sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.

rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack.

getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack.

useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack.

Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.

privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.

inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.

vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.

modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.

Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.

Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.

The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges.

ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping's exposure to bugs that otherwise would occur at lower privileges.

Buffer overflows in the (1) outpack or (2) buf variables of ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, may allow local users to gain privileges.

Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters.

userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited via format string vulnerabilities in glibc via the LANG or LC_ALL environment variables (CVE-2000-0844).

Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals.

Buffer overflow in Linux linuxconf package allows remote attackers to gain root privileges via a long parameter.