| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords. |
| Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a user is a member of the wheel group before granting superuser privileges, which could allow unauthorized users to execute commands as root. |
| Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function. |
| The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type when creating a device node, which makes hidden devices available to attackers, who can then bypass restrictions on a jailed process. |
| TCP RST denial of service in FreeBSD. |
| Listening TCP ports are sequentially allocated, allowing spoofing attacks. |
| Sendmail decode alias can be used to overwrite sensitive files. |
| opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd. |
| Buffer overflow in FreeBSD lpd through long DNS hostnames. |
| asmon and ascpu in FreeBSD allow local users to gain root privileges via a configuration file. |
| Operating systems with shared memory implementations based on BSD 4.4 code allow a user to conduct a denial of service and bypass memory limits (e.g., as specified with rlimits) using mmap or shmget to allocate memory and cause page faults. |
| Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd. |
| A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a 'scrub fragment crop' or 'scrub fragment drop-ovl' rule is being used, allows remote attackers to cause a denial of service (crash) via crafted packets that cause a packet fragment to be inserted twice. |
| Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS. |
| OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting. |
| FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks. |
| periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack. |
| Buffer overflow in FreeBSD angband allows local users to gain privileges. |
| Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname. |
| The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. |
