Operating systems which had their kernel reorganized to accomodate the network file system (NFS) and are based on 4.3 BSD, specifically SunOS and Pyramid, contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user causes lpr to print out an arbitrary privileged file, resulting in a loss of confidentiality.
DEC CONTRL and RTMON contain a flaw that may allow a remote denial of service. The issue is triggered when an administrator controls (a.k.a "CONTRLing") a user logged into a virtual terminal over a terminal server, who then disconnects. This could conceivably be done by forcing the user to disconnect, or by the user accidentally disconnecting, and will result in a loss of availability for the system.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.