cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and a...

suidexec in suidmanager 0.18 on Debian 2.0 allows local users to gain root privileges by specifying a malicious program on the command line.

The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 adds the anonymous FTP user without notifying the administrator, which could automatically enable anonymous FTP on some servers such...

Denial of service in IP protocol logger (ippl) on Red Hat and Debian Linux.

Buffer overflow in the bootp server in the Debian Linux netstd package.

Buffer overflow in the FTP client in the Debian GNU/Linux netstd package.

A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.

Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root.

Debian GNU/Linux cfengine package is susceptible to a symlink attack.

Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to gain root privileges.

Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different err...

The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack.

The Debian mailman package uses weak authentication, which allows attackers to gain privileges.

The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links.

Denial of service in Debian IRC Epic/epic4 client via a long string.

dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files.

nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.

The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation.

The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions.

fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack.