Linux kreatecd trusts a user-supplied path that is used to find the cdrecord program, allowing local users to gain root privileges.

SuSE Linux IMAP server allows remote attackers to bypass IMAP authentication and gain privileges.

atsadc in the atsar package for Linux does not properly check the permissions of an output file, which allows local users to gain root privileges.

Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords.

The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges.

The default configuration of Dosemu in Corel Linux 1.0 allows local users to execute the system.com program and gain privileges.

Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.

Buffer overflow in mhshow in the Linux nmh package allows remote attackers to execute commands via malformed MIME headers in an email message.

Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable.

buildxconf in Corel Linux allows local users to modify or create arbitrary files via the -x or -f parameters.

setxconf in Corel Linux allows local users to gain root access via the -T parameter, which executes the user's .xserverrc file.

Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname.

Linux apcd program allows local attackers to modify arbitrary files via a symlink attack.

get_it program in Corel Linux Update allows local users to gain root access by specifying an alternate PATH for the cp program.

The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file.

The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP.

Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals.

Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows local users to gain root privileges via a long LANG environmental variable.

linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users to overwrite arbitrary files and gain root access via a symlink attack.

Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows local users to gain privileges.