Vulnerabilities > Avaya > Messaging Storage Server

DATE CVE VULNERABILITY TITLE RISK
2009-03-30 CVE-2009-0115 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
7.8
2008-07-09 CVE-2008-2812 NULL Pointer Dereference vulnerability in multiple products
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
7.8
2006-04-04 CVE-2006-1058 Use of Password Hash With Insufficient Computational Effort vulnerability in multiple products
BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.
local
low complexity
busybox avaya CWE-916
5.5
2001-12-31 CVE-2001-1494 Link Following vulnerability in multiple products
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.
local
low complexity
kernel avaya CWE-59
5.5