csstart from that directory.

 
 
CVE-2000-1072

 

 
iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse.

 
 
CVE-2000-1071

 

 
The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote attackers to monitor X Windows events and gain privileges.

 

 >>> Vendor: Netscape 21 Produkty
Messaging server
Certificate server
Collabra server
Directory server
Enterprise server
Fasttrack server
Proxy server
Communicator
News server
Commerce server
Communications server
Navigator
Professional services ftpserver
Netscape messaging server multiplexor
Iplanet ical
Publishingxpert
Smartdownload
Messanger
Personalization engine
Portable runtime api
Certificate management system


Copyright 2024, cxsecurity.com

 

Back to Top