The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from any host, which allows remote attackers to obtain sensitive information or bypass additional access restrictions.

Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges.

Vulnerability in Caldera rmt command in the dump package 0.4b4 allows a local user to gain root privileges.

The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack.

The debug option in Caldera Linux smail allows remote attackers to execute commands via shell metacharacters in the -D option for the rmail command.

The IDENT server in Caldera Linux 2.3 creates multiple threads for each IDENT request, which allows remote attackers to cause a denial of service.

Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.

Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to gain root privileges.

dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files.

Red Hat Linux 6.0 installs the /dev/pts file system with insecure modes, which allows local users to write to other tty devices.

screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of tty devices, which allows local users to write to other ttys.

Linux cdwtools 093 and earlier allows local users to gain root privileges via the /tmp directory.

Buffer overflows in Linux cdwtools 093 and earlier allows local users to gain root privileges.

The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information.

Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article.

Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header.

ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers to crash a program.

ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random numbers, which allows local users to guess the authentication keys.

Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not properly lock access to disabled NIS accounts.

pg and pb in SuSE pbpg 1.x package allows an attacker to read arbitrary files.