Buffer overflow in mhshow in the Linux nmh package allows remote attackers to execute commands via malformed MIME headers in an email message.

An installation of Red Hat uses DES password encryption with crypt() for the initial password, instead of md5.

The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file.

The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP.

Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals.

Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack.

Buffer overflow in Linux linuxconf package allows remote attackers to gain root privileges via a long parameter.

wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.

ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random numbers, which allows local users to guess the authentication keys.

ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers to crash a program.

Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets.

Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not properly lock access to disabled NIS accounts.

PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier includes a less restrictive rule before a more restrictive one, which allows users to access the host via rlogin even if rlogin has been explicitly disabled using the /etc/nologin file.

Xsession in Red Hat Linux 6.1 and earlier can allow local users with restricted accounts to bypass execution of the .xsession file by starting kde, gnome or anotherlevel from kdm.

The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.

Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.

Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain privileges via bugs in the program.

Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail.

Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable.

rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request.