Vulnerabilites related to freebsd - freebsd
CVE-2020-7469 (GCVE-0-2020-7469)
Vulnerability from cvelistv5
Published
2021-06-04 11:55
Modified
2024-08-04 09:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use after free
Summary
In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message. However, when processing subsequent options the packet buffer may be freed, rendering the cached pointer invalid. The network stack may later dereference the pointer, potentially triggering a use-after-free.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-20:31.icmp6.asc | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210720-0001/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:31.icmp6.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210720-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FreeBSD 12.2-RELEASE before p1, 12.1-RELEASE before p11, 11.4-RELEASE before p5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message. However, when processing subsequent options the packet buffer may be freed, rendering the cached pointer invalid. The network stack may later dereference the pointer, potentially triggering a use-after-free."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T10:06:38",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:31.icmp6.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210720-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2020-7469",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 12.2-RELEASE before p1, 12.1-RELEASE before p11, 11.4-RELEASE before p5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message. However, when processing subsequent options the packet buffer may be freed, rendering the cached pointer invalid. The network stack may later dereference the pointer, potentially triggering a use-after-free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:31.icmp6.asc",
"refsource": "MISC",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:31.icmp6.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210720-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210720-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2020-7469",
"datePublished": "2021-06-04T11:55:55",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42416 (GCVE-0-2024-42416)
Vulnerability from cvelistv5
Published
2024-09-05 04:31
Modified
2024-09-05 13:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory.
Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freebsd",
"vendor": "freebsd",
"versions": [
{
"lessThan": "14.1_p4",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "14.0_p10",
"status": "affected",
"version": "14.0",
"versionType": "custom"
},
{
"lessThan": "13.3_p6",
"status": "affected",
"version": "13.3",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-42416",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T13:11:48.895786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T13:12:10.303Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"ctl"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p4",
"status": "affected",
"version": "14.1-RELEASE",
"versionType": "release"
},
{
"lessThan": "p10",
"status": "affected",
"version": "14.0-RELEASE",
"versionType": "release"
},
{
"lessThan": "p6",
"status": "affected",
"version": "13.3-RELEASE",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Synacktiv"
},
{
"lang": "en",
"type": "sponsor",
"value": "The FreeBSD Foundation"
},
{
"lang": "en",
"type": "sponsor",
"value": "The Alpha-Omega Project"
}
],
"datePublic": "2024-09-04T23:37:17.000Z",
"descriptions": [
{
"lang": "en",
"value": "The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory.\n\nMalicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-790",
"description": "CWE-790 Improper Filtering of Special Elements",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-823",
"description": "CWE-823 Use of Out-of-range Pointer Offset",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T04:31:15.698Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc"
}
],
"title": "Multiple issues in ctl(4) CAM Target Layer"
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2024-42416",
"datePublished": "2024-09-05T04:31:15.698Z",
"dateReserved": "2024-08-27T16:30:55.964Z",
"dateUpdated": "2024-09-05T13:12:10.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0061 (GCVE-0-2001-0061)
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 04:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
procfs in FreeBSD and possibly other operating systems does not properly restrict access to per-process mem and ctl files, which allows local users to gain root privileges by forking a child process and executing a privileged process from the child, while the parent retains access to the child's address space.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/2130 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6106 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/1697 | vdb-entry, x_refsource_OSVDB | |
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:55.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2130",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2130"
},
{
"name": "procfs-elevate-privileges(6106)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6106"
},
{
"name": "1697",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1697"
},
{
"name": "FreeBSD-SA-00:77",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "procfs in FreeBSD and possibly other operating systems does not properly restrict access to per-process mem and ctl files, which allows local users to gain root privileges by forking a child process and executing a privileged process from the child, while the parent retains access to the child\u0027s address space."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2130",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2130"
},
{
"name": "procfs-elevate-privileges(6106)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6106"
},
{
"name": "1697",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1697"
},
{
"name": "FreeBSD-SA-00:77",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "procfs in FreeBSD and possibly other operating systems does not properly restrict access to per-process mem and ctl files, which allows local users to gain root privileges by forking a child process and executing a privileged process from the child, while the parent retains access to the child\u0027s address space."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2130"
},
{
"name": "procfs-elevate-privileges(6106)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6106"
},
{
"name": "1697",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1697"
},
{
"name": "FreeBSD-SA-00:77",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0061",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2001-02-01T00:00:00",
"dateUpdated": "2024-08-08T04:06:55.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0701 (GCVE-0-2002-0701)
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=102650797504351&w=2 | vendor-advisory, x_refsource_FREEBSD | |
| http://www.securityfocus.com/bid/5133 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/9474.php | vdb-entry, x_refsource_XF | |
| http://www.openbsd.org/errata.html#ktrace | vendor-advisory, x_refsource_OPENBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-02:30",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102650797504351\u0026w=2"
},
{
"name": "5133",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5133"
},
{
"name": "openbsd-ktrace-gain-privileges(9474)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9474.php"
},
{
"name": "20020627 009: SECURITY FIX: June 27, 2002",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://www.openbsd.org/errata.html#ktrace"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-24T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-02:30",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102650797504351\u0026w=2"
},
{
"name": "5133",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5133"
},
{
"name": "openbsd-ktrace-gain-privileges(9474)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9474.php"
},
{
"name": "20020627 009: SECURITY FIX: June 27, 2002",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://www.openbsd.org/errata.html#ktrace"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-02:30",
"refsource": "FREEBSD",
"url": "http://marc.info/?l=bugtraq\u0026m=102650797504351\u0026w=2"
},
{
"name": "5133",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5133"
},
{
"name": "openbsd-ktrace-gain-privileges(9474)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9474.php"
},
{
"name": "20020627 009: SECURITY FIX: June 27, 2002",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata.html#ktrace"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0701",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-07-12T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29629 (GCVE-0-2021-29629)
Vulnerability from cvelistv5
Published
2021-05-28 14:06
Modified
2024-08-03 22:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Unchecked Input for Loop Condition
Summary
In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius(3) could allow malicious clients or servers to trigger denial of service in vulnerable servers or clients respectively.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-21:12.libradius.asc | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210713-0003/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:06.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:12.libradius.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210713-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FreeBSD 13.0-RELEASE before p1, 12.2-RELEASE before p7, 11.4-RELEASE before p10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius(3) could allow malicious clients or servers to trigger denial of service in vulnerable servers or clients respectively."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unchecked Input for Loop Condition",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-13T09:06:10",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:12.libradius.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210713-0003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2021-29629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 13.0-RELEASE before p1, 12.2-RELEASE before p7, 11.4-RELEASE before p10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius(3) could allow malicious clients or servers to trigger denial of service in vulnerable servers or clients respectively."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unchecked Input for Loop Condition"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:12.libradius.asc",
"refsource": "MISC",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:12.libradius.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210713-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210713-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2021-29629",
"datePublished": "2021-05-28T14:06:47",
"dateReserved": "2021-03-30T00:00:00",
"dateUpdated": "2024-08-03T22:11:06.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23091 (GCVE-0-2022-23091)
Vulnerability from cvelistv5
Published
2024-02-15 05:11
Modified
2025-02-13 16:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause.
An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-23091",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-15T16:28:20.765100Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T19:29:18.683Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:43.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:11.vm.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240415-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"vm"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p1",
"status": "affected",
"version": "13.1-RELEASE",
"versionType": "release"
},
{
"lessThan": "p12",
"status": "affected",
"version": "13.0-RELEASE",
"versionType": "release"
},
{
"lessThan": "p6",
"status": "affected",
"version": "12.3-RELEASE",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mark Johnston"
}
],
"datePublic": "2022-08-09T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause.\n\nAn unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel."
}
],
"providerMetadata": {
"dateUpdated": "2024-04-15T15:06:18.061Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:11.vm.asc"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240415-0008/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Memory disclosure by stale virtual memory mapping",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2022-23091",
"datePublished": "2024-02-15T05:11:35.101Z",
"dateReserved": "2022-01-10T22:07:46.042Z",
"dateUpdated": "2025-02-13T16:29:02.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6916 (GCVE-0-2018-6916)
Vulnerability from cvelistv5
Published
2018-03-09 15:00
Modified
2024-09-17 02:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper validation
Summary
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELEASE-p7, and 10.3-RELEASE-p28, the kernel does not properly validate IPsec packets coming from a trusted host. Additionally, a use-after-free vulnerability exists in the IPsec AH handling code. This issue could cause a system crash or other unpredictable results.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040460 | vdb-entry, x_refsource_SECTRACK | |
| https://www.freebsd.org/security/advisories/FreeBSD-SA-18:01.ipsec.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040460",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040460"
},
{
"name": "FreeBSD-SA-18:01",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:01.ipsec.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"status": "affected",
"version": "All supported versions of FreeBSD"
}
]
}
],
"datePublic": "2018-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELEASE-p7, and 10.3-RELEASE-p28, the kernel does not properly validate IPsec packets coming from a trusted host. Additionally, a use-after-free vulnerability exists in the IPsec AH handling code. This issue could cause a system crash or other unpredictable results."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-10T10:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "1040460",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040460"
},
{
"name": "FreeBSD-SA-18:01",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:01.ipsec.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"DATE_PUBLIC": "2018-03-07T00:00:00",
"ID": "CVE-2018-6916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "All supported versions of FreeBSD"
}
]
}
}
]
},
"vendor_name": "FreeBSD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELEASE-p7, and 10.3-RELEASE-p28, the kernel does not properly validate IPsec packets coming from a trusted host. Additionally, a use-after-free vulnerability exists in the IPsec AH handling code. This issue could cause a system crash or other unpredictable results."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040460",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040460"
},
{
"name": "FreeBSD-SA-18:01",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:01.ipsec.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2018-6916",
"datePublished": "2018-03-09T15:00:00Z",
"dateReserved": "2018-02-12T00:00:00",
"dateUpdated": "2024-09-17T02:21:59.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1126 (GCVE-0-2005-1126)
Vulnerability from cvelistv5
Published
2005-04-16 04:00
Modified
2024-08-07 21:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before using it, which allows local users to obtain portions of sensitive kernel memory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2005/2256 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/14959 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/17368 | third-party-advisory, x_refsource_SECUNIA | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:04.ifconf.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://lists.apple.com/archives/security-announce/2005/Oct/msg00000.html | vendor-advisory, x_refsource_APPLE | |
| http://www.securityfocus.com/bid/15252 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/15514 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20114 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2005-2256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2256"
},
{
"name": "14959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14959"
},
{
"name": "17368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17368"
},
{
"name": "FreeBSD-SA-05:04",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:04.ifconf.asc"
},
{
"name": "APPLE-SA-2005-10-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Oct/msg00000.html"
},
{
"name": "15252",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15252"
},
{
"name": "15514",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15514"
},
{
"name": "freebsd-ifconf-information-disclosure(20114)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before using it, which allows local users to obtain portions of sensitive kernel memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2005-2256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2256"
},
{
"name": "14959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14959"
},
{
"name": "17368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17368"
},
{
"name": "FreeBSD-SA-05:04",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:04.ifconf.asc"
},
{
"name": "APPLE-SA-2005-10-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Oct/msg00000.html"
},
{
"name": "15252",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15252"
},
{
"name": "15514",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15514"
},
{
"name": "freebsd-ifconf-information-disclosure(20114)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before using it, which allows local users to obtain portions of sensitive kernel memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2256",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2256"
},
{
"name": "14959",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14959"
},
{
"name": "17368",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17368"
},
{
"name": "FreeBSD-SA-05:04",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:04.ifconf.asc"
},
{
"name": "APPLE-SA-2005-10-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Oct/msg00000.html"
},
{
"name": "15252",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15252"
},
{
"name": "15514",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15514"
},
{
"name": "freebsd-ifconf-information-disclosure(20114)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1126",
"datePublished": "2005-04-16T04:00:00",
"dateReserved": "2005-04-16T00:00:00",
"dateUpdated": "2024-08-07T21:35:59.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0078 (GCVE-0-2003-0078)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:35.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030501-01-I",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I"
},
{
"name": "3945",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3945"
},
{
"name": "ssl-cbc-information-leak(11369)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11369.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openssl.org/news/secadv_20030219.txt"
},
{
"name": "2003-0005",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2003/0005"
},
{
"name": "DSA-253",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-253"
},
{
"name": "RHSA-2003:205",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-205.html"
},
{
"name": "ESA-20030220-005",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html"
},
{
"name": "N-051",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/n-051.shtml"
},
{
"name": "20030219 OpenSSL 0.9.7a and 0.9.6i released",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104567627211904\u0026w=2"
},
{
"name": "RHSA-2003:104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-104.html"
},
{
"name": "6884",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6884"
},
{
"name": "NetBSD-SA2003-001",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.asc"
},
{
"name": "MDKSA-2003:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020"
},
{
"name": "CLSA-2003:570",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000570"
},
{
"name": "20030219 [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104568426824439\u0026w=2"
},
{
"name": "GLSA-200302-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104577183206905\u0026w=2"
},
{
"name": "RHSA-2003:082",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-082.html"
},
{
"name": "RHSA-2003:063",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-063.html"
},
{
"name": "RHSA-2003:062",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-062.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the \"Vaudenay timing attack.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-02-23T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030501-01-I",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I"
},
{
"name": "3945",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3945"
},
{
"name": "ssl-cbc-information-leak(11369)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11369.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openssl.org/news/secadv_20030219.txt"
},
{
"name": "2003-0005",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2003/0005"
},
{
"name": "DSA-253",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-253"
},
{
"name": "RHSA-2003:205",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-205.html"
},
{
"name": "ESA-20030220-005",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html"
},
{
"name": "N-051",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/n-051.shtml"
},
{
"name": "20030219 OpenSSL 0.9.7a and 0.9.6i released",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104567627211904\u0026w=2"
},
{
"name": "RHSA-2003:104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-104.html"
},
{
"name": "6884",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6884"
},
{
"name": "NetBSD-SA2003-001",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.asc"
},
{
"name": "MDKSA-2003:020",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020"
},
{
"name": "CLSA-2003:570",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000570"
},
{
"name": "20030219 [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104568426824439\u0026w=2"
},
{
"name": "GLSA-200302-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104577183206905\u0026w=2"
},
{
"name": "RHSA-2003:082",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-082.html"
},
{
"name": "RHSA-2003:063",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-063.html"
},
{
"name": "RHSA-2003:062",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-062.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the \"Vaudenay timing attack.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030501-01-I",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I"
},
{
"name": "3945",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3945"
},
{
"name": "ssl-cbc-information-leak(11369)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11369.php"
},
{
"name": "http://www.openssl.org/news/secadv_20030219.txt",
"refsource": "CONFIRM",
"url": "http://www.openssl.org/news/secadv_20030219.txt"
},
{
"name": "2003-0005",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2003/0005"
},
{
"name": "DSA-253",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-253"
},
{
"name": "RHSA-2003:205",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-205.html"
},
{
"name": "ESA-20030220-005",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html"
},
{
"name": "N-051",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-051.shtml"
},
{
"name": "20030219 OpenSSL 0.9.7a and 0.9.6i released",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104567627211904\u0026w=2"
},
{
"name": "RHSA-2003:104",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-104.html"
},
{
"name": "6884",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6884"
},
{
"name": "NetBSD-SA2003-001",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.asc"
},
{
"name": "MDKSA-2003:020",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020"
},
{
"name": "CLSA-2003:570",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000570"
},
{
"name": "20030219 [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104568426824439\u0026w=2"
},
{
"name": "GLSA-200302-10",
"refsource": "GENTOO",
"url": "http://marc.info/?l=bugtraq\u0026m=104577183206905\u0026w=2"
},
{
"name": "RHSA-2003:082",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-082.html"
},
{
"name": "RHSA-2003:063",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-063.html"
},
{
"name": "RHSA-2003:062",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-062.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0078",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2003-02-10T00:00:00",
"dateUpdated": "2024-08-08T01:43:35.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1406 (GCVE-0-2005-1406)
Vulnerability from cvelistv5
Published
2005-05-06 04:00
Modified
2024-08-07 21:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2005/2256 | vdb-entry, x_refsource_VUPEN | |
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:08.kmem.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://secunia.com/advisories/17368 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.apple.com/archives/security-announce/2005/Oct/msg00000.html | vendor-advisory, x_refsource_APPLE | |
| http://www.securityfocus.com/bid/15252 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/bid/13526 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:49.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2005-2256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2256"
},
{
"name": "FreeBSD-SA-05:08",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:08.kmem.asc"
},
{
"name": "17368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17368"
},
{
"name": "APPLE-SA-2005-10-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Oct/msg00000.html"
},
{
"name": "15252",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15252"
},
{
"name": "13526",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13526"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-04T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2005-2256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2256"
},
{
"name": "FreeBSD-SA-05:08",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:08.kmem.asc"
},
{
"name": "17368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17368"
},
{
"name": "APPLE-SA-2005-10-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Oct/msg00000.html"
},
{
"name": "15252",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15252"
},
{
"name": "13526",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13526"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2256",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2256"
},
{
"name": "FreeBSD-SA-05:08",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:08.kmem.asc"
},
{
"name": "17368",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17368"
},
{
"name": "APPLE-SA-2005-10-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Oct/msg00000.html"
},
{
"name": "15252",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15252"
},
{
"name": "13526",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13526"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1406",
"datePublished": "2005-05-06T04:00:00",
"dateReserved": "2005-05-03T00:00:00",
"dateUpdated": "2024-08-07T21:51:49.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23089 (GCVE-0-2022-23089)
Vulnerability from cvelistv5
Published
2024-02-15 05:07
Modified
2025-03-13 21:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
When dumping core and saving process information, proc_getargv() might return an sbuf which have a sbuf_len() of 0 or -1, which is not properly handled.
An out-of-bound read can happen when user constructs a specially crafted ps_string, which in turn can cause the kernel to crash.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-23089",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-15T20:01:04.904349Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T21:52:54.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:43.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:09.elf.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240415-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"kernel"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p1",
"status": "affected",
"version": "13.1-RELEASE",
"versionType": "release"
},
{
"lessThan": "p12",
"status": "affected",
"version": "13.0-RELEASE",
"versionType": "release"
},
{
"lessThan": "p6",
"status": "affected",
"version": "12.3-RELEASE",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Josef \u0027Jeff\u0027 Sipek"
}
],
"datePublic": "2022-08-09T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When dumping core and saving process information, proc_getargv() might return an sbuf which have a sbuf_len() of 0 or -1, which is not properly handled.\n\nAn out-of-bound read can happen when user constructs a specially crafted ps_string, which in turn can cause the kernel to crash."
}
],
"providerMetadata": {
"dateUpdated": "2024-04-15T15:06:02.564Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:09.elf.asc"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240415-0006/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out of bound read in elf_note_prpsinfo()",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2022-23089",
"datePublished": "2024-02-15T05:07:13.996Z",
"dateReserved": "2022-01-10T22:07:46.041Z",
"dateUpdated": "2025-03-13T21:52:54.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1915 (GCVE-0-2002-1915)
Vulnerability from cvelistv5
Published
2005-06-28 04:00
Modified
2024-09-17 03:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/9633.php | vdb-entry, x_refsource_XF | |
| http://online.securityfocus.com/archive/1/283033 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/5265 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:43:33.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "tip-flock-acculog-dos(9633)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9633.php"
},
{
"name": "20020717 asciiSECURE advisory (2002-07-17/1)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/283033"
},
{
"name": "5265",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-28T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "tip-flock-acculog-dos(9633)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9633.php"
},
{
"name": "20020717 asciiSECURE advisory (2002-07-17/1)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/283033"
},
{
"name": "5265",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5265"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tip-flock-acculog-dos(9633)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9633.php"
},
{
"name": "20020717 asciiSECURE advisory (2002-07-17/1)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/283033"
},
{
"name": "5265",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5265"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1915",
"datePublished": "2005-06-28T04:00:00Z",
"dateReserved": "2005-06-28T04:00:00Z",
"dateUpdated": "2024-09-17T03:12:29.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0988 (GCVE-0-2005-0988)
Vulnerability from cvelistv5
Published
2005-04-06 04:00
Modified
2024-08-07 21:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2006-08-01",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "22033",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22033"
},
{
"name": "ADV-2006-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "21253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21253"
},
{
"name": "DSA-752",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-752"
},
{
"name": "101816",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1"
},
{
"name": "RHSA-2005:357",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2005-357.html"
},
{
"name": "19289",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "12996",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12996"
},
{
"name": "15487",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15487"
},
{
"name": "oval:org.mitre.oval:def:765",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A765"
},
{
"name": "oval:org.mitre.oval:def:10242",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10242"
},
{
"name": "oval:org.mitre.oval:def:1169",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1169"
},
{
"name": "SCOSA-2005.58",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt"
},
{
"name": "18100",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18100"
},
{
"name": "SSA:2006-262",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.555852"
},
{
"name": "20050404 gzip TOCTOU file-permissions vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/394965"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2006-08-01",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "22033",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22033"
},
{
"name": "ADV-2006-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "21253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21253"
},
{
"name": "DSA-752",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-752"
},
{
"name": "101816",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1"
},
{
"name": "RHSA-2005:357",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2005-357.html"
},
{
"name": "19289",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "12996",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12996"
},
{
"name": "15487",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15487"
},
{
"name": "oval:org.mitre.oval:def:765",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A765"
},
{
"name": "oval:org.mitre.oval:def:10242",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10242"
},
{
"name": "oval:org.mitre.oval:def:1169",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1169"
},
{
"name": "SCOSA-2005.58",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt"
},
{
"name": "18100",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18100"
},
{
"name": "SSA:2006-262",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.555852"
},
{
"name": "20050404 gzip TOCTOU file-permissions vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/394965"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2006-08-01",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "22033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22033"
},
{
"name": "ADV-2006-3101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "21253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21253"
},
{
"name": "DSA-752",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-752"
},
{
"name": "101816",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1"
},
{
"name": "RHSA-2005:357",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2005-357.html"
},
{
"name": "19289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "12996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12996"
},
{
"name": "15487",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15487"
},
{
"name": "oval:org.mitre.oval:def:765",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A765"
},
{
"name": "oval:org.mitre.oval:def:10242",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10242"
},
{
"name": "oval:org.mitre.oval:def:1169",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1169"
},
{
"name": "SCOSA-2005.58",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt"
},
{
"name": "18100",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18100"
},
{
"name": "SSA:2006-262",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.555852"
},
{
"name": "20050404 gzip TOCTOU file-permissions vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/394965"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0988",
"datePublished": "2005-04-06T04:00:00",
"dateReserved": "2005-04-06T00:00:00",
"dateUpdated": "2024-08-07T21:35:59.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0419 (GCVE-0-2011-0419)
Vulnerability from cvelistv5
Published
2011-05-16 17:00
Modified
2024-08-06 21:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:08.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44574"
},
{
"name": "HPSBUX02707",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131731002122529\u0026w=2"
},
{
"name": "SSRT100966",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134987041210674\u0026w=2"
},
{
"name": "[dev] 20110511 Re: Apache Portable Runtime 1.4.4 [...] Released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/dev%40apr.apache.org/msg23976.html"
},
{
"name": "48308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48308"
},
{
"name": "20110512 Multiple Vendors libc/fnmatch(3) DoS (incl apache)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/98"
},
{
"name": "HPSBUX02702",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131551295528105\u0026w=2"
},
{
"name": "HPSBOV02822",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134987041210674\u0026w=2"
},
{
"name": "SSRT100619",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132033751509019\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:14804",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14804"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cxib.net/stuff/apr_fnmatch.txts"
},
{
"name": "oval:org.mitre.oval:def:14638",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14638"
},
{
"name": "1025527",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025527"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1098188"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c#rev1.15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.apache.org/dist/apr/CHANGES-APR-1.4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.apache.org/dist/apr/Announcement1.x.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1098799"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029\u0026r2=1098902"
},
{
"name": "8246",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8246"
},
{
"name": "DSA-2237",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2237"
},
{
"name": "RHSA-2011:0897",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0897.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=703390"
},
{
"name": "44564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44564"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.apache.org/dist/httpd/Announcement2.2.html"
},
{
"name": "SSRT100626",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131731002122529\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name": "44490",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44490"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cxib.net/stuff/apache.fnmatch.phps"
},
{
"name": "RHSA-2011:0896",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "MDVSA-2011:084",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:084"
},
{
"name": "[dev] 20110510 Re: Apache Portable Runtime 1.4.4 [...] Released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/dev%40apr.apache.org/msg23961.html"
},
{
"name": "MDVSA-2013:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "RHSA-2011:0507",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0507.html"
},
{
"name": "SUSE-SU-2011:1229",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html"
},
{
"name": "HPSBMU02704",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132033751509019\u0026w=2"
},
{
"name": "SSRT100606",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131551295528105\u0026w=2"
},
{
"name": "[dev] 20110510 Re: fnmatch rewrite in apr, apr 1.4.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/dev%40apr.apache.org/msg23960.html"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [7/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888222 - in /httpd/site/trunk/content/security/json: CVE-2010-2068.json CVE-2010-2791.json CVE-2011-0419.json CVE-2011-3368.json",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-06T10:10:16",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "44574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44574"
},
{
"name": "HPSBUX02707",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131731002122529\u0026w=2"
},
{
"name": "SSRT100966",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134987041210674\u0026w=2"
},
{
"name": "[dev] 20110511 Re: Apache Portable Runtime 1.4.4 [...] Released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/dev%40apr.apache.org/msg23976.html"
},
{
"name": "48308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48308"
},
{
"name": "20110512 Multiple Vendors libc/fnmatch(3) DoS (incl apache)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/98"
},
{
"name": "HPSBUX02702",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131551295528105\u0026w=2"
},
{
"name": "HPSBOV02822",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134987041210674\u0026w=2"
},
{
"name": "SSRT100619",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132033751509019\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:14804",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14804"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cxib.net/stuff/apr_fnmatch.txts"
},
{
"name": "oval:org.mitre.oval:def:14638",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14638"
},
{
"name": "1025527",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025527"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1098188"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c#rev1.15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.apache.org/dist/apr/CHANGES-APR-1.4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.apache.org/dist/apr/Announcement1.x.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1098799"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029\u0026r2=1098902"
},
{
"name": "8246",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8246"
},
{
"name": "DSA-2237",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2237"
},
{
"name": "RHSA-2011:0897",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0897.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=703390"
},
{
"name": "44564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44564"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.apache.org/dist/httpd/Announcement2.2.html"
},
{
"name": "SSRT100626",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131731002122529\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name": "44490",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44490"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cxib.net/stuff/apache.fnmatch.phps"
},
{
"name": "RHSA-2011:0896",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "MDVSA-2011:084",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:084"
},
{
"name": "[dev] 20110510 Re: Apache Portable Runtime 1.4.4 [...] Released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/dev%40apr.apache.org/msg23961.html"
},
{
"name": "MDVSA-2013:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "RHSA-2011:0507",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0507.html"
},
{
"name": "SUSE-SU-2011:1229",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html"
},
{
"name": "HPSBMU02704",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132033751509019\u0026w=2"
},
{
"name": "SSRT100606",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131551295528105\u0026w=2"
},
{
"name": "[dev] 20110510 Re: fnmatch rewrite in apr, apr 1.4.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/dev%40apr.apache.org/msg23960.html"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [7/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888222 - in /httpd/site/trunk/content/security/json: CVE-2010-2068.json CVE-2010-2791.json CVE-2011-0419.json CVE-2011-3368.json",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-0419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44574",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44574"
},
{
"name": "HPSBUX02707",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=131731002122529\u0026w=2"
},
{
"name": "SSRT100966",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134987041210674\u0026w=2"
},
{
"name": "[dev] 20110511 Re: Apache Portable Runtime 1.4.4 [...] Released",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/dev@apr.apache.org/msg23976.html"
},
{
"name": "48308",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48308"
},
{
"name": "20110512 Multiple Vendors libc/fnmatch(3) DoS (incl apache)",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/98"
},
{
"name": "HPSBUX02702",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=131551295528105\u0026w=2"
},
{
"name": "HPSBOV02822",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134987041210674\u0026w=2"
},
{
"name": "SSRT100619",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=132033751509019\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:14804",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14804"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22",
"refsource": "CONFIRM",
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22"
},
{
"name": "http://cxib.net/stuff/apr_fnmatch.txts",
"refsource": "MISC",
"url": "http://cxib.net/stuff/apr_fnmatch.txts"
},
{
"name": "oval:org.mitre.oval:def:14638",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14638"
},
{
"name": "1025527",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025527"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1098188",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1098188"
},
{
"name": "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c#rev1.15",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c#rev1.15"
},
{
"name": "http://www.apache.org/dist/apr/CHANGES-APR-1.4",
"refsource": "CONFIRM",
"url": "http://www.apache.org/dist/apr/CHANGES-APR-1.4"
},
{
"name": "http://www.apache.org/dist/apr/Announcement1.x.html",
"refsource": "CONFIRM",
"url": "http://www.apache.org/dist/apr/Announcement1.x.html"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1098799",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1098799"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "http://httpd.apache.org/security/vulnerabilities_22.html",
"refsource": "CONFIRM",
"url": "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"name": "http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029\u0026r2=1098902",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029\u0026r2=1098902"
},
{
"name": "8246",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8246"
},
{
"name": "DSA-2237",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2237"
},
{
"name": "RHSA-2011:0897",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0897.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=703390",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=703390"
},
{
"name": "44564",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44564"
},
{
"name": "http://www.apache.org/dist/httpd/Announcement2.2.html",
"refsource": "CONFIRM",
"url": "http://www.apache.org/dist/httpd/Announcement2.2.html"
},
{
"name": "SSRT100626",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=131731002122529\u0026w=2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name": "44490",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44490"
},
{
"name": "http://cxib.net/stuff/apache.fnmatch.phps",
"refsource": "MISC",
"url": "http://cxib.net/stuff/apache.fnmatch.phps"
},
{
"name": "RHSA-2011:0896",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "MDVSA-2011:084",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:084"
},
{
"name": "[dev] 20110510 Re: Apache Portable Runtime 1.4.4 [...] Released",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/dev@apr.apache.org/msg23961.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "RHSA-2011:0507",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0507.html"
},
{
"name": "SUSE-SU-2011:1229",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html"
},
{
"name": "HPSBMU02704",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=132033751509019\u0026w=2"
},
{
"name": "SSRT100606",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=131551295528105\u0026w=2"
},
{
"name": "[dev] 20110510 Re: fnmatch rewrite in apr, apr 1.4.3",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/dev@apr.apache.org/msg23960.html"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [7/13] - /httpd/site/trunk/content/security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888222 - in /httpd/site/trunk/content/security/json: CVE-2010-2068.json CVE-2010-2791.json CVE-2011-0419.json CVE-2011-3368.json",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-0419",
"datePublished": "2011-05-16T17:00:00",
"dateReserved": "2011-01-11T00:00:00",
"dateUpdated": "2024-08-06T21:51:08.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0708 (GCVE-0-2005-0708)
Vulnerability from cvelistv5
Published
2005-04-05 04:00
Modified
2024-08-07 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.freebsd.org/security/advisories/FreeBSD-SA-05:02.sendfile.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-05:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-05:02.sendfile.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-11T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-05:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-05:02.sendfile.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-05:02",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-05:02.sendfile.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0708",
"datePublished": "2005-04-05T04:00:00",
"dateReserved": "2005-03-11T00:00:00",
"dateUpdated": "2024-08-07T21:21:06.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1882 (GCVE-0-2016-1882)
Vulnerability from cvelistv5
Published
2016-01-29 19:00
Modified
2024-08-05 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and TCP_NOOPT socket options.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034677 | vdb-entry, x_refsource_SECTRACK | |
| https://security.FreeBSD.org/advisories/FreeBSD-SA-16:05.tcp.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:40.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034677",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034677"
},
{
"name": "FreeBSD-SA-16:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:05.tcp.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and TCP_NOOPT socket options."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-29T18:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1034677",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034677"
},
{
"name": "FreeBSD-SA-16:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:05.tcp.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and TCP_NOOPT socket options."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034677",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034677"
},
{
"name": "FreeBSD-SA-16:05",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:05.tcp.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1882",
"datePublished": "2016-01-29T19:00:00",
"dateReserved": "2016-01-13T00:00:00",
"dateUpdated": "2024-08-05T23:10:40.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29632 (GCVE-0-2021-29632)
Vulnerability from cvelistv5
Published
2022-01-18 16:51
Modified
2024-08-03 22:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Kernel out-of-bounds write condition
Summary
In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before r370674, 13.0-RELEASE before p6, and 12.2-RELEASE before p12, certain conditions involving use of the highlight buffer while text is scrolling on the console, console data may overwrite data structures associated with the system console or other kernel memory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.freebsd.org/advisories/FreeBSD-SA-22:01.vt.asc | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220217-0004/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:06.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:01.vt.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220217-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FreeBSD 13.0-RELEASE before p6, 12.2-RELEASE before p12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before r370674, 13.0-RELEASE before p6, and 12.2-RELEASE before p12, certain conditions involving use of the highlight buffer while text is scrolling on the console, console data may overwrite data structures associated with the system console or other kernel memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Kernel out-of-bounds write condition",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-17T17:06:18",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:01.vt.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220217-0004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2021-29632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 13.0-RELEASE before p6, 12.2-RELEASE before p12"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before r370674, 13.0-RELEASE before p6, and 12.2-RELEASE before p12, certain conditions involving use of the highlight buffer while text is scrolling on the console, console data may overwrite data structures associated with the system console or other kernel memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Kernel out-of-bounds write condition"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.freebsd.org/advisories/FreeBSD-SA-22:01.vt.asc",
"refsource": "MISC",
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:01.vt.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220217-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220217-0004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2021-29632",
"datePublished": "2022-01-18T16:51:45",
"dateReserved": "2021-03-30T00:00:00",
"dateUpdated": "2024-08-03T22:11:06.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5680 (GCVE-0-2006-5680)
Vulnerability from cvelistv5
Published
2006-11-09 00:00
Modified
2024-08-07 19:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before 2006-11-08 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive that causes libarchive to skip a region past the actual end of the archive, which triggers an infinite loop that attempts to read more data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1017199 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30137 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/22801 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/22723 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.freebsd.org/advisories/FreeBSD-SA-06:24.libarchive.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.securityfocus.com/bid/20961 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:55:54.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017199"
},
{
"name": "freebsd-libarchive-file-dos(30137)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30137"
},
{
"name": "22801",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22801"
},
{
"name": "22723",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22723"
},
{
"name": "FreeBSD-SA-06:24",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:24.libarchive.asc"
},
{
"name": "20961",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20961"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before 2006-11-08 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive that causes libarchive to skip a region past the actual end of the archive, which triggers an infinite loop that attempts to read more data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "1017199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017199"
},
{
"name": "freebsd-libarchive-file-dos(30137)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30137"
},
{
"name": "22801",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22801"
},
{
"name": "22723",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22723"
},
{
"name": "FreeBSD-SA-06:24",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:24.libarchive.asc"
},
{
"name": "20961",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20961"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2006-5680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before 2006-11-08 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive that causes libarchive to skip a region past the actual end of the archive, which triggers an infinite loop that attempts to read more data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017199",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017199"
},
{
"name": "freebsd-libarchive-file-dos(30137)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30137"
},
{
"name": "22801",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22801"
},
{
"name": "22723",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22723"
},
{
"name": "FreeBSD-SA-06:24",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:24.libarchive.asc"
},
{
"name": "20961",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20961"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2006-5680",
"datePublished": "2006-11-09T00:00:00",
"dateReserved": "2006-11-03T00:00:00",
"dateUpdated": "2024-08-07T19:55:54.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0796 (GCVE-0-2001-0796)
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-08 04:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and FreeBSD 3.0, allows remote attackers to cause a denial of service via a malformed IGMP multicast packet with a small response delay.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7332 | vdb-entry, x_refsource_XF | |
| ftp://patches.sgi.com/support/free/security/advisories/20011001-01-P | vendor-advisory, x_refsource_SGI | |
| http://www.freebsd.org/cgi/query-pr.cgi?pr=8990 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/3463 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:30:06.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "irix-igmp-dos(7332)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7332"
},
{
"name": "20011001-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20011001-01-P"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.freebsd.org/cgi/query-pr.cgi?pr=8990"
},
{
"name": "3463",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3463"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and FreeBSD 3.0, allows remote attackers to cause a denial of service via a malformed IGMP multicast packet with a small response delay."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-26T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "irix-igmp-dos(7332)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7332"
},
{
"name": "20011001-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20011001-01-P"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.freebsd.org/cgi/query-pr.cgi?pr=8990"
},
{
"name": "3463",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3463"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and FreeBSD 3.0, allows remote attackers to cause a denial of service via a malformed IGMP multicast packet with a small response delay."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "irix-igmp-dos(7332)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7332"
},
{
"name": "20011001-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20011001-01-P"
},
{
"name": "http://www.freebsd.org/cgi/query-pr.cgi?pr=8990",
"refsource": "CONFIRM",
"url": "http://www.freebsd.org/cgi/query-pr.cgi?pr=8990"
},
{
"name": "3463",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3463"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0796",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-10-23T00:00:00",
"dateUpdated": "2024-08-08T04:30:06.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0554 (GCVE-0-2001-0554)
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-08 04:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2001:413",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000413"
},
{
"name": "MDKSA-2001:068",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-068.php3"
},
{
"name": "L-131",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/l-131.shtml"
},
{
"name": "SSRT0745U",
"tags": [
"vendor-advisory",
"x_refsource_COMPAQ",
"x_transferred"
],
"url": "http://ftp.support.compaq.com/patches/.new/html/SSRT0745U.shtml"
},
{
"name": "telnetd-option-telrcv-bo(6875)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6875"
},
{
"name": "809",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/809"
},
{
"name": "MSS-OAR-E01-2001:298",
"tags": [
"vendor-advisory",
"x_refsource_IBM",
"x_transferred"
],
"url": "http://online.securityfocus.com/advisories/3476"
},
{
"name": "20010725 Telnetd AYT overflow scanner",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/199496"
},
{
"name": "20010810 ADV/EXP: netkit \u003c=0.17 in.telnetd remote buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/203000"
},
{
"name": "3064",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3064"
},
{
"name": "RHSA-2001:100",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-100.html"
},
{
"name": "SuSE-SA:2001:029",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2001_029_nkitb_txt.html"
},
{
"name": "CSSA-2001-SCO.10",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.10/CSSA-2001-SCO.10.txt"
},
{
"name": "RHSA-2001:099",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-099.html"
},
{
"name": "20020129 Cisco CatOS Telnet Buffer Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml"
},
{
"name": "HPSBUX0110-172",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/hp/2001-q4/0014.html"
},
{
"name": "DSA-075",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2001/dsa-075"
},
{
"name": "20010718 multiple vendor telnet daemon vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/197804"
},
{
"name": "CA-2001-21",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2001-21.html"
},
{
"name": "FreeBSD-SA-01:49",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.asc"
},
{
"name": "CSSA-2001-030.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-030.0.txt"
},
{
"name": "DSA-070",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2001/dsa-070"
},
{
"name": "20010725 SCO - Telnetd AYT overflow ?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/199541"
},
{
"name": "20010801-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20010801-01-P"
},
{
"name": "NetBSD-SA2001-012",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-012.txt.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-03-02T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2001:413",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000413"
},
{
"name": "MDKSA-2001:068",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-068.php3"
},
{
"name": "L-131",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/l-131.shtml"
},
{
"name": "SSRT0745U",
"tags": [
"vendor-advisory",
"x_refsource_COMPAQ"
],
"url": "http://ftp.support.compaq.com/patches/.new/html/SSRT0745U.shtml"
},
{
"name": "telnetd-option-telrcv-bo(6875)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6875"
},
{
"name": "809",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/809"
},
{
"name": "MSS-OAR-E01-2001:298",
"tags": [
"vendor-advisory",
"x_refsource_IBM"
],
"url": "http://online.securityfocus.com/advisories/3476"
},
{
"name": "20010725 Telnetd AYT overflow scanner",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/199496"
},
{
"name": "20010810 ADV/EXP: netkit \u003c=0.17 in.telnetd remote buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/203000"
},
{
"name": "3064",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3064"
},
{
"name": "RHSA-2001:100",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-100.html"
},
{
"name": "SuSE-SA:2001:029",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2001_029_nkitb_txt.html"
},
{
"name": "CSSA-2001-SCO.10",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.10/CSSA-2001-SCO.10.txt"
},
{
"name": "RHSA-2001:099",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-099.html"
},
{
"name": "20020129 Cisco CatOS Telnet Buffer Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml"
},
{
"name": "HPSBUX0110-172",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://archives.neohapsis.com/archives/hp/2001-q4/0014.html"
},
{
"name": "DSA-075",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2001/dsa-075"
},
{
"name": "20010718 multiple vendor telnet daemon vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/197804"
},
{
"name": "CA-2001-21",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2001-21.html"
},
{
"name": "FreeBSD-SA-01:49",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.asc"
},
{
"name": "CSSA-2001-030.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-030.0.txt"
},
{
"name": "DSA-070",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2001/dsa-070"
},
{
"name": "20010725 SCO - Telnetd AYT overflow ?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/199541"
},
{
"name": "20010801-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20010801-01-P"
},
{
"name": "NetBSD-SA2001-012",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-012.txt.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2001:413",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000413"
},
{
"name": "MDKSA-2001:068",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-068.php3"
},
{
"name": "L-131",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/l-131.shtml"
},
{
"name": "SSRT0745U",
"refsource": "COMPAQ",
"url": "http://ftp.support.compaq.com/patches/.new/html/SSRT0745U.shtml"
},
{
"name": "telnetd-option-telrcv-bo(6875)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6875"
},
{
"name": "809",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/809"
},
{
"name": "MSS-OAR-E01-2001:298",
"refsource": "IBM",
"url": "http://online.securityfocus.com/advisories/3476"
},
{
"name": "20010725 Telnetd AYT overflow scanner",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/199496"
},
{
"name": "20010810 ADV/EXP: netkit \u003c=0.17 in.telnetd remote buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/203000"
},
{
"name": "3064",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3064"
},
{
"name": "RHSA-2001:100",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-100.html"
},
{
"name": "SuSE-SA:2001:029",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2001_029_nkitb_txt.html"
},
{
"name": "CSSA-2001-SCO.10",
"refsource": "CALDERA",
"url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.10/CSSA-2001-SCO.10.txt"
},
{
"name": "RHSA-2001:099",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-099.html"
},
{
"name": "20020129 Cisco CatOS Telnet Buffer Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml"
},
{
"name": "HPSBUX0110-172",
"refsource": "HP",
"url": "http://archives.neohapsis.com/archives/hp/2001-q4/0014.html"
},
{
"name": "DSA-075",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-075"
},
{
"name": "20010718 multiple vendor telnet daemon vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/197804"
},
{
"name": "CA-2001-21",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2001-21.html"
},
{
"name": "FreeBSD-SA-01:49",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.asc"
},
{
"name": "CSSA-2001-030.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-030.0.txt"
},
{
"name": "DSA-070",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-070"
},
{
"name": "20010725 SCO - Telnetd AYT overflow ?",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/199541"
},
{
"name": "20010801-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20010801-01-P"
},
{
"name": "NetBSD-SA2001-012",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-012.txt.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0554",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-07-24T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0343 (GCVE-0-2011-0343)
Vulnerability from cvelistv5
Published
2011-01-28 15:00
Modified
2024-08-06 21:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/515955/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html | mailing-list, x_refsource_MLIST | |
| https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/45988 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:08.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491"
},
{
"name": "20110125 syslog-ng wrong file permission vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/515955/100/0/threaded"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
},
{
"name": "45988",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45988"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491"
},
{
"name": "20110125 syslog-ng wrong file permission vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/515955/100/0/threaded"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
},
{
"name": "45988",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45988"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491"
},
{
"name": "20110125 syslog-ng wrong file permission vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515955/100/0/threaded"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
"refsource": "MLIST",
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
},
{
"name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
"refsource": "MLIST",
"url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
},
{
"name": "45988",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45988"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0343",
"datePublished": "2011-01-28T15:00:00",
"dateReserved": "2011-01-06T00:00:00",
"dateUpdated": "2024-08-06T21:51:08.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8117 (GCVE-0-2014-8117)
Vulnerability from cvelistv5
Published
2014-12-17 19:00
Modified
2024-08-06 13:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2535-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2535-1"
},
{
"name": "71692",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71692"
},
{
"name": "61944",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61944"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "FreeBSD-SA-14:28",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc"
},
{
"name": "RHSA-2016:0760",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
},
{
"name": "USN-2494-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2494-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/file/file/commit/6f737ddfadb596d7d4a993f7ed2141ffd664a81c"
},
{
"name": "1031344",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031344"
},
{
"name": "62081",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62081"
},
{
"name": "[oss-security] 20141216 file(1): multiple denial of service issues (resource consumption), CVE-2014-8116 and CVE-2014-8117",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q4/1056"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0040.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2535-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2535-1"
},
{
"name": "71692",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71692"
},
{
"name": "61944",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61944"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "FreeBSD-SA-14:28",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc"
},
{
"name": "RHSA-2016:0760",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
},
{
"name": "USN-2494-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2494-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/file/file/commit/6f737ddfadb596d7d4a993f7ed2141ffd664a81c"
},
{
"name": "1031344",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031344"
},
{
"name": "62081",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62081"
},
{
"name": "[oss-security] 20141216 file(1): multiple denial of service issues (resource consumption), CVE-2014-8116 and CVE-2014-8117",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q4/1056"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0040.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2535-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2535-1"
},
{
"name": "71692",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71692"
},
{
"name": "61944",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61944"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "FreeBSD-SA-14:28",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc"
},
{
"name": "RHSA-2016:0760",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"
},
{
"name": "USN-2494-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2494-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "https://github.com/file/file/commit/6f737ddfadb596d7d4a993f7ed2141ffd664a81c",
"refsource": "CONFIRM",
"url": "https://github.com/file/file/commit/6f737ddfadb596d7d4a993f7ed2141ffd664a81c"
},
{
"name": "1031344",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031344"
},
{
"name": "62081",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62081"
},
{
"name": "[oss-security] 20141216 file(1): multiple denial of service issues (resource consumption), CVE-2014-8116 and CVE-2014-8117",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/1056"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0040.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0040.html"
},
{
"name": "https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog",
"refsource": "CONFIRM",
"url": "https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8117",
"datePublished": "2014-12-17T19:00:00",
"dateReserved": "2014-10-10T00:00:00",
"dateUpdated": "2024-08-06T13:10:50.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1148 (GCVE-0-2008-1148)
Vulnerability from cvelistv5
Published
2008-03-04 23:00
Modified
2024-08-07 08:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/487658 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41157 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/28819 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf | x_refsource_MISC | |
| http://www.securiteam.com/securityreviews/5PP0H0UNGW.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/40329 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/27647 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080206 A paper by Amit Klein (Trusteer): \"OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487658"
},
{
"name": "openbsd-add-weak-security(41157)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41157"
},
{
"name": "28819",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28819"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/securityreviews/5PP0H0UNGW.html"
},
{
"name": "openbsd-prng-dns-spoofing(40329)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40329"
},
{
"name": "27647",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27647"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka \"Algorithm A0\"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080206 A paper by Amit Klein (Trusteer): \"OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487658"
},
{
"name": "openbsd-add-weak-security(41157)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41157"
},
{
"name": "28819",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28819"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/securityreviews/5PP0H0UNGW.html"
},
{
"name": "openbsd-prng-dns-spoofing(40329)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40329"
},
{
"name": "27647",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27647"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka \"Algorithm A0\"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080206 A paper by Amit Klein (Trusteer): \"OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability\"",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487658"
},
{
"name": "openbsd-add-weak-security(41157)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41157"
},
{
"name": "28819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28819"
},
{
"name": "http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf",
"refsource": "MISC",
"url": "http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf"
},
{
"name": "http://www.securiteam.com/securityreviews/5PP0H0UNGW.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/securityreviews/5PP0H0UNGW.html"
},
{
"name": "openbsd-prng-dns-spoofing(40329)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40329"
},
{
"name": "27647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27647"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1148",
"datePublished": "2008-03-04T23:00:00",
"dateReserved": "2008-03-04T00:00:00",
"dateUpdated": "2024-08-07T08:08:57.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0380 (GCVE-0-2006-0380)
Vulnerability from cvelistv5
Published
2006-01-25 22:00
Modified
2024-08-07 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel to calculate an incorrect buffer length, which causes more data to be copied to userland than intended, which could allow local users to read portions of kernel memory.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:06.kmem.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://secunia.com/advisories/18599 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1015541 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/22731 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24340 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/16373 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-06:06",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:06.kmem.asc"
},
{
"name": "18599",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18599"
},
{
"name": "1015541",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015541"
},
{
"name": "22731",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22731"
},
{
"name": "bsd-buffer-length-disclosure(24340)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24340"
},
{
"name": "16373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16373"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel to calculate an incorrect buffer length, which causes more data to be copied to userland than intended, which could allow local users to read portions of kernel memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "FreeBSD-SA-06:06",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:06.kmem.asc"
},
{
"name": "18599",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18599"
},
{
"name": "1015541",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015541"
},
{
"name": "22731",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22731"
},
{
"name": "bsd-buffer-length-disclosure(24340)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24340"
},
{
"name": "16373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16373"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2006-0380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel to calculate an incorrect buffer length, which causes more data to be copied to userland than intended, which could allow local users to read portions of kernel memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-06:06",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:06.kmem.asc"
},
{
"name": "18599",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18599"
},
{
"name": "1015541",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015541"
},
{
"name": "22731",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22731"
},
{
"name": "bsd-buffer-length-disclosure(24340)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24340"
},
{
"name": "16373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16373"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2006-0380",
"datePublished": "2006-01-25T22:00:00",
"dateReserved": "2006-01-24T00:00:00",
"dateUpdated": "2024-08-07T16:34:14.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0782 (GCVE-0-1999-0782)
Vulnerability from cvelistv5
Published
2000-04-25 04:00
Modified
2024-08-01 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=91141486301691&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:48:37.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19981118 Multiple KDE security vulnerabilities (root compromise)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=91141486301691\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19981118 Multiple KDE security vulnerabilities (root compromise)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=91141486301691\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19981118 Multiple KDE security vulnerabilities (root compromise)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=91141486301691\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0782",
"datePublished": "2000-04-25T04:00:00",
"dateReserved": "1999-11-25T00:00:00",
"dateUpdated": "2024-08-01T16:48:37.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0831 (GCVE-0-2002-0831)
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 03:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/9774.php | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=102865142610126&w=2 | vendor-advisory, x_refsource_FREEBSD | |
| http://www.securityfocus.com/bid/5405 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/5069 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:49.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "freebsd-kqueue-dos(9774)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9774.php"
},
{
"name": "FreeBSD-SA-02:37.kqueue",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102865142610126\u0026w=2"
},
{
"name": "5405",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5405"
},
{
"name": "5069",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5069"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-25T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "freebsd-kqueue-dos(9774)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9774.php"
},
{
"name": "FreeBSD-SA-02:37.kqueue",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102865142610126\u0026w=2"
},
{
"name": "5405",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5405"
},
{
"name": "5069",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5069"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "freebsd-kqueue-dos(9774)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9774.php"
},
{
"name": "FreeBSD-SA-02:37.kqueue",
"refsource": "FREEBSD",
"url": "http://marc.info/?l=bugtraq\u0026m=102865142610126\u0026w=2"
},
{
"name": "5405",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5405"
},
{
"name": "5069",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5069"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0831",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-08-06T00:00:00",
"dateUpdated": "2024-08-08T03:03:49.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9042 (GCVE-0-2016-9042)
Vulnerability from cvelistv5
Published
2018-06-04 20:00
Modified
2024-09-17 03:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
Summary
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Talos | Network Time Protocol |
Version: NTP 4.2.8p9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:09.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "FreeBSD-SA-17:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "97046",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97046"
},
{
"name": "USN-3349-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded"
},
{
"name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Nov/7"
},
{
"name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540403/100/0/threaded"
},
{
"name": "FEDORA-2017-20d54b2782",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
},
{
"name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/62"
},
{
"name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT208144"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K39041624"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa147"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Network Time Protocol",
"vendor": "Talos",
"versions": [
{
"status": "affected",
"version": "NTP 4.2.8p9"
}
]
}
],
"datePublic": "2017-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T19:17:22",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "FreeBSD-SA-17:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "97046",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97046"
},
{
"name": "USN-3349-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded"
},
{
"name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Nov/7"
},
{
"name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/540403/100/0/threaded"
},
{
"name": "FEDORA-2017-20d54b2782",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
},
{
"name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/62"
},
{
"name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT208144"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K39041624"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa147"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-03-29T00:00:00",
"ID": "CVE-2016-9042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Time Protocol",
"version": {
"version_data": [
{
"version_value": "NTP 4.2.8p9"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition."
}
]
},
"impact": {
"cvss": {
"baseScore": 3.7,
"baseSeverity": "Low",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038123",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "FreeBSD-SA-17:03",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"name": "1039427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "97046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97046"
},
{
"name": "USN-3349-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded"
},
{
"name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Nov/7"
},
{
"name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/540403/100/0/threaded"
},
{
"name": "FEDORA-2017-20d54b2782",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
},
{
"name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Sep/62"
},
{
"name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260"
},
{
"name": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201"
},
{
"name": "https://support.apple.com/kb/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT208144"
},
{
"name": "https://support.f5.com/csp/article/K39041624",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K39041624"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa147",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa147"
},
{
"name": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2016-9042",
"datePublished": "2018-06-04T20:00:00Z",
"dateReserved": "2016-10-26T00:00:00",
"dateUpdated": "2024-09-17T03:53:51.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7456 (GCVE-0-2020-7456)
Vulnerability from cvelistv5
Published
2020-06-09 18:44
Modified
2024-08-04 09:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Out-of-bounds Read/Write
Summary
In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the push/pop level is not restored within the processing of that HID item allowing an attacker with physical access to a USB port to be able to use a specially crafted USB device to gain kernel or user-space code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-20:17.usb.asc | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200625-0005/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:48.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:17.usb.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200625-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FreeBSD 12.1-RELEASE before p6, 11.3-RELEASE before p10, and 11.4-RC2 before p1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the push/pop level is not restored within the processing of that HID item allowing an attacker with physical access to a USB port to be able to use a specially crafted USB device to gain kernel or user-space code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds Read/Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-25T07:06:29",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:17.usb.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200625-0005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2020-7456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 12.1-RELEASE before p6, 11.3-RELEASE before p10, and 11.4-RC2 before p1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the push/pop level is not restored within the processing of that HID item allowing an attacker with physical access to a USB port to be able to use a specially crafted USB device to gain kernel or user-space code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read/Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:17.usb.asc",
"refsource": "MISC",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:17.usb.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200625-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200625-0005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2020-7456",
"datePublished": "2020-06-09T18:44:58",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:25:48.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17158 (GCVE-0-2018-17158)
Vulnerability from cvelistv5
Published
2018-12-04 15:00
Modified
2024-08-05 10:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Kernel integer overflow
Summary
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106192 | vdb-entry, x_refsource_BID | |
| https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.securitytracker.com/id/1042164 | vdb-entry, x_refsource_SECTRACK | |
| https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/ | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:59.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106192",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106192"
},
{
"name": "FreeBSD-SA-18:13",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc"
},
{
"name": "1042164",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042164"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"status": "affected",
"version": "FreeBSD 11.2 before 11.2-RELEASE-p5"
}
]
}
],
"datePublic": "2018-12-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Kernel integer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-13T10:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "106192",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106192"
},
{
"name": "FreeBSD-SA-18:13",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc"
},
{
"name": "1042164",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042164"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2018-17158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 11.2 before 11.2-RELEASE-p5"
}
]
}
}
]
},
"vendor_name": "FreeBSD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Kernel integer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106192",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106192"
},
{
"name": "FreeBSD-SA-18:13",
"refsource": "FREEBSD",
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc"
},
{
"name": "1042164",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042164"
},
{
"name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/",
"refsource": "MISC",
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2018-17158",
"datePublished": "2018-12-04T15:00:00",
"dateReserved": "2018-09-18T00:00:00",
"dateUpdated": "2024-08-05T10:39:59.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1244 (GCVE-0-2001-1244)
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 04:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/195457 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6824 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/2997 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:07.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010708 Small TCP packets == very large overhead == DoS?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/195457"
},
{
"name": "tcp-mss-dos(6824)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6824"
},
{
"name": "2997",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2997"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010708 Small TCP packets == very large overhead == DoS?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/195457"
},
{
"name": "tcp-mss-dos(6824)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6824"
},
{
"name": "2997",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2997"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010708 Small TCP packets == very large overhead == DoS?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/195457"
},
{
"name": "tcp-mss-dos(6824)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6824"
},
{
"name": "2997",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2997"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1244",
"datePublished": "2002-05-03T04:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T04:51:07.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6760 (GCVE-0-2024-6760)
Vulnerability from cvelistv5
Published
2024-08-11 02:40
Modified
2024-10-29 19:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs.
The bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.freebsd.org/advisories/FreeBSD-SA-24:06.ktrace.asc | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-6760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-12T14:13:46.479974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T19:41:19.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-16T17:02:47.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240816-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"ktrace"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p3",
"status": "affected",
"version": "14.1-RELEASE",
"versionType": "release"
},
{
"lessThan": "p9",
"status": "affected",
"version": "14.0-RELEASE",
"versionType": "release"
},
{
"lessThan": "p5",
"status": "affected",
"version": "13.3-RELEASE",
"versionType": "release"
}
]
}
],
"datePublic": "2024-08-07T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs.\n\nThe bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database."
}
],
"providerMetadata": {
"dateUpdated": "2024-08-11T02:40:03.814Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:06.ktrace.asc"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ktrace(2) fails to detach when executing a setuid binary",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2024-6760",
"datePublished": "2024-08-11T02:40:03.814Z",
"dateReserved": "2024-07-15T14:31:57.406Z",
"dateUpdated": "2024-10-29T19:41:19.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1155 (GCVE-0-2001-1155)
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 04:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/5454 | vdb-entry, x_refsource_OSVDB | |
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:56.tcp_wrappers.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:07.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5454",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5454"
},
{
"name": "FreeBSD-SA-01:56",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:56.tcp_wrappers.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-22T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5454",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5454"
},
{
"name": "FreeBSD-SA-01:56",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:56.tcp_wrappers.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5454",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5454"
},
{
"name": "FreeBSD-SA-01:56",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:56.tcp_wrappers.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1155",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-03-15T00:00:00",
"dateUpdated": "2024-08-08T04:44:07.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5603 (GCVE-0-2019-5603)
Vulnerability from cvelistv5
Published
2019-07-26 00:16
Modified
2024-08-04 20:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Kernel improper update of reference count
Summary
In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, system calls operating on file descriptors as part of mqueuefs did not properly release the reference allowing a malicious user to overflow the counter allowing access to files, directories, and sockets opened by processes owned by other users.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-19:15.mqueuefs.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://packetstormsecurity.com/files/153752/FreeBSD-Security-Advisory-FreeBSD-SA-19-15.mqueuefs.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20190814-0003/ | x_refsource_CONFIRM | |
| https://security.FreeBSD.org/advisories/FreeBSD-SA-19:24.mqueuefs.asc | vendor-advisory, x_refsource_FREEBSD | |
| https://seclists.org/bugtraq/2019/Aug/35 | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/154172/FreeBSD-Security-Advisory-FreeBSD-SA-19-24.mqueuefs.html | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-19:15",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:15.mqueuefs.asc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153752/FreeBSD-Security-Advisory-FreeBSD-SA-19-15.mqueuefs.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190814-0003/"
},
{
"name": "FreeBSD-SA-19:24",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:24.mqueuefs.asc"
},
{
"name": "20190821 FreeBSD Security Advisory FreeBSD-SA-19:24.mqueuefs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/35"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154172/FreeBSD-Security-Advisory-FreeBSD-SA-19-24.mqueuefs.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"status": "affected",
"version": "FreeBSD before 12.0-RELEASE-p8"
},
{
"status": "affected",
"version": "before 11.3-RELEASE-p1"
},
{
"status": "affected",
"version": "and before 11.2-RELEASE-p12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, system calls operating on file descriptors as part of mqueuefs did not properly release the reference allowing a malicious user to overflow the counter allowing access to files, directories, and sockets opened by processes owned by other users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Kernel improper update of reference count",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-21T22:06:06",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "FreeBSD-SA-19:15",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:15.mqueuefs.asc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153752/FreeBSD-Security-Advisory-FreeBSD-SA-19-15.mqueuefs.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190814-0003/"
},
{
"name": "FreeBSD-SA-19:24",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:24.mqueuefs.asc"
},
{
"name": "20190821 FreeBSD Security Advisory FreeBSD-SA-19:24.mqueuefs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/35"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154172/FreeBSD-Security-Advisory-FreeBSD-SA-19-24.mqueuefs.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2019-5603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD before 12.0-RELEASE-p8"
},
{
"version_value": "before 11.3-RELEASE-p1"
},
{
"version_value": "and before 11.2-RELEASE-p12"
}
]
}
}
]
},
"vendor_name": "FreeBSD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, system calls operating on file descriptors as part of mqueuefs did not properly release the reference allowing a malicious user to overflow the counter allowing access to files, directories, and sockets opened by processes owned by other users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Kernel improper update of reference count"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-19:15",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:15.mqueuefs.asc"
},
{
"name": "http://packetstormsecurity.com/files/153752/FreeBSD-Security-Advisory-FreeBSD-SA-19-15.mqueuefs.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153752/FreeBSD-Security-Advisory-FreeBSD-SA-19-15.mqueuefs.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190814-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190814-0003/"
},
{
"name": "FreeBSD-SA-19:24",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:24.mqueuefs.asc"
},
{
"name": "20190821 FreeBSD Security Advisory FreeBSD-SA-19:24.mqueuefs",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/35"
},
{
"name": "http://packetstormsecurity.com/files/154172/FreeBSD-Security-Advisory-FreeBSD-SA-19-24.mqueuefs.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154172/FreeBSD-Security-Advisory-FreeBSD-SA-19-24.mqueuefs.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2019-5603",
"datePublished": "2019-07-26T00:16:10",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:51.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3873 (GCVE-0-2014-3873)
Vulnerability from cvelistv5
Published
2014-06-10 14:00
Modified
2024-08-06 10:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect page fault kernel trace entry size, which allows local users to obtain sensitive information from kernel memory via a kernel process trace.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/67812 | vdb-entry, x_refsource_BID | |
| http://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A12.ktrace.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.securitytracker.com/id/1030325 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/58627 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "67812",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67812"
},
{
"name": "FreeBSD-SA-14:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A12.ktrace.asc"
},
{
"name": "1030325",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030325"
},
{
"name": "58627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58627"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect page fault kernel trace entry size, which allows local users to obtain sensitive information from kernel memory via a kernel process trace."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-10T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "67812",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67812"
},
{
"name": "FreeBSD-SA-14:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A12.ktrace.asc"
},
{
"name": "1030325",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030325"
},
{
"name": "58627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58627"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect page fault kernel trace entry size, which allows local users to obtain sensitive information from kernel memory via a kernel process trace."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67812"
},
{
"name": "FreeBSD-SA-14:12",
"refsource": "FREEBSD",
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A12.ktrace.asc"
},
{
"name": "1030325",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030325"
},
{
"name": "58627",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58627"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3873",
"datePublished": "2014-06-10T14:00:00",
"dateReserved": "2014-05-27T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7589 (GCVE-0-2024-7589)
Vulnerability from cvelistv5
Published
2024-08-11 03:15
Modified
2024-08-16 17:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges.
This issue is another instance of the problem in CVE-2024-6387 addressed by FreeBSD-SA-24:04.openssh. The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD.
As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.freebsd.org/advisories/FreeBSD-SA-24:08.openssh.asc | vendor-advisory | |
| https://www.cve.org/CVERecord?id=CVE-2006-5051 | related | |
| https://www.cve.org/CVERecord?id=CVE-2024-6387 | related |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freebsd",
"vendor": "freebsd",
"versions": [
{
"lessThan": "13.3_release_p5",
"status": "affected",
"version": "13.3",
"versionType": "custom"
},
{
"lessThan": "14.0_release_p9",
"status": "affected",
"version": "14.0",
"versionType": "custom"
},
{
"lessThan": "14.1_release_p3",
"status": "affected",
"version": "14.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-7589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-12T13:50:54.668346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-364",
"description": "CWE-364 Signal Handler Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T15:27:57.346Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-16T17:02:48.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240816-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"openssh"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p3",
"status": "affected",
"version": "14.1-RELEASE",
"versionType": "release"
},
{
"lessThan": "p9",
"status": "affected",
"version": "14.0-RELEASE",
"versionType": "release"
},
{
"lessThan": "p5",
"status": "affected",
"version": "13.3-RELEASE",
"versionType": "release"
}
]
}
],
"datePublic": "2024-08-07T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)\u0027s privileged code, which is not sandboxed and runs with full root privileges.\n\nThis issue is another instance of the problem in CVE-2024-6387 addressed by FreeBSD-SA-24:04.openssh. The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD.\n\nAs a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root."
}
],
"providerMetadata": {
"dateUpdated": "2024-08-11T03:15:52.181Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:08.openssh.asc"
},
{
"tags": [
"related"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2006-5051"
},
{
"tags": [
"related"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6387"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenSSH pre-authentication async signal safety issue",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2024-7589",
"datePublished": "2024-08-11T03:15:52.181Z",
"dateReserved": "2024-08-07T13:25:09.753Z",
"dateUpdated": "2024-08-16T17:02:48.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5675 (GCVE-0-2015-5675)
Vulnerability from cvelistv5
Published
2017-10-10 16:00
Modified
2024-08-06 06:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/76485 | vdb-entry, x_refsource_BID | |
| https://www.freebsd.org/security/advisories/FreeBSD-SA-15:21.amd64.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.securitytracker.com/id/1033376 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/536321/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/133335/FreeBSD-Security-Advisory-IRET-Handler-Privilege-Escalation.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:03.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "76485",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76485"
},
{
"name": "FreeBSD-SA-15:21",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:21.amd64.asc"
},
{
"name": "1033376",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033376"
},
{
"name": "20150825 FreeBSD Security Advisory FreeBSD-SA-15:21.amd64",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536321/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133335/FreeBSD-Security-Advisory-IRET-Handler-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "76485",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76485"
},
{
"name": "FreeBSD-SA-15:21",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:21.amd64.asc"
},
{
"name": "1033376",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033376"
},
{
"name": "20150825 FreeBSD Security Advisory FreeBSD-SA-15:21.amd64",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536321/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133335/FreeBSD-Security-Advisory-IRET-Handler-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "76485",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76485"
},
{
"name": "FreeBSD-SA-15:21",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:21.amd64.asc"
},
{
"name": "1033376",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033376"
},
{
"name": "20150825 FreeBSD Security Advisory FreeBSD-SA-15:21.amd64",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536321/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/133335/FreeBSD-Security-Advisory-IRET-Handler-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133335/FreeBSD-Security-Advisory-IRET-Handler-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5675",
"datePublished": "2017-10-10T16:00:00",
"dateReserved": "2015-07-26T00:00:00",
"dateUpdated": "2024-08-06T06:59:03.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1301 (GCVE-0-1999-1301)
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-01 17:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A design flaw in the Z-Modem protocol allows the remote sender of a file to execute arbitrary programs on the client, as implemented in rz in the rzsz module of FreeBSD before 2.1.5, and possibly other programs.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:17.rzsz.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.iss.net/security_center/static/7540.php | vdb-entry, x_refsource_XF | |
| http://ciac.llnl.gov/ciac/bulletins/g-31.shtml | third-party-advisory, government-resource, x_refsource_CIAC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:11:01.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-96:17",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:17.rzsz.asc"
},
{
"name": "rzsz-command-execution(7540)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7540.php"
},
{
"name": "G-31",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://ciac.llnl.gov/ciac/bulletins/g-31.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1996-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A design flaw in the Z-Modem protocol allows the remote sender of a file to execute arbitrary programs on the client, as implemented in rz in the rzsz module of FreeBSD before 2.1.5, and possibly other programs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-96:17",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:17.rzsz.asc"
},
{
"name": "rzsz-command-execution(7540)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7540.php"
},
{
"name": "G-31",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://ciac.llnl.gov/ciac/bulletins/g-31.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A design flaw in the Z-Modem protocol allows the remote sender of a file to execute arbitrary programs on the client, as implemented in rz in the rzsz module of FreeBSD before 2.1.5, and possibly other programs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-96:17",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:17.rzsz.asc"
},
{
"name": "rzsz-command-execution(7540)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7540.php"
},
{
"name": "G-31",
"refsource": "CIAC",
"url": "http://ciac.llnl.gov/ciac/bulletins/g-31.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1301",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:11:01.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3014 (GCVE-0-2010-3014)
Vulnerability from cvelistv5
Published
2010-08-20 19:00
Modified
2024-08-07 02:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read.
References
| ▼ | URL | Tags |
|---|---|---|
| http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/coda/coda.h.diff?r1=1.15&r2=1.16&only_with_tag=MAIN | x_refsource_CONFIRM | |
| http://www.vsecurity.com/resources/advisory/20100816-1/ | x_refsource_MISC | |
| http://svn.freebsd.org/viewvc/base?view=revision&revision=210997 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/513151/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:46.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/coda/coda.h.diff?r1=1.15\u0026r2=1.16\u0026only_with_tag=MAIN"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vsecurity.com/resources/advisory/20100816-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.freebsd.org/viewvc/base?view=revision\u0026revision=210997"
},
{
"name": "20100816 CVE-2010-3014: Coda Filesystem Kernel Memory Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/513151/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/coda/coda.h.diff?r1=1.15\u0026r2=1.16\u0026only_with_tag=MAIN"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vsecurity.com/resources/advisory/20100816-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.freebsd.org/viewvc/base?view=revision\u0026revision=210997"
},
{
"name": "20100816 CVE-2010-3014: Coda Filesystem Kernel Memory Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/513151/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/coda/coda.h.diff?r1=1.15\u0026r2=1.16\u0026only_with_tag=MAIN",
"refsource": "CONFIRM",
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/coda/coda.h.diff?r1=1.15\u0026r2=1.16\u0026only_with_tag=MAIN"
},
{
"name": "http://www.vsecurity.com/resources/advisory/20100816-1/",
"refsource": "MISC",
"url": "http://www.vsecurity.com/resources/advisory/20100816-1/"
},
{
"name": "http://svn.freebsd.org/viewvc/base?view=revision\u0026revision=210997",
"refsource": "CONFIRM",
"url": "http://svn.freebsd.org/viewvc/base?view=revision\u0026revision=210997"
},
{
"name": "20100816 CVE-2010-3014: Coda Filesystem Kernel Memory Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513151/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3014",
"datePublished": "2010-08-20T19:00:00",
"dateReserved": "2010-08-16T00:00:00",
"dateUpdated": "2024-08-07T02:55:46.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0015 (GCVE-0-2003-0015)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 01:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2003:012",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-012.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14"
},
{
"name": "20030124 Test program for CVS double-free.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2"
},
{
"name": "MDKSA-2003:009",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009"
},
{
"name": "FreeBSD-SA-03:01",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2"
},
{
"name": "6650",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6650"
},
{
"name": "cvs-doublefree-memory-corruption(11108)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108"
},
{
"name": "20030122 [security@slackware.com: [slackware-security] New CVS packages available]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2"
},
{
"name": "RHSA-2003:013",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2003-013.html"
},
{
"name": "20030202 Exploit for CVS double free() for Linux pserver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2"
},
{
"name": "DSA-233",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-233"
},
{
"name": "VU#650937",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/650937"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.e-matters.de/advisories/012003.html"
},
{
"name": "CA-2003-02",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2003-02.html"
},
{
"name": "N-032",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/n-032.shtml"
},
{
"name": "20030120 Advisory 01/2003: CVS remote vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-29T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2003:012",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-012.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14"
},
{
"name": "20030124 Test program for CVS double-free.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2"
},
{
"name": "MDKSA-2003:009",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009"
},
{
"name": "FreeBSD-SA-03:01",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2"
},
{
"name": "6650",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6650"
},
{
"name": "cvs-doublefree-memory-corruption(11108)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108"
},
{
"name": "20030122 [security@slackware.com: [slackware-security] New CVS packages available]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2"
},
{
"name": "RHSA-2003:013",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2003-013.html"
},
{
"name": "20030202 Exploit for CVS double free() for Linux pserver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2"
},
{
"name": "DSA-233",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-233"
},
{
"name": "VU#650937",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/650937"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.e-matters.de/advisories/012003.html"
},
{
"name": "CA-2003-02",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2003-02.html"
},
{
"name": "N-032",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/n-032.shtml"
},
{
"name": "20030120 Advisory 01/2003: CVS remote vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2003:012",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-012.html"
},
{
"name": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14",
"refsource": "CONFIRM",
"url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51\u0026JServSessionIdservlets=5of2iuhr14"
},
{
"name": "20030124 Test program for CVS double-free.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104342550612736\u0026w=2"
},
{
"name": "MDKSA-2003:009",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009"
},
{
"name": "FreeBSD-SA-03:01",
"refsource": "FREEBSD",
"url": "http://marc.info/?l=bugtraq\u0026m=104438807203491\u0026w=2"
},
{
"name": "6650",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6650"
},
{
"name": "cvs-doublefree-memory-corruption(11108)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108"
},
{
"name": "20030122 [security@slackware.com: [slackware-security] New CVS packages available]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104333092200589\u0026w=2"
},
{
"name": "RHSA-2003:013",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2003-013.html"
},
{
"name": "20030202 Exploit for CVS double free() for Linux pserver",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104428571204468\u0026w=2"
},
{
"name": "DSA-233",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-233"
},
{
"name": "VU#650937",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/650937"
},
{
"name": "http://security.e-matters.de/advisories/012003.html",
"refsource": "MISC",
"url": "http://security.e-matters.de/advisories/012003.html"
},
{
"name": "CA-2003-02",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-02.html"
},
{
"name": "N-032",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-032.shtml"
},
{
"name": "20030120 Advisory 01/2003: CVS remote vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0015",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2003-01-07T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0890 (GCVE-0-2000-0890)
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 05:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/2325 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/1754 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6047 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/626919 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:31.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2325",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2325"
},
{
"name": "1754",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1754"
},
{
"name": "periodic-temp-file-symlink(6047)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6047"
},
{
"name": "VU#626919",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/626919"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2325",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2325"
},
{
"name": "1754",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1754"
},
{
"name": "periodic-temp-file-symlink(6047)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6047"
},
{
"name": "VU#626919",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/626919"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2325"
},
{
"name": "1754",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1754"
},
{
"name": "periodic-temp-file-symlink(6047)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6047"
},
{
"name": "VU#626919",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/626919"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0890",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2000-11-14T00:00:00",
"dateUpdated": "2024-08-08T05:37:31.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1471 (GCVE-0-2004-1471)
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.e-matters.de/advisories/092004.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/10499 | vdb-entry, x_refsource_BID | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc | vendor-advisory, x_refsource_FREEBSD | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16365 | vdb-entry, x_refsource_XF | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "10499",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10499"
},
{
"name": "FreeBSD-SA-04:14",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc"
},
{
"name": "cvs-wrapper-format-string(16365)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16365"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "10499",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10499"
},
{
"name": "FreeBSD-SA-04:14",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc"
},
{
"name": "cvs-wrapper-format-string(16365)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16365"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.e-matters.de/advisories/092004.html",
"refsource": "MISC",
"url": "http://security.e-matters.de/advisories/092004.html"
},
{
"name": "10499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10499"
},
{
"name": "FreeBSD-SA-04:14",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc"
},
{
"name": "cvs-wrapper-format-string(16365)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16365"
},
{
"name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1471",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24717 (GCVE-0-2020-24717)
Vulnerability from cvelistv5
Published
2020-08-27 18:03
Modified
2024-08-04 15:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jira.ixsystems.com/browse/NAS-107270 | x_refsource_MISC | |
| https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f | x_refsource_MISC | |
| https://reviews.freebsd.org/D26107 | x_refsource_MISC | |
| https://github.com/openzfs/zfs/compare/zfs-0.8.4...zfs-2.0.0-rc1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.ixsystems.com/browse/NAS-107270"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://reviews.freebsd.org/D26107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openzfs/zfs/compare/zfs-0.8.4...zfs-2.0.0-rc1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-27T18:03:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.ixsystems.com/browse/NAS-107270"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://reviews.freebsd.org/D26107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openzfs/zfs/compare/zfs-0.8.4...zfs-2.0.0-rc1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.ixsystems.com/browse/NAS-107270",
"refsource": "MISC",
"url": "https://jira.ixsystems.com/browse/NAS-107270"
},
{
"name": "https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f",
"refsource": "MISC",
"url": "https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f"
},
{
"name": "https://reviews.freebsd.org/D26107",
"refsource": "MISC",
"url": "https://reviews.freebsd.org/D26107"
},
{
"name": "https://github.com/openzfs/zfs/compare/zfs-0.8.4...zfs-2.0.0-rc1",
"refsource": "MISC",
"url": "https://github.com/openzfs/zfs/compare/zfs-0.8.4...zfs-2.0.0-rc1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24717",
"datePublished": "2020-08-27T18:03:21",
"dateReserved": "2020-08-27T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1883 (GCVE-0-2016-1883)
Vulnerability from cvelistv5
Published
2017-02-15 15:00
Modified
2024-08-05 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034872 | vdb-entry, x_refsource_SECTRACK | |
| https://www.freebsd.org/security/advisories/FreeBSD-SA-16:10.linux.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:40.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034872",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034872"
},
{
"name": "FreeBSD-SA-16:10",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:10.linux.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-15T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1034872",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034872"
},
{
"name": "FreeBSD-SA-16:10",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:10.linux.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034872",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034872"
},
{
"name": "FreeBSD-SA-16:10",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:10.linux.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1883",
"datePublished": "2017-02-15T15:00:00",
"dateReserved": "2016-01-13T00:00:00",
"dateUpdated": "2024-08-05T23:10:40.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32668 (GCVE-0-2024-32668)
Vulnerability from cvelistv5
Published
2024-09-05 04:42
Modified
2024-09-20 16:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller.
A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.freebsd.org/advisories/FreeBSD-SA-24:12.bhyve.asc | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freebsd",
"vendor": "freebsd",
"versions": [
{
"lessThan": "14.1_p4",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "14.0_p10",
"status": "affected",
"version": "14.0",
"versionType": "custom"
},
{
"lessThan": "13.3_p6",
"status": "affected",
"version": "13.3",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-32668",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T13:09:07.350550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T13:09:38.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-20T16:03:06.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240920-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"bhyve"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p4",
"status": "affected",
"version": "14.1-RELEASE",
"versionType": "release"
},
{
"lessThan": "p10",
"status": "affected",
"version": "14.0-RELEASE",
"versionType": "release"
},
{
"lessThan": "p6",
"status": "affected",
"version": "13.3-RELEASE",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Synacktiv"
},
{
"lang": "en",
"type": "sponsor",
"value": "The FreeBSD Foundation"
},
{
"lang": "en",
"type": "sponsor",
"value": "The Alpha-Omega Project"
}
],
"datePublic": "2024-09-04T23:37:20.000Z",
"descriptions": [
{
"lang": "en",
"value": "An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller.\n\nA malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193: Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T04:42:25.457Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:12.bhyve.asc"
}
],
"title": "bhyve(8) privileged guest escape via USB controller"
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2024-32668",
"datePublished": "2024-09-05T04:42:25.457Z",
"dateReserved": "2024-08-27T16:30:56.016Z",
"dateUpdated": "2024-09-20T16:03:06.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1036 (GCVE-0-2005-1036)
Vulnerability from cvelistv5
Published
2005-04-10 04:00
Modified
2024-09-16 18:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:03.amd64.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-05:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:03.amd64.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-04-10T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-05:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:03.amd64.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-05:03",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:03.amd64.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1036",
"datePublished": "2005-04-10T04:00:00Z",
"dateReserved": "2005-04-10T00:00:00Z",
"dateUpdated": "2024-09-16T18:24:18.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4304 (GCVE-0-2006-4304)
Vulnerability from cvelistv5
Published
2006-08-24 00:00
Modified
2024-08-07 19:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch | x_refsource_MISC | |
| http://www.securityfocus.com/bid/19684 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28562 | vdb-entry, x_refsource_XF | |
| http://security.FreeBSD.org/advisories/FreeBSD-SA-06:18.ppp.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.openbsd.org/errata38.html#sppp | vendor-advisory, x_refsource_OPENBSD | |
| http://secunia.com/advisories/21731 | third-party-advisory, x_refsource_SECUNIA | |
| ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-019.txt.asc | vendor-advisory, x_refsource_NETBSD | |
| http://securitytracker.com/id?1016745 | vdb-entry, x_refsource_SECTRACK | |
| http://www.openbsd.org/errata.html#sppp | vendor-advisory, x_refsource_OPENBSD | |
| http://secunia.com/advisories/21587 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch"
},
{
"name": "19684",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19684"
},
{
"name": "sppp4-lcp-bo(28562)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28562"
},
{
"name": "FreeBSD-SA-06:08",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-06:18.ppp.asc"
},
{
"name": "[3.8] 20060902 014: SECURITY FIX: September 2, 2006",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://www.openbsd.org/errata38.html#sppp"
},
{
"name": "21731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21731"
},
{
"name": "NetBSD-SA2006-019",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-019.txt.asc"
},
{
"name": "1016745",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016745"
},
{
"name": "[3.9] 20060902 009: SECURITY FIX: September 2, 2006",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://www.openbsd.org/errata.html#sppp"
},
{
"name": "21587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21587"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch"
},
{
"name": "19684",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19684"
},
{
"name": "sppp4-lcp-bo(28562)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28562"
},
{
"name": "FreeBSD-SA-06:08",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-06:18.ppp.asc"
},
{
"name": "[3.8] 20060902 014: SECURITY FIX: September 2, 2006",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://www.openbsd.org/errata38.html#sppp"
},
{
"name": "21731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21731"
},
{
"name": "NetBSD-SA2006-019",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-019.txt.asc"
},
{
"name": "1016745",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016745"
},
{
"name": "[3.9] 20060902 009: SECURITY FIX: September 2, 2006",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://www.openbsd.org/errata.html#sppp"
},
{
"name": "21587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21587"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch",
"refsource": "MISC",
"url": "http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch"
},
{
"name": "19684",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19684"
},
{
"name": "sppp4-lcp-bo(28562)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28562"
},
{
"name": "FreeBSD-SA-06:08",
"refsource": "FREEBSD",
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-06:18.ppp.asc"
},
{
"name": "[3.8] 20060902 014: SECURITY FIX: September 2, 2006",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata38.html#sppp"
},
{
"name": "21731",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21731"
},
{
"name": "NetBSD-SA2006-019",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-019.txt.asc"
},
{
"name": "1016745",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016745"
},
{
"name": "[3.9] 20060902 009: SECURITY FIX: September 2, 2006",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata.html#sppp"
},
{
"name": "21587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21587"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4304",
"datePublished": "2006-08-24T00:00:00",
"dateReserved": "2006-08-22T00:00:00",
"dateUpdated": "2024-08-07T19:06:07.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-7252 (GCVE-0-2006-7252)
Vulnerability from cvelistv5
Published
2012-07-25 19:00
Modified
2024-09-16 23:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of one byte.
References
| ▼ | URL | Tags |
|---|---|---|
| http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/ | x_refsource_MISC | |
| http://svnweb.freebsd.org/base?view=revision&revision=161263 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=161263"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of one byte."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-25T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=161263"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of one byte."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/",
"refsource": "MISC",
"url": "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/"
},
{
"name": "http://svnweb.freebsd.org/base?view=revision\u0026revision=161263",
"refsource": "CONFIRM",
"url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=161263"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7252",
"datePublished": "2012-07-25T19:00:00Z",
"dateReserved": "2012-07-25T00:00:00Z",
"dateUpdated": "2024-09-16T23:06:20.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1739 (GCVE-0-2011-1739)
Vulnerability from cvelistv5
Published
2011-05-03 20:00
Modified
2024-08-06 22:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 does not properly handle a -network field specifying a CIDR block with a prefix length that is not an integer multiple of 8, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances via an NFS mount request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2011/1076 | vdb-entry, x_refsource_VUPEN | |
| http://security.FreeBSD.org/advisories/FreeBSD-SA-11:01.mountd.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.securityfocus.com/bid/47517 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66981 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1025425 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/44307 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-1076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1076"
},
{
"name": "FreeBSD-SA-11:01",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-11:01.mountd.asc"
},
{
"name": "47517",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47517"
},
{
"name": "freebsd-mountd-security-bypass(66981)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66981"
},
{
"name": "1025425",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025425"
},
{
"name": "44307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44307"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 does not properly handle a -network field specifying a CIDR block with a prefix length that is not an integer multiple of 8, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances via an NFS mount request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "ADV-2011-1076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1076"
},
{
"name": "FreeBSD-SA-11:01",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-11:01.mountd.asc"
},
{
"name": "47517",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47517"
},
{
"name": "freebsd-mountd-security-bypass(66981)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66981"
},
{
"name": "1025425",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025425"
},
{
"name": "44307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44307"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2011-1739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 does not properly handle a -network field specifying a CIDR block with a prefix length that is not an integer multiple of 8, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances via an NFS mount request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-1076",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1076"
},
{
"name": "FreeBSD-SA-11:01",
"refsource": "FREEBSD",
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-11:01.mountd.asc"
},
{
"name": "47517",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47517"
},
{
"name": "freebsd-mountd-security-bypass(66981)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66981"
},
{
"name": "1025425",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025425"
},
{
"name": "44307",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44307"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2011-1739",
"datePublished": "2011-05-03T20:00:00",
"dateReserved": "2011-04-19T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0322 (GCVE-0-1999-0322)
Vulnerability from cvelistv5
Published
2000-01-04 05:00
Modified
2024-08-01 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The open() function in FreeBSD allows local attackers to write to arbitrary files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/6092 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:34:51.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6092",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6092"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The open() function in FreeBSD allows local attackers to write to arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6092",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6092"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The open() function in FreeBSD allows local attackers to write to arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6092",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6092"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0322",
"datePublished": "2000-01-04T05:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:34:51.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1087 (GCVE-0-2017-1087)
Vulnerability from cvelistv5
Published
2017-11-16 20:00
Modified
2024-09-16 23:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Privilege escalation
Summary
In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/101867 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1039810 | vdb-entry, x_refsource_SECTRACK | |
| https://www.freebsd.org/security/advisories/FreeBSD-SA-17:09.shm.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101867",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101867"
},
{
"name": "1039810",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039810"
},
{
"name": "FreeBSD-SA-17:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:09.shm.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"status": "affected",
"version": "FreeBSD 10.x"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-17T10:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "101867",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101867"
},
{
"name": "1039810",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039810"
},
{
"name": "FreeBSD-SA-17:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:09.shm.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-1087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 10.x"
}
]
}
}
]
},
"vendor_name": "FreeBSD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101867",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101867"
},
{
"name": "1039810",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039810"
},
{
"name": "FreeBSD-SA-17:09",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:09.shm.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2017-1087",
"datePublished": "2017-11-16T20:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T23:11:12.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2427 (GCVE-0-2008-2427)
Vulnerability from cvelistv5
Published
2008-06-24 19:00
Modified
2024-08-07 08:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/1897 | vdb-entry, x_refsource_VUPEN | |
| http://www.vupen.com/english/advisories/2008/1896 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/30789 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/secunia_research/2008-24/advisory/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/29851 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1020340 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/493505/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/3956 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/30416 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.exploit-db.com/exploits/5951 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:02.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-1897",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1897"
},
{
"name": "ADV-2008-1896",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1896"
},
{
"name": "30789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30789"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2008-24/advisory/"
},
{
"name": "29851",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29851"
},
{
"name": "1020340",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020340"
},
{
"name": "20080620 Secunia Research: XnView, NConvert, and GFL SDK Sun TAAC Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493505/100/0/threaded"
},
{
"name": "3956",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3956"
},
{
"name": "30416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30416"
},
{
"name": "5951",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5951"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "ADV-2008-1897",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1897"
},
{
"name": "ADV-2008-1896",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1896"
},
{
"name": "30789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30789"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2008-24/advisory/"
},
{
"name": "29851",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29851"
},
{
"name": "1020340",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020340"
},
{
"name": "20080620 Secunia Research: XnView, NConvert, and GFL SDK Sun TAAC Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493505/100/0/threaded"
},
{
"name": "3956",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3956"
},
{
"name": "30416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30416"
},
{
"name": "5951",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5951"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2008-2427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1897",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1897"
},
{
"name": "ADV-2008-1896",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1896"
},
{
"name": "30789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30789"
},
{
"name": "http://secunia.com/secunia_research/2008-24/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-24/advisory/"
},
{
"name": "29851",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29851"
},
{
"name": "1020340",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020340"
},
{
"name": "20080620 Secunia Research: XnView, NConvert, and GFL SDK Sun TAAC Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493505/100/0/threaded"
},
{
"name": "3956",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3956"
},
{
"name": "30416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30416"
},
{
"name": "5951",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5951"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2008-2427",
"datePublished": "2008-06-24T19:00:00",
"dateReserved": "2008-05-27T00:00:00",
"dateUpdated": "2024-08-07T08:58:02.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0916 (GCVE-0-2000-0916)
Vulnerability from cvelistv5
Published
2000-11-29 05:00
Modified
2024-08-08 05:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:52.tcp-iss.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.securityfocus.com/bid/1766 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:31.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-00:52",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:52.tcp-iss.asc"
},
{
"name": "1766",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1766"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-05-08T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-00:52",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:52.tcp-iss.asc"
},
{
"name": "1766",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1766"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-00:52",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:52.tcp-iss.asc"
},
{
"name": "1766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1766"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0916",
"datePublished": "2000-11-29T05:00:00",
"dateReserved": "2000-11-24T00:00:00",
"dateUpdated": "2024-08-08T05:37:31.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4851 (GCVE-0-2013-4851)
Vulnerability from cvelistv5
Published
2013-07-28 18:00
Modified
2024-08-06 16:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS server implementation in the kernel in FreeBSD 8.3 and 9.x through 9.1-RELEASE-p5 controls authorization for host/subnet export entries on the basis of group information sent by the client, which allows remote attackers to bypass file permissions on NFS filesystems via crafted requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://svnweb.freebsd.org/base?view=revision&revision=244226 | x_refsource_CONFIRM | |
| http://www.freebsd.org/security/advisories/FreeBSD-SA-13:08.nfsserver.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.securityfocus.com/bid/61484 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=244226"
},
{
"name": "FreeBSD-SA-13:08",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:08.nfsserver.asc"
},
{
"name": "61484",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61484"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS server implementation in the kernel in FreeBSD 8.3 and 9.x through 9.1-RELEASE-p5 controls authorization for host/subnet export entries on the basis of group information sent by the client, which allows remote attackers to bypass file permissions on NFS filesystems via crafted requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-22T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=244226"
},
{
"name": "FreeBSD-SA-13:08",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:08.nfsserver.asc"
},
{
"name": "61484",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61484"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS server implementation in the kernel in FreeBSD 8.3 and 9.x through 9.1-RELEASE-p5 controls authorization for host/subnet export entries on the basis of group information sent by the client, which allows remote attackers to bypass file permissions on NFS filesystems via crafted requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svnweb.freebsd.org/base?view=revision\u0026revision=244226",
"refsource": "CONFIRM",
"url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=244226"
},
{
"name": "FreeBSD-SA-13:08",
"refsource": "FREEBSD",
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:08.nfsserver.asc"
},
{
"name": "61484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61484"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4851",
"datePublished": "2013-07-28T18:00:00",
"dateReserved": "2013-07-16T00:00:00",
"dateUpdated": "2024-08-06T16:59:40.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1400 (GCVE-0-2005-1400)
Vulnerability from cvelistv5
Published
2005-05-06 04:00
Modified
2024-09-16 18:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:49.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-05:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-05-06T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-05:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-05:07",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1400",
"datePublished": "2005-05-06T04:00:00Z",
"dateReserved": "2005-05-03T00:00:00Z",
"dateUpdated": "2024-09-16T18:33:52.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2242 (GCVE-0-2007-2242)
Vulnerability from cvelistv5
Published
2007-04-25 16:00
Modified
2024-08-07 13:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:27.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-07:03.ipv6",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:03.ipv6.asc"
},
{
"name": "24978",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24978"
},
{
"name": "26703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26703"
},
{
"name": "RHSA-2007:0347",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0347.html"
},
{
"name": "25770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25770"
},
{
"name": "26664",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26664"
},
{
"name": "SUSE-SA:2007:051",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_51_kernel.html"
},
{
"name": "20070508 FLEA-2007-0016-1: kernel",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/467939/30/6690/threaded"
},
{
"name": "28806",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28806"
},
{
"name": "23615",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23615"
},
{
"name": "oval:org.mitre.oval:def:9574",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9574"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=306375"
},
{
"name": "26651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26651"
},
{
"name": "[3.9] 20070423 022: SECURITY FIX: April 23, 2007",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://openbsd.org/errata39.html#022_route6"
},
{
"name": "MDKSA-2007:171",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:171"
},
{
"name": "MDKSA-2007:216",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:216"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf"
},
{
"name": "1017949",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017949"
},
{
"name": "[4.0] 20070423 012: SECURITY FIX: April 23, 2007",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://openbsd.org/errata40.html#012_route6"
},
{
"name": "25288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25288"
},
{
"name": "ADV-2007-1563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1563"
},
{
"name": "25083",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25083"
},
{
"name": "26620",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26620"
},
{
"name": "ADV-2007-2270",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2270"
},
{
"name": "MDKSA-2007:196",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:196"
},
{
"name": "20070615 rPSA-2007-0124-1 kernel xen",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471457"
},
{
"name": "25068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25068"
},
{
"name": "SUSE-SA:2008:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html"
},
{
"name": "VU#267289",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/267289"
},
{
"name": "USN-486-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-486-1"
},
{
"name": "USN-508-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-508-1"
},
{
"name": "ADV-2007-3050",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3050"
},
{
"name": "25691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25691"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1310"
},
{
"name": "25033",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25033"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=305712"
},
{
"name": "openbsd-ipv6-type0-dos(33851)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33851"
},
{
"name": "26133",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26133"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-07:03.ipv6",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:03.ipv6.asc"
},
{
"name": "24978",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24978"
},
{
"name": "26703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26703"
},
{
"name": "RHSA-2007:0347",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0347.html"
},
{
"name": "25770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25770"
},
{
"name": "26664",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26664"
},
{
"name": "SUSE-SA:2007:051",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_51_kernel.html"
},
{
"name": "20070508 FLEA-2007-0016-1: kernel",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/467939/30/6690/threaded"
},
{
"name": "28806",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28806"
},
{
"name": "23615",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23615"
},
{
"name": "oval:org.mitre.oval:def:9574",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9574"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=306375"
},
{
"name": "26651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26651"
},
{
"name": "[3.9] 20070423 022: SECURITY FIX: April 23, 2007",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://openbsd.org/errata39.html#022_route6"
},
{
"name": "MDKSA-2007:171",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:171"
},
{
"name": "MDKSA-2007:216",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:216"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf"
},
{
"name": "1017949",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017949"
},
{
"name": "[4.0] 20070423 012: SECURITY FIX: April 23, 2007",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://openbsd.org/errata40.html#012_route6"
},
{
"name": "25288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25288"
},
{
"name": "ADV-2007-1563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1563"
},
{
"name": "25083",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25083"
},
{
"name": "26620",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26620"
},
{
"name": "ADV-2007-2270",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2270"
},
{
"name": "MDKSA-2007:196",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:196"
},
{
"name": "20070615 rPSA-2007-0124-1 kernel xen",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/471457"
},
{
"name": "25068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25068"
},
{
"name": "SUSE-SA:2008:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html"
},
{
"name": "VU#267289",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/267289"
},
{
"name": "USN-486-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-486-1"
},
{
"name": "USN-508-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-508-1"
},
{
"name": "ADV-2007-3050",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3050"
},
{
"name": "25691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25691"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1310"
},
{
"name": "25033",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25033"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=305712"
},
{
"name": "openbsd-ipv6-type0-dos(33851)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33851"
},
{
"name": "26133",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26133"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-07:03.ipv6",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:03.ipv6.asc"
},
{
"name": "24978",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24978"
},
{
"name": "26703",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26703"
},
{
"name": "RHSA-2007:0347",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0347.html"
},
{
"name": "25770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25770"
},
{
"name": "26664",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26664"
},
{
"name": "SUSE-SA:2007:051",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_51_kernel.html"
},
{
"name": "20070508 FLEA-2007-0016-1: kernel",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467939/30/6690/threaded"
},
{
"name": "28806",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28806"
},
{
"name": "23615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23615"
},
{
"name": "oval:org.mitre.oval:def:9574",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9574"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306375",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306375"
},
{
"name": "26651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26651"
},
{
"name": "[3.9] 20070423 022: SECURITY FIX: April 23, 2007",
"refsource": "OPENBSD",
"url": "http://openbsd.org/errata39.html#022_route6"
},
{
"name": "MDKSA-2007:171",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:171"
},
{
"name": "MDKSA-2007:216",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:216"
},
{
"name": "http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf",
"refsource": "MISC",
"url": "http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf"
},
{
"name": "1017949",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017949"
},
{
"name": "[4.0] 20070423 012: SECURITY FIX: April 23, 2007",
"refsource": "OPENBSD",
"url": "http://openbsd.org/errata40.html#012_route6"
},
{
"name": "25288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25288"
},
{
"name": "ADV-2007-1563",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1563"
},
{
"name": "25083",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25083"
},
{
"name": "26620",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26620"
},
{
"name": "ADV-2007-2270",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2270"
},
{
"name": "MDKSA-2007:196",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:196"
},
{
"name": "20070615 rPSA-2007-0124-1 kernel xen",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471457"
},
{
"name": "25068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25068"
},
{
"name": "SUSE-SA:2008:006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html"
},
{
"name": "VU#267289",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/267289"
},
{
"name": "USN-486-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-486-1"
},
{
"name": "USN-508-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-508-1"
},
{
"name": "ADV-2007-3050",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3050"
},
{
"name": "25691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25691"
},
{
"name": "https://issues.rpath.com/browse/RPL-1310",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1310"
},
{
"name": "25033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25033"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305712",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305712"
},
{
"name": "openbsd-ipv6-type0-dos(33851)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33851"
},
{
"name": "26133",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26133"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2242",
"datePublished": "2007-04-25T16:00:00",
"dateReserved": "2007-04-25T00:00:00",
"dateUpdated": "2024-08-07T13:33:27.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3077 (GCVE-0-2013-3077)
Vulnerability from cvelistv5
Published
2013-08-28 10:00
Modified
2024-09-16 23:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple integer overflows in the IP_MSFILTER and IPV6_MSFILTER features in (1) sys/netinet/in_mcast.c and (2) sys/netinet6/in6_mcast.c in the multicast implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE allow local users to bypass intended restrictions on kernel-memory read and write operations, and consequently gain privileges, via vectors involving a large number of source-filter entries.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.freebsd.org/security/advisories/FreeBSD-SA-13:09.ip_multicast.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://svnweb.freebsd.org/base?view=revision&revision=254629 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:00:09.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-13:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:09.ip_multicast.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=254629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the IP_MSFILTER and IPV6_MSFILTER features in (1) sys/netinet/in_mcast.c and (2) sys/netinet6/in6_mcast.c in the multicast implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE allow local users to bypass intended restrictions on kernel-memory read and write operations, and consequently gain privileges, via vectors involving a large number of source-filter entries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-28T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-13:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:09.ip_multicast.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=254629"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the IP_MSFILTER and IPV6_MSFILTER features in (1) sys/netinet/in_mcast.c and (2) sys/netinet6/in6_mcast.c in the multicast implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE allow local users to bypass intended restrictions on kernel-memory read and write operations, and consequently gain privileges, via vectors involving a large number of source-filter entries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-13:09",
"refsource": "FREEBSD",
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:09.ip_multicast.asc"
},
{
"name": "http://svnweb.freebsd.org/base?view=revision\u0026revision=254629",
"refsource": "CONFIRM",
"url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=254629"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3077",
"datePublished": "2013-08-28T10:00:00Z",
"dateReserved": "2013-04-15T00:00:00Z",
"dateUpdated": "2024-09-16T23:51:09.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0826 (GCVE-0-1999-0826)
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-01 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in FreeBSD angband allows local users to gain privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/1151 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/840 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:48:38.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1151",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1151"
},
{
"name": "840",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/840"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in FreeBSD angband allows local users to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1151",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1151"
},
{
"name": "840",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/840"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in FreeBSD angband allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1151",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1151"
},
{
"name": "840",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/840"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0826",
"datePublished": "2000-10-13T04:00:00",
"dateReserved": "1999-12-07T00:00:00",
"dateUpdated": "2024-08-01T16:48:38.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1147 (GCVE-0-2008-1147)
Vulnerability from cvelistv5
Published
2008-03-04 23:00
Modified
2024-08-07 08:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41155 | vdb-entry, x_refsource_XF | |
| http://seclists.org/bugtraq/2008/Feb/0063.html | mailing-list, x_refsource_BUGTRAQ | |
| http://seclists.org/bugtraq/2008/Feb/0052.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/487658 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/28819 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf | x_refsource_MISC | |
| http://www.securiteam.com/securityreviews/5PP0H0UNGW.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/40329 | vdb-entry, x_refsource_XF | |
| http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_id.c?rev=1.10%3Bcontenttype= | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/27647 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openbsd-xor-weak-security(41155)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41155"
},
{
"name": "20080206 RE: A paper by Amit Klein (Trusteer): \"OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2008/Feb/0063.html"
},
{
"name": "20080206 Re: A paper by Amit Klein (Trusteer): \"OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2008/Feb/0052.html"
},
{
"name": "20080206 A paper by Amit Klein (Trusteer): \"OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487658"
},
{
"name": "28819",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28819"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/securityreviews/5PP0H0UNGW.html"
},
{
"name": "openbsd-prng-dns-spoofing(40329)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40329"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_id.c?rev=1.10%3Bcontenttype="
},
{
"name": "27647",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27647"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka \"Algorithm X2\"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openbsd-xor-weak-security(41155)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41155"
},
{
"name": "20080206 RE: A paper by Amit Klein (Trusteer): \"OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2008/Feb/0063.html"
},
{
"name": "20080206 Re: A paper by Amit Klein (Trusteer): \"OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2008/Feb/0052.html"
},
{
"name": "20080206 A paper by Amit Klein (Trusteer): \"OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487658"
},
{
"name": "28819",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28819"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/securityreviews/5PP0H0UNGW.html"
},
{
"name": "openbsd-prng-dns-spoofing(40329)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40329"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_id.c?rev=1.10%3Bcontenttype="
},
{
"name": "27647",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27647"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka \"Algorithm X2\"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openbsd-xor-weak-security(41155)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41155"
},
{
"name": "20080206 RE: A paper by Amit Klein (Trusteer): \"OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability\"",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2008/Feb/0063.html"
},
{
"name": "20080206 Re: A paper by Amit Klein (Trusteer): \"OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability\"",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2008/Feb/0052.html"
},
{
"name": "20080206 A paper by Amit Klein (Trusteer): \"OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability\"",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487658"
},
{
"name": "28819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28819"
},
{
"name": "http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf",
"refsource": "MISC",
"url": "http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf"
},
{
"name": "http://www.securiteam.com/securityreviews/5PP0H0UNGW.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/securityreviews/5PP0H0UNGW.html"
},
{
"name": "openbsd-prng-dns-spoofing(40329)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40329"
},
{
"name": "http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_id.c?rev=1.10;contenttype=",
"refsource": "CONFIRM",
"url": "http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_id.c?rev=1.10;contenttype="
},
{
"name": "27647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27647"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1147",
"datePublished": "2008-03-04T23:00:00",
"dateReserved": "2008-03-04T00:00:00",
"dateUpdated": "2024-08-07T08:08:57.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0196 (GCVE-0-2001-0196)
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 04:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
inetd ident server in FreeBSD 4.x and earlier does not properly set group permissions, which allows remote attackers to read the first 16 bytes of files that are accessible by the wheel group.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6052 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/1753 | vdb-entry, x_refsource_OSVDB | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:11.inetd.v1.1.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.securityfocus.com/bid/2324 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:14:06.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "inetd-ident-read-files(6052)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6052"
},
{
"name": "1753",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1753"
},
{
"name": "FreeBSD-SA-01:11",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:11.inetd.v1.1.asc"
},
{
"name": "2324",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2324"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "inetd ident server in FreeBSD 4.x and earlier does not properly set group permissions, which allows remote attackers to read the first 16 bytes of files that are accessible by the wheel group."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "inetd-ident-read-files(6052)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6052"
},
{
"name": "1753",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1753"
},
{
"name": "FreeBSD-SA-01:11",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:11.inetd.v1.1.asc"
},
{
"name": "2324",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2324"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "inetd ident server in FreeBSD 4.x and earlier does not properly set group permissions, which allows remote attackers to read the first 16 bytes of files that are accessible by the wheel group."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "inetd-ident-read-files(6052)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6052"
},
{
"name": "1753",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1753"
},
{
"name": "FreeBSD-SA-01:11",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:11.inetd.v1.1.asc"
},
{
"name": "2324",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2324"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0196",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2001-03-08T00:00:00",
"dateUpdated": "2024-08-08T04:14:06.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13086 (GCVE-0-2017-13086)
Vulnerability from cvelistv5
Published
2017-10-17 13:00
Modified
2024-08-05 18:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-323 - Reusing a Nonce, Key Pair in Encryption
Summary
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wi-Fi Alliance | Wi-Fi Protected Access (WPA and WPA2) |
Version: WPA Version: WPA2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:58:12.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039581",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039581"
},
{
"name": "101274",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101274"
},
{
"name": "DSA-3999",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3999"
},
{
"name": "1039578",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039578"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/kracks"
},
{
"name": "20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt"
},
{
"name": "1039577",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039577"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-11-01"
},
{
"name": "GLSA-201711-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201711-03"
},
{
"name": "RHSA-2017:2907",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2907"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-17420"
},
{
"name": "FreeBSD-SA-17:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.krackattacks.com/"
},
{
"name": "1039573",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039573"
},
{
"name": "1039576",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039576"
},
{
"name": "VU#228519",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/228519"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2017-005"
},
{
"name": "USN-3455-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3455-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wi-Fi Protected Access (WPA and WPA2)",
"vendor": "Wi-Fi Alliance",
"versions": [
{
"status": "affected",
"version": "WPA"
},
{
"status": "affected",
"version": "WPA2"
}
]
}
],
"datePublic": "2017-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-323",
"description": "CWE-323: Reusing a Nonce, Key Pair in Encryption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-16T13:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "1039581",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039581"
},
{
"name": "101274",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101274"
},
{
"name": "DSA-3999",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3999"
},
{
"name": "1039578",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039578"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/security/vulnerabilities/kracks"
},
{
"name": "20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt"
},
{
"name": "1039577",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039577"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-11-01"
},
{
"name": "GLSA-201711-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201711-03"
},
{
"name": "RHSA-2017:2907",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2907"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-17420"
},
{
"name": "FreeBSD-SA-17:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.krackattacks.com/"
},
{
"name": "1039573",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039573"
},
{
"name": "1039576",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039576"
},
{
"name": "VU#228519",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/228519"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2017-005"
},
{
"name": "USN-3455-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3455-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-13086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wi-Fi Protected Access (WPA and WPA2)",
"version": {
"version_data": [
{
"version_value": "WPA"
},
{
"version_value": "WPA2"
}
]
}
}
]
},
"vendor_name": "Wi-Fi Alliance"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-323: Reusing a Nonce, Key Pair in Encryption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039581",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039581"
},
{
"name": "101274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101274"
},
{
"name": "DSA-3999",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3999"
},
{
"name": "1039578",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039578"
},
{
"name": "https://access.redhat.com/security/vulnerabilities/kracks",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/vulnerabilities/kracks"
},
{
"name": "20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"
},
{
"name": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt",
"refsource": "MISC",
"url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt"
},
{
"name": "1039577",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039577"
},
{
"name": "https://source.android.com/security/bulletin/2017-11-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-11-01"
},
{
"name": "GLSA-201711-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-03"
},
{
"name": "RHSA-2017:2907",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2907"
},
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-17420",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-17420"
},
{
"name": "FreeBSD-SA-17:07",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc"
},
{
"name": "https://www.krackattacks.com/",
"refsource": "MISC",
"url": "https://www.krackattacks.com/"
},
{
"name": "1039573",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039573"
},
{
"name": "1039576",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039576"
},
{
"name": "VU#228519",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/228519"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
},
{
"name": "https://cert.vde.com/en-us/advisories/vde-2017-005",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2017-005"
},
{
"name": "USN-3455-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3455-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-13086",
"datePublished": "2017-10-17T13:00:00",
"dateReserved": "2017-08-22T00:00:00",
"dateUpdated": "2024-08-05T18:58:12.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29937 (GCVE-0-2024-29937)
Vulnerability from cvelistv5
Published
2024-03-21 00:00
Modified
2025-03-13 15:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:17:58.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.signedness.org/t2.fi.2024/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=i_JOkHaCdzk"
},
{
"tags": [
"x_transferred"
],
"url": "https://t2.fi/schedule/2024/"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=39778203"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "openbsd",
"vendor": "openbsd",
"versions": [
{
"lessThan": "7.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freebsd",
"vendor": "freebsd",
"versions": [
{
"lessThan": "14.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29937",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-21T01:37:05.415426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T15:58:21.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-21T17:52:56.124Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.signedness.org/t2.fi.2024/"
},
{
"url": "https://www.youtube.com/watch?v=i_JOkHaCdzk"
},
{
"url": "https://t2.fi/schedule/2024/"
},
{
"url": "https://news.ycombinator.com/item?id=39778203"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-29937",
"datePublished": "2024-03-21T00:00:00.000Z",
"dateReserved": "2024-03-21T00:00:00.000Z",
"dateUpdated": "2025-03-13T15:58:21.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7451 (GCVE-0-2020-7451)
Vulnerability from cvelistv5
Published
2020-04-28 19:11
Modified
2024-08-04 09:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper initialization
Summary
In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, and 11.3-RELEASE before 11.3-RELEASE-p7, a TCP SYN-ACK or challenge TCP-ACK segment over IPv6 that is transmitted or retransmitted does not properly initialize the Traffic Class field disclosing one byte of kernel memory over the network.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-20:04.tcp.asc | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:48.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:04.tcp.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, 11.3-RELEASE before 11.3-RELEASE-p7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, and 11.3-RELEASE before 11.3-RELEASE-p7, a TCP SYN-ACK or challenge TCP-ACK segment over IPv6 that is transmitted or retransmitted does not properly initialize the Traffic Class field disclosing one byte of kernel memory over the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper initialization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T19:11:42",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:04.tcp.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2020-7451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, 11.3-RELEASE before 11.3-RELEASE-p7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, and 11.3-RELEASE before 11.3-RELEASE-p7, a TCP SYN-ACK or challenge TCP-ACK segment over IPv6 that is transmitted or retransmitted does not properly initialize the Traffic Class field disclosing one byte of kernel memory over the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper initialization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:04.tcp.asc",
"refsource": "CONFIRM",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:04.tcp.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2020-7451",
"datePublished": "2020-04-28T19:11:42",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:25:48.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0131 (GCVE-0-1999-0131)
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/717 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:27:57.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "717",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "717",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/717"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/717"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0131",
"datePublished": "1999-09-29T04:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:27:57.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17159 (GCVE-0-2018-17159)
Vulnerability from cvelistv5
Published
2018-12-04 15:00
Modified
2024-08-05 10:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Kernel improper bounds checking
Summary
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Unprivileged remote users with access to the NFS server can cause a resource exhaustion by forcing the server to allocate an arbitrarily large memory allocation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106192 | vdb-entry, x_refsource_BID | |
| https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.securitytracker.com/id/1042164 | vdb-entry, x_refsource_SECTRACK | |
| https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/ | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:59.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106192",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106192"
},
{
"name": "FreeBSD-SA-18:13",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc"
},
{
"name": "1042164",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042164"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"status": "affected",
"version": "FreeBSD 11.2 before 11.2-RELEASE-p5"
}
]
}
],
"datePublic": "2018-12-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Unprivileged remote users with access to the NFS server can cause a resource exhaustion by forcing the server to allocate an arbitrarily large memory allocation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Kernel improper bounds checking",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-13T10:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "106192",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106192"
},
{
"name": "FreeBSD-SA-18:13",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc"
},
{
"name": "1042164",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042164"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2018-17159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 11.2 before 11.2-RELEASE-p5"
}
]
}
}
]
},
"vendor_name": "FreeBSD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Unprivileged remote users with access to the NFS server can cause a resource exhaustion by forcing the server to allocate an arbitrarily large memory allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Kernel improper bounds checking"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106192",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106192"
},
{
"name": "FreeBSD-SA-18:13",
"refsource": "FREEBSD",
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc"
},
{
"name": "1042164",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042164"
},
{
"name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/",
"refsource": "MISC",
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2018-17159",
"datePublished": "2018-12-04T15:00:00",
"dateReserved": "2018-09-18T00:00:00",
"dateUpdated": "2024-08-05T10:39:59.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32264 (GCVE-0-2022-32264)
Vulnerability from cvelistv5
Published
2022-09-06 17:49
Modified
2025-06-17 19:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
sys/netinet/tcp_timer.h in FreeBSD before 7.0 contains a denial-of-service (DoS) vulnerability due to improper handling of TSopt on TCP connections. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN20930118/ | x_refsource_MISC | |
| https://cgit.freebsd.org/src/commit/?id=4dc630cdd2f7a790604d2724ecb19c6aa95130a7 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:50.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN20930118/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cgit.freebsd.org/src/commit/?id=4dc630cdd2f7a790604d2724ecb19c6aa95130a7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-32264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T14:24:03.398377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T19:29:40.674Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "sys/netinet/tcp_timer.h in FreeBSD before 7.0 contains a denial-of-service (DoS) vulnerability due to improper handling of TSopt on TCP connections. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:49:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN20930118/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cgit.freebsd.org/src/commit/?id=4dc630cdd2f7a790604d2724ecb19c6aa95130a7"
}
],
"tags": [
"unsupported-when-assigned"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** sys/netinet/tcp_timer.h in FreeBSD before 7.0 contains a denial-of-service (DoS) vulnerability due to improper handling of TSopt on TCP connections. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN20930118/",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN20930118/"
},
{
"name": "https://cgit.freebsd.org/src/commit/?id=4dc630cdd2f7a790604d2724ecb19c6aa95130a7",
"refsource": "MISC",
"url": "https://cgit.freebsd.org/src/commit/?id=4dc630cdd2f7a790604d2724ecb19c6aa95130a7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32264",
"datePublished": "2022-09-06T17:49:31.000Z",
"dateReserved": "2022-06-03T00:00:00.000Z",
"dateUpdated": "2025-06-17T19:29:40.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1453 (GCVE-0-2014-1453)
Vulnerability from cvelistv5
Published
2014-04-16 18:00
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquire locks in the proper order when converting a directory file handle to a vnode, which allows remote authenticated users to cause a denial of service (deadlock) via vectors involving a thread that uses the correct locking order.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/66726 | vdb-entry, x_refsource_BID | |
| http://www.freebsd.org/security/advisories/FreeBSD-SA-14:05.nfsserver.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.debian.org/security/2014/dsa-2952 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/57760 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/59034 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id/1030041 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:35.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "66726",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66726"
},
{
"name": "FreeBSD-SA-14:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-14:05.nfsserver.asc"
},
{
"name": "DSA-2952",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2952"
},
{
"name": "57760",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57760"
},
{
"name": "59034",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59034"
},
{
"name": "1030041",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030041"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquire locks in the proper order when converting a directory file handle to a vnode, which allows remote authenticated users to cause a denial of service (deadlock) via vectors involving a thread that uses the correct locking order."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-18T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "66726",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66726"
},
{
"name": "FreeBSD-SA-14:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-14:05.nfsserver.asc"
},
{
"name": "DSA-2952",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2952"
},
{
"name": "57760",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57760"
},
{
"name": "59034",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59034"
},
{
"name": "1030041",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030041"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquire locks in the proper order when converting a directory file handle to a vnode, which allows remote authenticated users to cause a denial of service (deadlock) via vectors involving a thread that uses the correct locking order."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "66726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66726"
},
{
"name": "FreeBSD-SA-14:05",
"refsource": "FREEBSD",
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-14:05.nfsserver.asc"
},
{
"name": "DSA-2952",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2952"
},
{
"name": "57760",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57760"
},
{
"name": "59034",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59034"
},
{
"name": "1030041",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030041"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1453",
"datePublished": "2014-04-16T18:00:00",
"dateReserved": "2014-01-14T00:00:00",
"dateUpdated": "2024-08-06T09:42:35.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1220 (GCVE-0-2002-1220)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:27.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CA-2002-31",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-31.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/products/BIND/bind-security.html"
},
{
"name": "2002-11-21",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html"
},
{
"name": "oval:org.mitre.oval:def:449",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A449"
},
{
"name": "DSA-196",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-196"
},
{
"name": "SSRT2408",
"tags": [
"vendor-advisory",
"x_refsource_COMPAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/advisories/4999"
},
{
"name": "20021118 TSLSA-2002-0076 - bind",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103763574715133\u0026w=2"
},
{
"name": "VU#229595",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/229595"
},
{
"name": "bind-opt-rr-dos(10332)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10332"
},
{
"name": "6161",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6161"
},
{
"name": "20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/300019"
},
{
"name": "20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 \u0026 8]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103713117612842\u0026w=2"
},
{
"name": "N-013",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/n-013.shtml"
},
{
"name": "20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469"
},
{
"name": "MDKSA-2002:077",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-04T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CA-2002-31",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-31.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/products/BIND/bind-security.html"
},
{
"name": "2002-11-21",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html"
},
{
"name": "oval:org.mitre.oval:def:449",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A449"
},
{
"name": "DSA-196",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-196"
},
{
"name": "SSRT2408",
"tags": [
"vendor-advisory",
"x_refsource_COMPAQ"
],
"url": "http://online.securityfocus.com/advisories/4999"
},
{
"name": "20021118 TSLSA-2002-0076 - bind",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103763574715133\u0026w=2"
},
{
"name": "VU#229595",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/229595"
},
{
"name": "bind-opt-rr-dos(10332)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10332"
},
{
"name": "6161",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6161"
},
{
"name": "20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/300019"
},
{
"name": "20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 \u0026 8]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103713117612842\u0026w=2"
},
{
"name": "N-013",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/n-013.shtml"
},
{
"name": "20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469"
},
{
"name": "MDKSA-2002:077",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-2002-31",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-31.html"
},
{
"name": "http://www.isc.org/products/BIND/bind-security.html",
"refsource": "CONFIRM",
"url": "http://www.isc.org/products/BIND/bind-security.html"
},
{
"name": "2002-11-21",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html"
},
{
"name": "oval:org.mitre.oval:def:449",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A449"
},
{
"name": "DSA-196",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-196"
},
{
"name": "SSRT2408",
"refsource": "COMPAQ",
"url": "http://online.securityfocus.com/advisories/4999"
},
{
"name": "20021118 TSLSA-2002-0076 - bind",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103763574715133\u0026w=2"
},
{
"name": "VU#229595",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/229595"
},
{
"name": "bind-opt-rr-dos(10332)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10332"
},
{
"name": "6161",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6161"
},
{
"name": "20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/300019"
},
{
"name": "20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 \u0026 8]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103713117612842\u0026w=2"
},
{
"name": "N-013",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-013.shtml"
},
{
"name": "20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8",
"refsource": "ISS",
"url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469"
},
{
"name": "MDKSA-2002:077",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1220",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-10-16T00:00:00",
"dateUpdated": "2024-08-08T03:19:27.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45063 (GCVE-0-2024-45063)
Vulnerability from cvelistv5
Published
2024-09-05 04:31
Modified
2024-09-06 16:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing.
Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freebsd",
"vendor": "freebsd",
"versions": [
{
"lessThan": "14.1_p4",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "14.0_p10",
"status": "affected",
"version": "14.0",
"versionType": "custom"
},
{
"lessThan": "13.3_p6",
"status": "affected",
"version": "13.3",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45063",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T13:10:26.772292Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T16:18:12.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"ctl"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p4",
"status": "affected",
"version": "14.1-RELEASE",
"versionType": "release"
},
{
"lessThan": "p10",
"status": "affected",
"version": "14.0-RELEASE",
"versionType": "release"
},
{
"lessThan": "p6",
"status": "affected",
"version": "13.3-RELEASE",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Synacktiv"
},
{
"lang": "en",
"type": "sponsor",
"value": "The FreeBSD Foundation"
},
{
"lang": "en",
"type": "sponsor",
"value": "The Alpha-Omega Project"
}
],
"datePublic": "2024-09-04T23:37:17.000Z",
"descriptions": [
{
"lang": "en",
"value": "The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing.\n\nMalicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T04:31:22.649Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc"
}
],
"title": "Multiple issues in ctl(4) CAM Target Layer"
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2024-45063",
"datePublished": "2024-09-05T04:31:22.649Z",
"dateReserved": "2024-08-27T16:30:56.002Z",
"dateUpdated": "2024-09-06T16:18:12.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2464 (GCVE-0-2008-2464)
Vulnerability from cvelistv5
Published
2008-09-10 15:00
Modified
2024-09-16 22:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD 4.0, FreeBSD, and KAME, when INET6 is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ICMPv6 Multicast Listener Discovery (MLD) query with a certain Maximum Response Delay value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/31026 | vdb-entry, x_refsource_BID | |
| http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/mld6.c | x_refsource_CONFIRM | |
| http://cert.fi/haavoittuvuudet/2008/advisory-netbsd.html | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/817940 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet6/mld6.c | x_refsource_CONFIRM | |
| http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/mld6.c.diff?r1=1.46&r2=1.47&f=h | x_refsource_CONFIRM | |
| http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet6/mld6.c.diff?r1=1.34%3Br2=1.35%3Bf=h | x_refsource_CONFIRM | |
| http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-011.txt.asc | vendor-advisory, x_refsource_NETBSD | |
| http://securitytracker.com/id?1020822 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:05:28.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31026",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31026"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/mld6.c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cert.fi/haavoittuvuudet/2008/advisory-netbsd.html"
},
{
"name": "VU#817940",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/817940"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet6/mld6.c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/mld6.c.diff?r1=1.46\u0026r2=1.47\u0026f=h"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet6/mld6.c.diff?r1=1.34%3Br2=1.35%3Bf=h"
},
{
"name": "NetBSD-SA2008-011",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-011.txt.asc"
},
{
"name": "1020822",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020822"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD 4.0, FreeBSD, and KAME, when INET6 is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ICMPv6 Multicast Listener Discovery (MLD) query with a certain Maximum Response Delay value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-09-10T15:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "31026",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31026"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/mld6.c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cert.fi/haavoittuvuudet/2008/advisory-netbsd.html"
},
{
"name": "VU#817940",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/817940"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet6/mld6.c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/mld6.c.diff?r1=1.46\u0026r2=1.47\u0026f=h"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet6/mld6.c.diff?r1=1.34%3Br2=1.35%3Bf=h"
},
{
"name": "NetBSD-SA2008-011",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-011.txt.asc"
},
{
"name": "1020822",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020822"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2008-2464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD 4.0, FreeBSD, and KAME, when INET6 is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ICMPv6 Multicast Listener Discovery (MLD) query with a certain Maximum Response Delay value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31026",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31026"
},
{
"name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/mld6.c",
"refsource": "CONFIRM",
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/mld6.c"
},
{
"name": "http://cert.fi/haavoittuvuudet/2008/advisory-netbsd.html",
"refsource": "MISC",
"url": "http://cert.fi/haavoittuvuudet/2008/advisory-netbsd.html"
},
{
"name": "VU#817940",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/817940"
},
{
"name": "http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet6/mld6.c",
"refsource": "CONFIRM",
"url": "http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet6/mld6.c"
},
{
"name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/mld6.c.diff?r1=1.46\u0026r2=1.47\u0026f=h",
"refsource": "CONFIRM",
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/mld6.c.diff?r1=1.46\u0026r2=1.47\u0026f=h"
},
{
"name": "http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet6/mld6.c.diff?r1=1.34;r2=1.35;f=h",
"refsource": "CONFIRM",
"url": "http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet6/mld6.c.diff?r1=1.34;r2=1.35;f=h"
},
{
"name": "NetBSD-SA2008-011",
"refsource": "NETBSD",
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-011.txt.asc"
},
{
"name": "1020822",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020822"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2008-2464",
"datePublished": "2008-09-10T15:00:00Z",
"dateReserved": "2008-05-28T00:00:00Z",
"dateUpdated": "2024-09-16T22:02:39.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0081 (GCVE-0-2004-0081)
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9899",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9899"
},
{
"name": "ESA-20040317-003",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
},
{
"name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
},
{
"name": "RHSA-2004:121",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
},
{
"name": "CLA-2004:834",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"name": "SCOSA-2004.10",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
},
{
"name": "20040304-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
},
{
"name": "openssl-tls-dos(15509)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"name": "FEDORA-2004-095",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
},
{
"name": "57524",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"name": "oval:org.mitre.oval:def:871",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
},
{
"name": "oval:org.mitre.oval:def:11755",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
},
{
"name": "VU#465542",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/465542"
},
{
"name": "TA04-078A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
},
{
"name": "GLSA-200403-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"name": "11139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11139"
},
{
"name": "RHSA-2004:120",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
},
{
"name": "RHSA-2004:119",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
},
{
"name": "oval:org.mitre.oval:def:902",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
},
{
"name": "RHSA-2004:139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
},
{
"name": "2004-0012",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
},
{
"name": "20040317 Cisco OpenSSL Implementation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"name": "DSA-465",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-465"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9899",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9899"
},
{
"name": "ESA-20040317-003",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
},
{
"name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
},
{
"name": "RHSA-2004:121",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
},
{
"name": "CLA-2004:834",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"name": "SCOSA-2004.10",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
},
{
"name": "20040304-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
},
{
"name": "openssl-tls-dos(15509)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"name": "FEDORA-2004-095",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
},
{
"name": "57524",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"name": "oval:org.mitre.oval:def:871",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
},
{
"name": "oval:org.mitre.oval:def:11755",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
},
{
"name": "VU#465542",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/465542"
},
{
"name": "TA04-078A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
},
{
"name": "GLSA-200403-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"name": "11139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11139"
},
{
"name": "RHSA-2004:120",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
},
{
"name": "RHSA-2004:119",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
},
{
"name": "oval:org.mitre.oval:def:902",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
},
{
"name": "RHSA-2004:139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
},
{
"name": "2004-0012",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
},
{
"name": "20040317 Cisco OpenSSL Implementation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"name": "DSA-465",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-465"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9899",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9899"
},
{
"name": "ESA-20040317-003",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
},
{
"name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
},
{
"name": "RHSA-2004:121",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
},
{
"name": "CLA-2004:834",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
},
{
"name": "SCOSA-2004.10",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
},
{
"name": "20040304-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
},
{
"name": "openssl-tls-dos(15509)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
},
{
"name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm",
"refsource": "MISC",
"url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
},
{
"name": "FEDORA-2004-095",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
},
{
"name": "57524",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
},
{
"name": "oval:org.mitre.oval:def:871",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
},
{
"name": "oval:org.mitre.oval:def:11755",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
},
{
"name": "VU#465542",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/465542"
},
{
"name": "TA04-078A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
},
{
"name": "GLSA-200403-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
},
{
"name": "11139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11139"
},
{
"name": "RHSA-2004:120",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
},
{
"name": "RHSA-2004:119",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
},
{
"name": "oval:org.mitre.oval:def:902",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
},
{
"name": "RHSA-2004:139",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
},
{
"name": "2004-0012",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2004/0012"
},
{
"name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
},
{
"name": "20040317 Cisco OpenSSL Implementation Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"name": "DSA-465",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-465"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0081",
"datePublished": "2004-03-18T05:00:00",
"dateReserved": "2004-01-19T00:00:00",
"dateUpdated": "2024-08-08T00:01:23.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7250 (GCVE-0-2014-7250)
Vulnerability from cvelistv5
Published
2014-12-12 02:00
Modified
2024-08-06 12:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN07930208/index.html | third-party-advisory, x_refsource_JVN | |
| https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195243 | x_refsource_MISC | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2014-000134 | third-party-advisory, x_refsource_JVNDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#07930208",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN07930208/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195243"
},
{
"name": "JVNDB-2014-000134",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000134"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T02:57:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#07930208",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN07930208/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195243"
},
{
"name": "JVNDB-2014-000134",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000134"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-7250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#07930208",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN07930208/index.html"
},
{
"name": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195243",
"refsource": "MISC",
"url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195243"
},
{
"name": "JVNDB-2014-000134",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000134"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-7250",
"datePublished": "2014-12-12T02:00:00",
"dateReserved": "2014-09-30T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0689 (GCVE-0-2009-0689)
Vulnerability from cvelistv5
Published
2009-07-01 12:26
Modified
2024-08-07 04:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2009-35/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=516862"
},
{
"name": "20090625 Multiple Vendors libc/gdtoa printf(3) Array Overrun",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/63"
},
{
"name": "20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507979/100/0/threaded"
},
{
"name": "20091211 Thunderbird 2.0.0.23 (lib) Remote Array Overrun (Arbitrary code execution)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/78"
},
{
"name": "RHSA-2010:0153",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0153.html"
},
{
"name": "20091211 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/75"
},
{
"name": "MDVSA-2009:330",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
},
{
"name": "39001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39001"
},
{
"name": "SUSE-SR:2009:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name": "20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507977/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "20091120 Opera 10.01 Remote Array Overrun (Arbitrary code execution)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/73"
},
{
"name": "20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/72"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-59.html"
},
{
"name": "ADV-2010-0094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0094"
},
{
"name": "ADV-2010-0648",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0648"
},
{
"name": "ADV-2010-0650",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0650"
},
{
"name": "272909",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1"
},
{
"name": "ADV-2009-3299",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3299"
},
{
"name": "RHSA-2009:1601",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1601.html"
},
{
"name": "20091210 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508423/100/0/threaded"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "[debian-lts-announce] 20181101 [SECURITY] [DLA 1564-1] mono security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00001.html"
},
{
"name": "SUSE-SR:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "RHSA-2014:0312",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0312.html"
},
{
"name": "37683",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37683"
},
{
"name": "38977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38977"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/support/kb/view/942/"
},
{
"name": "20091030 Multiple BSD printf(1) and multiple dtoa/*printf(3) vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/69"
},
{
"name": "RHSA-2010:0154",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0154.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=516396"
},
{
"name": "oval:org.mitre.oval:def:6528",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528"
},
{
"name": "37682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37682"
},
{
"name": "oval:org.mitre.oval:def:9541",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541"
},
{
"name": "38066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38066"
},
{
"name": "USN-915-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-915-1"
},
{
"name": "20091210 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508417/100/0/threaded"
},
{
"name": "RHSA-2014:0311",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0311.html"
},
{
"name": "ADV-2009-3297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3297"
},
{
"name": "20091211 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/76"
},
{
"name": "37431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37431"
},
{
"name": "20100108 MacOS X 10.5/10.6 libc/strtod(3) buffer overflow",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/81"
},
{
"name": "20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/71"
},
{
"name": "1022478",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022478"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c"
},
{
"name": "ADV-2009-3334",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3334"
},
{
"name": "20091211 Sunbird 0.9 Array Overrun (code execution)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/77"
},
{
"name": "MDVSA-2009:294",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:294"
},
{
"name": "35510",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35510"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2009-35/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=516862"
},
{
"name": "20090625 Multiple Vendors libc/gdtoa printf(3) Array Overrun",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/63"
},
{
"name": "20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507979/100/0/threaded"
},
{
"name": "20091211 Thunderbird 2.0.0.23 (lib) Remote Array Overrun (Arbitrary code execution)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/78"
},
{
"name": "RHSA-2010:0153",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0153.html"
},
{
"name": "20091211 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/75"
},
{
"name": "MDVSA-2009:330",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
},
{
"name": "39001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39001"
},
{
"name": "SUSE-SR:2009:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name": "20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507977/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "20091120 Opera 10.01 Remote Array Overrun (Arbitrary code execution)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/73"
},
{
"name": "20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/72"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-59.html"
},
{
"name": "ADV-2010-0094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0094"
},
{
"name": "ADV-2010-0648",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0648"
},
{
"name": "ADV-2010-0650",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0650"
},
{
"name": "272909",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1"
},
{
"name": "ADV-2009-3299",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3299"
},
{
"name": "RHSA-2009:1601",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1601.html"
},
{
"name": "20091210 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508423/100/0/threaded"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "[debian-lts-announce] 20181101 [SECURITY] [DLA 1564-1] mono security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00001.html"
},
{
"name": "SUSE-SR:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "RHSA-2014:0312",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0312.html"
},
{
"name": "37683",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37683"
},
{
"name": "38977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38977"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/support/kb/view/942/"
},
{
"name": "20091030 Multiple BSD printf(1) and multiple dtoa/*printf(3) vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/69"
},
{
"name": "RHSA-2010:0154",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0154.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=516396"
},
{
"name": "oval:org.mitre.oval:def:6528",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528"
},
{
"name": "37682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37682"
},
{
"name": "oval:org.mitre.oval:def:9541",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541"
},
{
"name": "38066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38066"
},
{
"name": "USN-915-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-915-1"
},
{
"name": "20091210 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508417/100/0/threaded"
},
{
"name": "RHSA-2014:0311",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0311.html"
},
{
"name": "ADV-2009-3297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3297"
},
{
"name": "20091211 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/76"
},
{
"name": "37431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37431"
},
{
"name": "20100108 MacOS X 10.5/10.6 libc/strtod(3) buffer overflow",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/81"
},
{
"name": "20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/71"
},
{
"name": "1022478",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022478"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c"
},
{
"name": "ADV-2009-3334",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3334"
},
{
"name": "20091211 Sunbird 0.9 Array Overrun (code execution)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/77"
},
{
"name": "MDVSA-2009:294",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:294"
},
{
"name": "35510",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35510"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2009-0689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h",
"refsource": "CONFIRM",
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h"
},
{
"name": "http://secunia.com/secunia_research/2009-35/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-35/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=516862",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=516862"
},
{
"name": "20090625 Multiple Vendors libc/gdtoa printf(3) Array Overrun",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/63"
},
{
"name": "20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507979/100/0/threaded"
},
{
"name": "20091211 Thunderbird 2.0.0.23 (lib) Remote Array Overrun (Arbitrary code execution)",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/78"
},
{
"name": "RHSA-2010:0153",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0153.html"
},
{
"name": "20091211 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/75"
},
{
"name": "MDVSA-2009:330",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
},
{
"name": "39001",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39001"
},
{
"name": "SUSE-SR:2009:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name": "20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507977/100/0/threaded"
},
{
"name": "http://support.apple.com/kb/HT4225",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "20091120 Opera 10.01 Remote Array Overrun (Arbitrary code execution)",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/73"
},
{
"name": "20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/72"
},
{
"name": "http://www.mozilla.org/security/announce/2009/mfsa2009-59.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-59.html"
},
{
"name": "ADV-2010-0094",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0094"
},
{
"name": "ADV-2010-0648",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0648"
},
{
"name": "ADV-2010-0650",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0650"
},
{
"name": "272909",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1"
},
{
"name": "ADV-2009-3299",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3299"
},
{
"name": "RHSA-2009:1601",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1601.html"
},
{
"name": "20091210 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508423/100/0/threaded"
},
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "[debian-lts-announce] 20181101 [SECURITY] [DLA 1564-1] mono security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00001.html"
},
{
"name": "SUSE-SR:2010:013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "RHSA-2014:0312",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0312.html"
},
{
"name": "37683",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37683"
},
{
"name": "38977",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38977"
},
{
"name": "http://www.opera.com/support/kb/view/942/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/kb/view/942/"
},
{
"name": "20091030 Multiple BSD printf(1) and multiple dtoa/*printf(3) vulnerabilities",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/69"
},
{
"name": "RHSA-2010:0154",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0154.html"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=516396",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=516396"
},
{
"name": "oval:org.mitre.oval:def:6528",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528"
},
{
"name": "37682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37682"
},
{
"name": "oval:org.mitre.oval:def:9541",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541"
},
{
"name": "38066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38066"
},
{
"name": "USN-915-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-915-1"
},
{
"name": "20091210 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508417/100/0/threaded"
},
{
"name": "RHSA-2014:0311",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0311.html"
},
{
"name": "ADV-2009-3297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3297"
},
{
"name": "20091211 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/76"
},
{
"name": "37431",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37431"
},
{
"name": "20100108 MacOS X 10.5/10.6 libc/strtod(3) buffer overflow",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/81"
},
{
"name": "20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/71"
},
{
"name": "1022478",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022478"
},
{
"name": "APPLE-SA-2010-06-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c"
},
{
"name": "ADV-2009-3334",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3334"
},
{
"name": "20091211 Sunbird 0.9 Array Overrun (code execution)",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/77"
},
{
"name": "MDVSA-2009:294",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:294"
},
{
"name": "35510",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35510"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2009-0689",
"datePublished": "2009-07-01T12:26:00",
"dateReserved": "2009-02-22T00:00:00",
"dateUpdated": "2024-08-07T04:40:05.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0594 (GCVE-0-2000-0594)
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/freebsd/2000-07/0042.html | vendor-advisory, x_refsource_FREEBSD | |
| http://archives.neohapsis.com/archives/bugtraq/2000-07/0105.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.redhat.com/support/errata/RHSA-2000-042.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.calderasystems.com/support/security/advisories/CSSA-2000-022.0.txt | vendor-advisory, x_refsource_CALDERA | |
| http://www.securityfocus.com/bid/1436 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/4897 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2000-07/0026.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2000-07/0098.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0018.html | mailing-list, x_refsource_VULN-DEV |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:21:31.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-00:32",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2000-07/0042.html"
},
{
"name": "20000707 BitchX update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0105.html"
},
{
"name": "RHSA-2000:042",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-042.html"
},
{
"name": "CSSA-2000-022.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-022.0.txt"
},
{
"name": "1436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1436"
},
{
"name": "irc-bitchx-invite-dos(4897)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4897"
},
{
"name": "20000704 BitchX exploit possibly waiting to happen, certain DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0026.html"
},
{
"name": "20000707 CONECTIVA LINUX SECURITY ANNOUNCEMENT - BitchX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0098.html"
},
{
"name": "20000704 BitchX /ignore bug",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-00:32",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2000-07/0042.html"
},
{
"name": "20000707 BitchX update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0105.html"
},
{
"name": "RHSA-2000:042",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-042.html"
},
{
"name": "CSSA-2000-022.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-022.0.txt"
},
{
"name": "1436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1436"
},
{
"name": "irc-bitchx-invite-dos(4897)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4897"
},
{
"name": "20000704 BitchX exploit possibly waiting to happen, certain DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0026.html"
},
{
"name": "20000707 CONECTIVA LINUX SECURITY ANNOUNCEMENT - BitchX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0098.html"
},
{
"name": "20000704 BitchX /ignore bug",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-00:32",
"refsource": "FREEBSD",
"url": "http://archives.neohapsis.com/archives/freebsd/2000-07/0042.html"
},
{
"name": "20000707 BitchX update",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0105.html"
},
{
"name": "RHSA-2000:042",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-042.html"
},
{
"name": "CSSA-2000-022.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-022.0.txt"
},
{
"name": "1436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1436"
},
{
"name": "irc-bitchx-invite-dos(4897)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4897"
},
{
"name": "20000704 BitchX exploit possibly waiting to happen, certain DoS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0026.html"
},
{
"name": "20000707 CONECTIVA LINUX SECURITY ANNOUNCEMENT - BitchX",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0098.html"
},
{
"name": "20000704 BitchX /ignore bug",
"refsource": "VULN-DEV",
"url": "http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0594",
"datePublished": "2000-10-13T04:00:00",
"dateReserved": "2000-07-19T00:00:00",
"dateUpdated": "2024-08-08T05:21:31.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0610 (GCVE-0-2005-0610)
Vulnerability from cvelistv5
Published
2005-04-13 04:00
Modified
2024-08-07 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a port or package, or (3) create arbitrary zero-byte files via the pkgdb.fixme temporary file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/14903 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/13106 | vdb-entry, x_refsource_BID | |
| http://www.vuxml.org/freebsd/22f00553-a09d-11d9-a788-0001020eed82.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14903"
},
{
"name": "13106",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13106"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vuxml.org/freebsd/22f00553-a09d-11d9-a788-0001020eed82.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a port or package, or (3) create arbitrary zero-byte files via the pkgdb.fixme temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:38:59",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "14903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14903"
},
{
"name": "13106",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13106"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vuxml.org/freebsd/22f00553-a09d-11d9-a788-0001020eed82.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2005-0610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a port or package, or (3) create arbitrary zero-byte files via the pkgdb.fixme temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14903",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14903"
},
{
"name": "13106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13106"
},
{
"name": "http://www.vuxml.org/freebsd/22f00553-a09d-11d9-a788-0001020eed82.html",
"refsource": "MISC",
"url": "http://www.vuxml.org/freebsd/22f00553-a09d-11d9-a788-0001020eed82.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2005-0610",
"datePublished": "2005-04-13T04:00:00",
"dateReserved": "2005-03-01T00:00:00",
"dateUpdated": "2024-08-07T21:21:06.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4358 (GCVE-0-2009-4358)
Vulnerability from cvelistv5
Published
2009-12-20 02:00
Modified
2024-09-16 18:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.securityfocus.com/bid/37190 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/37575 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:19.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-09:17",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc"
},
{
"name": "37190",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37190"
},
{
"name": "37575",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37575"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-20T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-09:17",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc"
},
{
"name": "37190",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37190"
},
{
"name": "37575",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37575"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-09:17",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc"
},
{
"name": "37190",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37190"
},
{
"name": "37575",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37575"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4358",
"datePublished": "2009-12-20T02:00:00Z",
"dateReserved": "2009-12-19T00:00:00Z",
"dateUpdated": "2024-09-16T18:55:18.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8612 (GCVE-0-2014-8612)
Vulnerability from cvelistv5
Published
2015-02-02 16:00
Modified
2024-08-06 13:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function, when setting the SCTIP_SS_VALUE option, or (2) read arbitrary kernel memory via the stream id to the getsockopt function, when getting the SCTP_SS_PRIORITY option.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/534563/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://seclists.org/fulldisclosure/2015/Jan/107 | mailing-list, x_refsource_FULLDISC | |
| http://www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities | x_refsource_MISC | |
| https://www.freebsd.org/security/advisories/FreeBSD-SA-15:02.kmem.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.securityfocus.com/bid/72342 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1031648 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:02.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150127 [CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534563/100/0/threaded"
},
{
"name": "20150127 [CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities"
},
{
"name": "FreeBSD-SA-15:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:02.kmem.asc"
},
{
"name": "72342",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72342"
},
{
"name": "1031648",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function, when setting the SCTIP_SS_VALUE option, or (2) read arbitrary kernel memory via the stream id to the getsockopt function, when getting the SCTP_SS_PRIORITY option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20150127 [CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534563/100/0/threaded"
},
{
"name": "20150127 [CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities"
},
{
"name": "FreeBSD-SA-15:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:02.kmem.asc"
},
{
"name": "72342",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72342"
},
{
"name": "1031648",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function, when setting the SCTIP_SS_VALUE option, or (2) read arbitrary kernel memory via the stream id to the getsockopt function, when getting the SCTP_SS_PRIORITY option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150127 [CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534563/100/0/threaded"
},
{
"name": "20150127 [CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/107"
},
{
"name": "http://www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities",
"refsource": "MISC",
"url": "http://www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities"
},
{
"name": "FreeBSD-SA-15:02",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:02.kmem.asc"
},
{
"name": "72342",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72342"
},
{
"name": "1031648",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8612",
"datePublished": "2015-02-02T16:00:00",
"dateReserved": "2014-11-04T00:00:00",
"dateUpdated": "2024-08-06T13:26:02.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1938 (GCVE-0-2010-1938)
Vulnerability from cvelistv5
Published
2010-05-28 18:00
Modified
2024-08-07 02:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:13.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.pi3.com.pl/?p=111"
},
{
"name": "7450",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/7450"
},
{
"name": "40403",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40403"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://site.pi3.com.pl/adv/libopie-adv.txt"
},
{
"name": "1024040",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024040"
},
{
"name": "DSA-2281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2281"
},
{
"name": "FreeBSD-SA-10:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:05.opie.asc"
},
{
"name": "39966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39966"
},
{
"name": "12762",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/12762"
},
{
"name": "20100527 libopie __readrec() off-by one (FreeBSD ftpd remote PoC)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/87"
},
{
"name": "1025709",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025709"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584932"
},
{
"name": "39963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39963"
},
{
"name": "45136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45136"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-18T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.pi3.com.pl/?p=111"
},
{
"name": "7450",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/7450"
},
{
"name": "40403",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40403"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://site.pi3.com.pl/adv/libopie-adv.txt"
},
{
"name": "1024040",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024040"
},
{
"name": "DSA-2281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2281"
},
{
"name": "FreeBSD-SA-10:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:05.opie.asc"
},
{
"name": "39966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39966"
},
{
"name": "12762",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/12762"
},
{
"name": "20100527 libopie __readrec() off-by one (FreeBSD ftpd remote PoC)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/87"
},
{
"name": "1025709",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025709"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584932"
},
{
"name": "39963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39963"
},
{
"name": "45136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45136"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.pi3.com.pl/?p=111",
"refsource": "MISC",
"url": "http://blog.pi3.com.pl/?p=111"
},
{
"name": "7450",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/7450"
},
{
"name": "40403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40403"
},
{
"name": "http://site.pi3.com.pl/adv/libopie-adv.txt",
"refsource": "MISC",
"url": "http://site.pi3.com.pl/adv/libopie-adv.txt"
},
{
"name": "1024040",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024040"
},
{
"name": "DSA-2281",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2281"
},
{
"name": "FreeBSD-SA-10:05",
"refsource": "FREEBSD",
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:05.opie.asc"
},
{
"name": "39966",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39966"
},
{
"name": "12762",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12762"
},
{
"name": "20100527 libopie __readrec() off-by one (FreeBSD ftpd remote PoC)",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/87"
},
{
"name": "1025709",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025709"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584932",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584932"
},
{
"name": "39963",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39963"
},
{
"name": "45136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45136"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1938",
"datePublished": "2010-05-28T18:00:00",
"dateReserved": "2010-05-13T00:00:00",
"dateUpdated": "2024-08-07T02:17:13.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3336 (GCVE-0-2011-3336)
Vulnerability from cvelistv5
Published
2020-02-12 19:32
Modified
2024-08-06 23:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
Summary
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2014/Mar/166 | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/50541 | vdb-entry, x_refsource_BID | |
| https://www.securityfocus.com/archive/1/520390 | mailing-list, x_refsource_BUGTRAQ | |
| https://cxsecurity.com/issue/WLB-2011110082 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140314 MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/166"
},
{
"name": "50541",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50541"
},
{
"name": "20111104 Multiple BSD libc/regcomp(3) Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://www.securityfocus.com/archive/1/520390"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2011110082"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"status": "affected",
"version": "through 2011"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T19:32:03",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "20140314 MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/166"
},
{
"name": "50541",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50541"
},
{
"name": "20111104 Multiple BSD libc/regcomp(3) Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://www.securityfocus.com/archive/1/520390"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cxsecurity.com/issue/WLB-2011110082"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-3336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_value": "through 2011"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140314 MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/166"
},
{
"name": "50541",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50541"
},
{
"name": "20111104 Multiple BSD libc/regcomp(3) Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "https://www.securityfocus.com/archive/1/520390"
},
{
"name": "https://cxsecurity.com/issue/WLB-2011110082",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2011110082"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-3336",
"datePublished": "2020-02-12T19:32:03",
"dateReserved": "2011-08-29T00:00:00",
"dateUpdated": "2024-08-06T23:29:56.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29626 (GCVE-0-2021-29626)
Vulnerability from cvelistv5
Published
2021-04-07 14:48
Modified
2024-08-03 22:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use after free memory disclosure
Summary
In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-21:08.vm.asc | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210423-0008/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:06.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:08.vm.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210423-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FreeBSD 12.2-RELEASE before p6, 11.4-RELEASE before p9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free memory disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-23T05:06:28",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:08.vm.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210423-0008/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2021-29626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 12.2-RELEASE before p6, 11.4-RELEASE before p9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free memory disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:08.vm.asc",
"refsource": "MISC",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:08.vm.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210423-0008/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210423-0008/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2021-29626",
"datePublished": "2021-04-07T14:48:32",
"dateReserved": "2021-03-30T00:00:00",
"dateUpdated": "2024-08-03T22:11:06.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5679 (GCVE-0-2006-5679)
Vulnerability from cvelistv5
Published
2006-11-03 22:00
Modified
2024-08-07 19:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted UFS filesystem that causes invalid or large size parameters to be provided to the kmem_alloc function. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA07-072A.html | third-party-advisory, x_refsource_CERT | |
| http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/22736 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html | vendor-advisory, x_refsource_APPLE | |
| http://docs.info.apple.com/article.html?artnum=305214 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1017751 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/20918 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2007/0930 | vdb-entry, x_refsource_VUPEN | |
| http://projects.info-pull.com/mokb/MOKB-03-11-2006.html | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/552136 | third-party-advisory, x_refsource_CERT-VN | |
| http://secunia.com/advisories/24479 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:55:53.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA07-072A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name": "[freebsd-security] 20070114 MOAB advisories",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html"
},
{
"name": "22736",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22736"
},
{
"name": "APPLE-SA-2007-03-13",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name": "1017751",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017751"
},
{
"name": "20918",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20918"
},
{
"name": "ADV-2007-0930",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://projects.info-pull.com/mokb/MOKB-03-11-2006.html"
},
{
"name": "VU#552136",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/552136"
},
{
"name": "24479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24479"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted UFS filesystem that causes invalid or large size parameters to be provided to the kmem_alloc function. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-01-17T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "TA07-072A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name": "[freebsd-security] 20070114 MOAB advisories",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html"
},
{
"name": "22736",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22736"
},
{
"name": "APPLE-SA-2007-03-13",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name": "1017751",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017751"
},
{
"name": "20918",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20918"
},
{
"name": "ADV-2007-0930",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://projects.info-pull.com/mokb/MOKB-03-11-2006.html"
},
{
"name": "VU#552136",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/552136"
},
{
"name": "24479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24479"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted UFS filesystem that causes invalid or large size parameters to be provided to the kmem_alloc function. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA07-072A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name": "[freebsd-security] 20070114 MOAB advisories",
"refsource": "MLIST",
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html"
},
{
"name": "22736",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22736"
},
{
"name": "APPLE-SA-2007-03-13",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305214",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name": "1017751",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017751"
},
{
"name": "20918",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20918"
},
{
"name": "ADV-2007-0930",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name": "http://projects.info-pull.com/mokb/MOKB-03-11-2006.html",
"refsource": "MISC",
"url": "http://projects.info-pull.com/mokb/MOKB-03-11-2006.html"
},
{
"name": "VU#552136",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/552136"
},
{
"name": "24479",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24479"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5679",
"datePublished": "2006-11-03T22:00:00",
"dateReserved": "2006-11-03T00:00:00",
"dateUpdated": "2024-08-07T19:55:53.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0074 (GCVE-0-1999-0074)
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Listening TCP ports are sequentially allocated, allowing spoofing attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cve.org/CVERecord?id=CVE-1999-0074 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:27:57.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-1999-0074"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Listening TCP ports are sequentially allocated, allowing spoofing attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T05:41:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cve.org/CVERecord?id=CVE-1999-0074"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Listening TCP ports are sequentially allocated, allowing spoofing attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cve.org/CVERecord?id=CVE-1999-0074",
"refsource": "MISC",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-0074"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0074",
"datePublished": "1999-09-29T04:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:27:57.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17155 (GCVE-0-2018-17155)
Vulnerability from cvelistv5
Published
2018-09-28 13:00
Modified
2024-09-16 19:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Kernel memory disclosure
Summary
In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-EN-18:12.mem.asc | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:59.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:12.mem.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"status": "affected",
"version": "11.2 before 11.2-RELEASE-p4"
},
{
"status": "affected",
"version": "11.1 before 11.1-RELEASE-p15"
},
{
"status": "affected",
"version": "10.x before 10.4-RELEASE-p13"
}
]
}
],
"datePublic": "2018-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Kernel memory disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-28T12:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:12.mem.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"DATE_PUBLIC": "2018-09-27T00:00:00",
"ID": "CVE-2018-17155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "11.2 before 11.2-RELEASE-p4"
},
{
"version_value": "11.1 before 11.1-RELEASE-p15"
},
{
"version_value": "10.x before 10.4-RELEASE-p13"
}
]
}
}
]
},
"vendor_name": "FreeBSD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Kernel memory disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:12.mem.asc",
"refsource": "CONFIRM",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:12.mem.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2018-17155",
"datePublished": "2018-09-28T13:00:00Z",
"dateReserved": "2018-09-18T00:00:00",
"dateUpdated": "2024-09-16T19:05:00.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0388 (GCVE-0-2001-0388)
Vulnerability from cvelistv5
Published
2001-09-18 04:00
Modified
2024-08-08 04:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
time server daemon timed allows remote attackers to cause a denial of service via malformed packets.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.novell.com/linux/security/advisories/2001_007_nkitserv.html | vendor-advisory, x_refsource_SUSE | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6228 | vdb-entry, x_refsource_XF | |
| http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-034.php3 | vendor-advisory, x_refsource_MANDRAKE | |
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:28.timed.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:37.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SuSE-SA:2001:07",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2001_007_nkitserv.html"
},
{
"name": "timed-remote-dos(6228)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6228"
},
{
"name": "MDKSA-2001:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-034.php3"
},
{
"name": "FreeBSD-SA-01:28",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:28.timed.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "time server daemon timed allows remote attackers to cause a denial of service via malformed packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SuSE-SA:2001:07",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2001_007_nkitserv.html"
},
{
"name": "timed-remote-dos(6228)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6228"
},
{
"name": "MDKSA-2001:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-034.php3"
},
{
"name": "FreeBSD-SA-01:28",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:28.timed.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "time server daemon timed allows remote attackers to cause a denial of service via malformed packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SuSE-SA:2001:07",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2001_007_nkitserv.html"
},
{
"name": "timed-remote-dos(6228)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6228"
},
{
"name": "MDKSA-2001:034",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-034.php3"
},
{
"name": "FreeBSD-SA-01:28",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:28.timed.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0388",
"datePublished": "2001-09-18T04:00:00",
"dateReserved": "2001-05-24T00:00:00",
"dateUpdated": "2024-08-08T04:21:37.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43102 (GCVE-0-2024-43102)
Vulnerability from cvelistv5
Published
2024-09-05 04:54
Modified
2024-09-16 21:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub-request of UMTX_OP_SHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early.
A malicious code exercizing the UMTX_SHM_DESTROY sub-request in parallel can panic the kernel or enable further Use-After-Free attacks, potentially including code execution or Capsicum sandbox escape.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.freebsd.org/advisories/FreeBSD-SA-24:14.umtx.asc | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freebsd",
"vendor": "freebsd",
"versions": [
{
"lessThan": "14.1_p4",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "14.0_p10",
"status": "affected",
"version": "14.0",
"versionType": "custom"
},
{
"lessThan": "13.3_p6",
"status": "affected",
"version": "13.3",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-43102",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T03:55:21.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-16T21:02:44.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240916-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"umtx"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p4",
"status": "affected",
"version": "14.1-RELEASE",
"versionType": "release"
},
{
"lessThan": "p10",
"status": "affected",
"version": "14.0-RELEASE",
"versionType": "release"
},
{
"lessThan": "p6",
"status": "affected",
"version": "13.3-RELEASE",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Synacktiv"
},
{
"lang": "en",
"type": "sponsor",
"value": "The FreeBSD Foundation"
},
{
"lang": "en",
"type": "sponsor",
"value": "The Alpha-Omega Project"
}
],
"datePublic": "2024-09-04T23:37:29.000Z",
"descriptions": [
{
"lang": "en",
"value": "Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub-request of UMTX_OP_SHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early.\n\nA malicious code exercizing the UMTX_SHM_DESTROY sub-request in parallel can panic the kernel or enable further Use-After-Free attacks, potentially including code execution or Capsicum sandbox escape."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-911",
"description": "CWE-911 Improper Update of Reference Count",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T04:54:52.452Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:14.umtx.asc"
}
],
"title": "umtx Kernel panic or Use-After-Free"
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2024-43102",
"datePublished": "2024-09-05T04:54:52.452Z",
"dateReserved": "2024-08-27T16:30:55.979Z",
"dateUpdated": "2024-09-16T21:02:44.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1436 (GCVE-0-2009-1436)
Vulnerability from cvelistv5
Published
2009-04-27 17:43
Modified
2024-08-07 05:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/34666 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/53918 | vdb-entry, x_refsource_OSVDB | |
| http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://secunia.com/advisories/34810 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1022113 | vdb-entry, x_refsource_SECTRACK | |
| http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10756 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34666",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34666"
},
{
"name": "53918",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53918"
},
{
"name": "FreeBSD-SA-09:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc"
},
{
"name": "34810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34810"
},
{
"name": "1022113",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10756"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34666",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34666"
},
{
"name": "53918",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53918"
},
{
"name": "FreeBSD-SA-09:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc"
},
{
"name": "34810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34810"
},
{
"name": "1022113",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10756"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34666",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34666"
},
{
"name": "53918",
"refsource": "OSVDB",
"url": "http://osvdb.org/53918"
},
{
"name": "FreeBSD-SA-09:07",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc"
},
{
"name": "34810",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34810"
},
{
"name": "1022113",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022113"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10756",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10756"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1436",
"datePublished": "2009-04-27T17:43:00",
"dateReserved": "2009-04-27T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1886 (GCVE-0-2016-1886)
Vulnerability from cvelistv5
Published
2016-05-25 15:00
Modified
2024-08-05 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a "two way heap and stack overflow."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1035905 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/90734 | vdb-entry, x_refsource_BID | |
| https://www.freebsd.org/security/advisories/FreeBSD-SA-16:18.atkbd.asc | vendor-advisory, x_refsource_FREEBSD | |
| https://security.FreeBSD.org/patches/SA-16:18/atkbd.patch | x_refsource_CONFIRM | |
| http://cturt.github.io/SETFKEY.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:40.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035905",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035905"
},
{
"name": "90734",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90734"
},
{
"name": "FreeBSD-SA-16:18",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:18.atkbd.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.FreeBSD.org/patches/SA-16:18/atkbd.patch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cturt.github.io/SETFKEY.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a \"two way heap and stack overflow.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-19T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1035905",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035905"
},
{
"name": "90734",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90734"
},
{
"name": "FreeBSD-SA-16:18",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:18.atkbd.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.FreeBSD.org/patches/SA-16:18/atkbd.patch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cturt.github.io/SETFKEY.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a \"two way heap and stack overflow.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035905",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035905"
},
{
"name": "90734",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90734"
},
{
"name": "FreeBSD-SA-16:18",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:18.atkbd.asc"
},
{
"name": "https://security.FreeBSD.org/patches/SA-16:18/atkbd.patch",
"refsource": "CONFIRM",
"url": "https://security.FreeBSD.org/patches/SA-16:18/atkbd.patch"
},
{
"name": "http://cturt.github.io/SETFKEY.html",
"refsource": "MISC",
"url": "http://cturt.github.io/SETFKEY.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1886",
"datePublished": "2016-05-25T15:00:00",
"dateReserved": "2016-01-13T00:00:00",
"dateUpdated": "2024-08-05T23:10:40.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5606 (GCVE-0-2019-5606)
Vulnerability from cvelistv5
Published
2019-07-26 00:33
Modified
2024-08-04 20:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Kernel use after free
Summary
In FreeBSD 12.0-STABLE before r349805, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r349806, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, code which handles close of a descriptor created by posix_openpt fails to undo a signal configuration. This causes an incorrect signal to be raised leading to a write after free of kernel memory allowing a malicious user to gain root privileges or escape a jail.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-19:13.pts.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://packetstormsecurity.com/files/153748/FreeBSD-Security-Advisory-FreeBSD-SA-19-13.pts.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20190814-0003/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-19:13",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:13.pts.asc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153748/FreeBSD-Security-Advisory-FreeBSD-SA-19-13.pts.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190814-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"status": "affected",
"version": "FreeBSD before 12.0-RELEASE-p8"
},
{
"status": "affected",
"version": "before 11.3-RELEASE-p1"
},
{
"status": "affected",
"version": "and before 11.2-RELEASE-p12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.0-STABLE before r349805, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r349806, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, code which handles close of a descriptor created by posix_openpt fails to undo a signal configuration. This causes an incorrect signal to be raised leading to a write after free of kernel memory allowing a malicious user to gain root privileges or escape a jail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Kernel use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-14T17:06:12",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "FreeBSD-SA-19:13",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:13.pts.asc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153748/FreeBSD-Security-Advisory-FreeBSD-SA-19-13.pts.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190814-0003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2019-5606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD before 12.0-RELEASE-p8"
},
{
"version_value": "before 11.3-RELEASE-p1"
},
{
"version_value": "and before 11.2-RELEASE-p12"
}
]
}
}
]
},
"vendor_name": "FreeBSD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.0-STABLE before r349805, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r349806, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, code which handles close of a descriptor created by posix_openpt fails to undo a signal configuration. This causes an incorrect signal to be raised leading to a write after free of kernel memory allowing a malicious user to gain root privileges or escape a jail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Kernel use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-19:13",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:13.pts.asc"
},
{
"name": "http://packetstormsecurity.com/files/153748/FreeBSD-Security-Advisory-FreeBSD-SA-19-13.pts.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153748/FreeBSD-Security-Advisory-FreeBSD-SA-19-13.pts.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190814-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190814-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2019-5606",
"datePublished": "2019-07-26T00:33:33",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:51.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0963 (GCVE-0-1999-0963)
Vulnerability from cvelistv5
Published
2000-01-04 05:00
Modified
2024-08-01 16:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FreeBSD mount_union command allows local users to gain root privileges via a symlink attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/6088 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:29.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6088",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6088"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1996-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FreeBSD mount_union command allows local users to gain root privileges via a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6088",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6088"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeBSD mount_union command allows local users to gain root privileges via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6088",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6088"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0963",
"datePublished": "2000-01-04T05:00:00",
"dateReserved": "1999-12-08T00:00:00",
"dateUpdated": "2024-08-01T16:55:29.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0973 (GCVE-0-2002-0973)
Vulnerability from cvelistv5
Published
2002-08-23 04:00
Modified
2024-08-08 03:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/5493 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=102976839728706&w=2 | vendor-advisory, x_refsource_FREEBSD | |
| http://www.iss.net/security_center/static/9903.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5493",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5493"
},
{
"name": "FreeBSD-SA-02:38",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102976839728706\u0026w=2"
},
{
"name": "freebsd-negative-system-call-bo(9903)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9903.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5493",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5493"
},
{
"name": "FreeBSD-SA-02:38",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102976839728706\u0026w=2"
},
{
"name": "freebsd-negative-system-call-bo(9903)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9903.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5493"
},
{
"name": "FreeBSD-SA-02:38",
"refsource": "FREEBSD",
"url": "http://marc.info/?l=bugtraq\u0026m=102976839728706\u0026w=2"
},
{
"name": "freebsd-negative-system-call-bo(9903)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9903.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0973",
"datePublished": "2002-08-23T04:00:00",
"dateReserved": "2002-08-21T00:00:00",
"dateUpdated": "2024-08-08T03:12:16.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4172 (GCVE-0-2006-4172)
Vulnerability from cvelistv5
Published
2006-09-26 01:43
Modified
2024-08-07 18:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow vulnerability in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-4178.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29132 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/446945/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securitytracker.com/id?1016926 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/22064 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/20158 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1016928 | vdb-entry, x_refsource_SECTRACK | |
| http://www.idefense.com/intelligence/vulnerabilities/display.php?id=414 | third-party-advisory, x_refsource_IDEFENSE | |
| http://archives.neohapsis.com/archives/bugtraq/2006-09/0376.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:46.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "freebsd-i386setldt-overflow(29132)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29132"
},
{
"name": "20060925 iDefense Security Advisory 09.23.06: FreeBSD i386_set_ldt Integer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/446945/100/0/threaded"
},
{
"name": "1016926",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016926"
},
{
"name": "22064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22064"
},
{
"name": "20158",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20158"
},
{
"name": "1016928",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016928"
},
{
"name": "20060923 FreeBSD i386_set_ldt Integer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=414"
},
{
"name": "20060923 [RISE-2006002] FreeBSD 5.x kernel i386_set_ldt() integer overflow vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-09/0376.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow vulnerability in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-4178."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "freebsd-i386setldt-overflow(29132)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29132"
},
{
"name": "20060925 iDefense Security Advisory 09.23.06: FreeBSD i386_set_ldt Integer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/446945/100/0/threaded"
},
{
"name": "1016926",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016926"
},
{
"name": "22064",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22064"
},
{
"name": "20158",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20158"
},
{
"name": "1016928",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016928"
},
{
"name": "20060923 FreeBSD i386_set_ldt Integer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=414"
},
{
"name": "20060923 [RISE-2006002] FreeBSD 5.x kernel i386_set_ldt() integer overflow vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-09/0376.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow vulnerability in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-4178."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "freebsd-i386setldt-overflow(29132)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29132"
},
{
"name": "20060925 iDefense Security Advisory 09.23.06: FreeBSD i386_set_ldt Integer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446945/100/0/threaded"
},
{
"name": "1016926",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016926"
},
{
"name": "22064",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22064"
},
{
"name": "20158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20158"
},
{
"name": "1016928",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016928"
},
{
"name": "20060923 FreeBSD i386_set_ldt Integer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=414"
},
{
"name": "20060923 [RISE-2006002] FreeBSD 5.x kernel i386_set_ldt() integer overflow vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-09/0376.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4172",
"datePublished": "2006-09-26T01:43:00",
"dateReserved": "2006-08-16T00:00:00",
"dateUpdated": "2024-08-07T18:57:46.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0754 (GCVE-0-2002-0754)
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 03:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.securityfocus.com/bid/3919 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/7956.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:47.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-02:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc"
},
{
"name": "3919",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3919"
},
{
"name": "kerberos5-k5su-elevate-privileges(7956)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7956.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-24T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-02:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc"
},
{
"name": "3919",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3919"
},
{
"name": "kerberos5-k5su-elevate-privileges(7956)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7956.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-02:07",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc"
},
{
"name": "3919",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3919"
},
{
"name": "kerberos5-k5su-elevate-privileges(7956)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7956.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0754",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-07-25T00:00:00",
"dateUpdated": "2024-08-08T03:03:47.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0749 (GCVE-0-2000-0749)
Vulnerability from cvelistv5
Published
2001-01-22 05:00
Modified
2024-08-08 05:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/1536 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5968 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/freebsd/2000-08/0338.html | vendor-advisory, x_refsource_FREEBSD | |
| http://www.securityfocus.com/bid/1628 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:28:41.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1536",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1536"
},
{
"name": "freebsd-linux-module-bo(5968)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5968"
},
{
"name": "FreeBSD-SA-00:42",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2000-08/0338.html"
},
{
"name": "1628",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1628"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1536",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1536"
},
{
"name": "freebsd-linux-module-bo(5968)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5968"
},
{
"name": "FreeBSD-SA-00:42",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2000-08/0338.html"
},
{
"name": "1628",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1628"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1536",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1536"
},
{
"name": "freebsd-linux-module-bo(5968)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5968"
},
{
"name": "FreeBSD-SA-00:42",
"refsource": "FREEBSD",
"url": "http://archives.neohapsis.com/archives/freebsd/2000-08/0338.html"
},
{
"name": "1628",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1628"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0749",
"datePublished": "2001-01-22T05:00:00",
"dateReserved": "2000-09-19T00:00:00",
"dateUpdated": "2024-08-08T05:28:41.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2019 (GCVE-0-2005-2019)
Vulnerability from cvelistv5
Published
2005-06-30 04:00
Modified
2024-09-16 23:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) or Uni Processor (UP) systems with the PREEMPTION kernel option enabled, does not sufficiently lock certain resources while performing table lookups, which can cause the cache results to be corrupted during multiple concurrent lookups, allowing remote attackers to bypass intended access restrictions.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:13.ipfw.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:36.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-05:13",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:13.ipfw.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) or Uni Processor (UP) systems with the PREEMPTION kernel option enabled, does not sufficiently lock certain resources while performing table lookups, which can cause the cache results to be corrupted during multiple concurrent lookups, allowing remote attackers to bypass intended access restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-30T04:00:00Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "FreeBSD-SA-05:13",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:13.ipfw.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2005-2019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) or Uni Processor (UP) systems with the PREEMPTION kernel option enabled, does not sufficiently lock certain resources while performing table lookups, which can cause the cache results to be corrupted during multiple concurrent lookups, allowing remote attackers to bypass intended access restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-05:13",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:13.ipfw.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2005-2019",
"datePublished": "2005-06-30T04:00:00Z",
"dateReserved": "2005-06-21T00:00:00Z",
"dateUpdated": "2024-09-16T23:55:59.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1145 (GCVE-0-2001-1145)
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 04:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:40.fts.v1.1.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.osvdb.org/5466 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/3205 | vdb-entry, x_refsource_BID | |
| http://www.openbsd.org/errata28.html | vendor-advisory, x_refsource_OPENBSD | |
| http://archives.neohapsis.com/archives/netbsd/2001-q3/0204.html | vendor-advisory, x_refsource_NETBSD | |
| http://www.iss.net/security_center/static/8715.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:08.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-01:40",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:40.fts.v1.1.asc"
},
{
"name": "5466",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5466"
},
{
"name": "3205",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3205"
},
{
"name": "20010530 029: SECURITY FIX: May 30, 2001",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://www.openbsd.org/errata28.html"
},
{
"name": "NetBSD-SA2001-016",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/netbsd/2001-q3/0204.html"
},
{
"name": "bsd-fts-race-condition(8715)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8715.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-01:40",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:40.fts.v1.1.asc"
},
{
"name": "5466",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5466"
},
{
"name": "3205",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3205"
},
{
"name": "20010530 029: SECURITY FIX: May 30, 2001",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://www.openbsd.org/errata28.html"
},
{
"name": "NetBSD-SA2001-016",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "http://archives.neohapsis.com/archives/netbsd/2001-q3/0204.html"
},
{
"name": "bsd-fts-race-condition(8715)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8715.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-01:40",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:40.fts.v1.1.asc"
},
{
"name": "5466",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5466"
},
{
"name": "3205",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3205"
},
{
"name": "20010530 029: SECURITY FIX: May 30, 2001",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata28.html"
},
{
"name": "NetBSD-SA2001-016",
"refsource": "NETBSD",
"url": "http://archives.neohapsis.com/archives/netbsd/2001-q3/0204.html"
},
{
"name": "bsd-fts-race-condition(8715)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8715.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1145",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-03-15T00:00:00",
"dateUpdated": "2024-08-08T04:44:08.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1415 (GCVE-0-2015-1415)
Vulnerability from cvelistv5
Published
2015-04-10 14:00
Modified
2024-08-06 04:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032042 | vdb-entry, x_refsource_SECTRACK | |
| https://www.freebsd.org/security/advisories/FreeBSD-SA-15:08.bsdinstall.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.securityfocus.com/archive/1/535209/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/131338/FreeBSD-10.x-ZFS-encryption.key-Disclosure.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032042",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032042"
},
{
"name": "FreeBSD-SA-15:08",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:08.bsdinstall.asc"
},
{
"name": "20150407 FreeBSD 10.x ZFS encryption.key disclosure (CVE-2015-1415)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535209/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/131338/FreeBSD-10.x-ZFS-encryption.key-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1032042",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032042"
},
{
"name": "FreeBSD-SA-15:08",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:08.bsdinstall.asc"
},
{
"name": "20150407 FreeBSD 10.x ZFS encryption.key disclosure (CVE-2015-1415)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535209/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/131338/FreeBSD-10.x-ZFS-encryption.key-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032042",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032042"
},
{
"name": "FreeBSD-SA-15:08",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:08.bsdinstall.asc"
},
{
"name": "20150407 FreeBSD 10.x ZFS encryption.key disclosure (CVE-2015-1415)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535209/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/131338/FreeBSD-10.x-ZFS-encryption.key-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131338/FreeBSD-10.x-ZFS-encryption.key-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1415",
"datePublished": "2015-04-10T14:00:00",
"dateReserved": "2015-01-27T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6259 (GCVE-0-2017-6259)
Vulnerability from cvelistv5
Published
2017-07-28 19:00
Modified
2024-09-16 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service
Summary
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect detection and recovery from an invalid state produced by specific user actions may lead to denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://nvidia.custhelp.com/app/answers/detail/a_id/4525 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nvidia Corporation | NVIDIA GPU Display Driver |
Version: All |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:48.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4525"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NVIDIA GPU Display Driver",
"vendor": "Nvidia Corporation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2017-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect detection and recovery from an invalid state produced by specific user actions may lead to denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T18:57:01",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4525"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"DATE_PUBLIC": "2017-07-27T00:00:00",
"ID": "CVE-2017-6259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA GPU Display Driver",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect detection and recovery from an invalid state produced by specific user actions may lead to denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4525",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4525"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2017-6259",
"datePublished": "2017-07-28T19:00:00Z",
"dateReserved": "2017-02-23T00:00:00",
"dateUpdated": "2024-09-16T23:46:40.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24718 (GCVE-0-2020-24718)
Vulnerability from cvelistv5
Published
2020-09-25 03:49
Modified
2024-08-04 15:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/illumos/illumos-gate/blob/84971882a96ac0fecd538b02208054a872ff8af3/usr/src/uts/i86pc/io/vmm/intel/vmcs.c#L246-L249 | x_refsource_MISC | |
| https://security.FreeBSD.org/advisories/FreeBSD-SA-20:28.bhyve_vmcs.asc | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20201016-0002/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/illumos/illumos-gate/blob/84971882a96ac0fecd538b02208054a872ff8af3/usr/src/uts/i86pc/io/vmm/intel/vmcs.c#L246-L249"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:28.bhyve_vmcs.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201016-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T10:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/illumos/illumos-gate/blob/84971882a96ac0fecd538b02208054a872ff8af3/usr/src/uts/i86pc/io/vmm/intel/vmcs.c#L246-L249"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:28.bhyve_vmcs.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20201016-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/illumos/illumos-gate/blob/84971882a96ac0fecd538b02208054a872ff8af3/usr/src/uts/i86pc/io/vmm/intel/vmcs.c#L246-L249",
"refsource": "MISC",
"url": "https://github.com/illumos/illumos-gate/blob/84971882a96ac0fecd538b02208054a872ff8af3/usr/src/uts/i86pc/io/vmm/intel/vmcs.c#L246-L249"
},
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:28.bhyve_vmcs.asc",
"refsource": "CONFIRM",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:28.bhyve_vmcs.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201016-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201016-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24718",
"datePublished": "2020-09-25T03:49:02",
"dateReserved": "2020-08-27T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0602 (GCVE-0-2004-0602)
Vulnerability from cvelistv5
Published
2004-07-08 04:00
Modified
2024-08-08 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local users to access kernel memory to gain privileges or cause a system panic.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/10643 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16558 | vdb-entry, x_refsource_XF | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:13.linux.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10643",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10643"
},
{
"name": "freebsd-binary-information-disclosure(16558)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16558"
},
{
"name": "FreeBSD-SA-04:13",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:13.linux.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local users to access kernel memory to gain privileges or cause a system panic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10643",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10643"
},
{
"name": "freebsd-binary-information-disclosure(16558)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16558"
},
{
"name": "FreeBSD-SA-04:13",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:13.linux.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local users to access kernel memory to gain privileges or cause a system panic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10643",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10643"
},
{
"name": "freebsd-binary-information-disclosure(16558)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16558"
},
{
"name": "FreeBSD-SA-04:13",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:13.linux.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0602",
"datePublished": "2004-07-08T04:00:00",
"dateReserved": "2004-06-24T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3798 (GCVE-0-2007-3798)
Vulnerability from cvelistv5
Published
2007-07-16 22:00
Modified
2024-10-15 14:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2007:0387",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0387.html"
},
{
"name": "26231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26231"
},
{
"name": "SUSE-SR:2007:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html"
},
{
"name": "ADV-2007-4238",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "TA07-352A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "26168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26168"
},
{
"name": "27580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27580"
},
{
"name": "28136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28136"
},
{
"name": "26286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26286"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digit-labs.org/files/exploits/private/tcpdump-bgp.c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=184815"
},
{
"name": "SSA:2007-230-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.449313"
},
{
"name": "MDKSA-2007:148",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:148"
},
{
"name": "1018434",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018434"
},
{
"name": "RHSA-2007:0368",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0368.html"
},
{
"name": "26263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26263"
},
{
"name": "20070720 rPSA-2007-0147-1 tcpdump",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/474225/100/0/threaded"
},
{
"name": "26223",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26223"
},
{
"name": "APPLE-SA-2007-12-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "2007-0023",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0023/"
},
{
"name": "oval:org.mitre.oval:def:9771",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9771"
},
{
"name": "FreeBSD-SA-07:06",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:06.tcpdump.asc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11\u0026r2=1.91.2.12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "26395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26395"
},
{
"name": "26266",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26266"
},
{
"name": "TLSA-2007-46",
"tags": [
"vendor-advisory",
"x_refsource_TURBO",
"x_transferred"
],
"url": "http://www.turbolinux.com/security/2007/TLSA-2007-46.txt"
},
{
"name": "26521",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26521"
},
{
"name": "ADV-2007-2578",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2578"
},
{
"name": "26404",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26404"
},
{
"name": "26135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26135"
},
{
"name": "USN-492-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-492-1"
},
{
"name": "DSA-1353",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1353"
},
{
"name": "GLSA-200707-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200707-14.xml"
},
{
"name": "24965",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24965"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2007-3798",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T14:17:36.142524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252 Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T14:18:21.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2007:0387",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0387.html"
},
{
"name": "26231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26231"
},
{
"name": "SUSE-SR:2007:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html"
},
{
"name": "ADV-2007-4238",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "TA07-352A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "26168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26168"
},
{
"name": "27580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27580"
},
{
"name": "28136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28136"
},
{
"name": "26286",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26286"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digit-labs.org/files/exploits/private/tcpdump-bgp.c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=184815"
},
{
"name": "SSA:2007-230-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.449313"
},
{
"name": "MDKSA-2007:148",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:148"
},
{
"name": "1018434",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018434"
},
{
"name": "RHSA-2007:0368",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0368.html"
},
{
"name": "26263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26263"
},
{
"name": "20070720 rPSA-2007-0147-1 tcpdump",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/474225/100/0/threaded"
},
{
"name": "26223",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26223"
},
{
"name": "APPLE-SA-2007-12-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "2007-0023",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0023/"
},
{
"name": "oval:org.mitre.oval:def:9771",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9771"
},
{
"name": "FreeBSD-SA-07:06",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:06.tcpdump.asc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11\u0026r2=1.91.2.12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "26395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26395"
},
{
"name": "26266",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26266"
},
{
"name": "TLSA-2007-46",
"tags": [
"vendor-advisory",
"x_refsource_TURBO"
],
"url": "http://www.turbolinux.com/security/2007/TLSA-2007-46.txt"
},
{
"name": "26521",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26521"
},
{
"name": "ADV-2007-2578",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2578"
},
{
"name": "26404",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26404"
},
{
"name": "26135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26135"
},
{
"name": "USN-492-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-492-1"
},
{
"name": "DSA-1353",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1353"
},
{
"name": "GLSA-200707-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200707-14.xml"
},
{
"name": "24965",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24965"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2007:0387",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0387.html"
},
{
"name": "26231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26231"
},
{
"name": "SUSE-SR:2007:016",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html"
},
{
"name": "ADV-2007-4238",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "TA07-352A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "26168",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26168"
},
{
"name": "27580",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27580"
},
{
"name": "28136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28136"
},
{
"name": "26286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26286"
},
{
"name": "http://www.digit-labs.org/files/exploits/private/tcpdump-bgp.c",
"refsource": "MISC",
"url": "http://www.digit-labs.org/files/exploits/private/tcpdump-bgp.c"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=184815",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=184815"
},
{
"name": "SSA:2007-230-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.449313"
},
{
"name": "MDKSA-2007:148",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:148"
},
{
"name": "1018434",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018434"
},
{
"name": "RHSA-2007:0368",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0368.html"
},
{
"name": "26263",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26263"
},
{
"name": "20070720 rPSA-2007-0147-1 tcpdump",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474225/100/0/threaded"
},
{
"name": "26223",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26223"
},
{
"name": "APPLE-SA-2007-12-17",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "2007-0023",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0023/"
},
{
"name": "oval:org.mitre.oval:def:9771",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9771"
},
{
"name": "FreeBSD-SA-07:06",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-07:06.tcpdump.asc"
},
{
"name": "http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11\u0026r2=1.91.2.12",
"refsource": "MISC",
"url": "http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11\u0026r2=1.91.2.12"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307179",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "26395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26395"
},
{
"name": "26266",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26266"
},
{
"name": "TLSA-2007-46",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/security/2007/TLSA-2007-46.txt"
},
{
"name": "26521",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26521"
},
{
"name": "ADV-2007-2578",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2578"
},
{
"name": "26404",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26404"
},
{
"name": "26135",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26135"
},
{
"name": "USN-492-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-492-1"
},
{
"name": "DSA-1353",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1353"
},
{
"name": "GLSA-200707-14",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200707-14.xml"
},
{
"name": "24965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24965"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3798",
"datePublished": "2007-07-16T22:00:00",
"dateReserved": "2007-07-16T00:00:00",
"dateUpdated": "2024-10-15T14:18:21.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5612 (GCVE-0-2019-5612)
Vulnerability from cvelistv5
Published
2019-08-29 22:31
Modified
2024-08-04 20:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper check for unusual conditions
Summary
In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the handler to copy out kernel memory outside the boundaries of midistat's data buffer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-19:23.midi.asc | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20190910-0002/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:23.midi.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190910-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before 12.0-RELEASE-p10"
},
{
"status": "affected",
"version": "before 11.3-RELEASE-p3"
},
{
"status": "affected",
"version": "before 11.2-RELEASE-p14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the handler to copy out kernel memory outside the boundaries of midistat\u0027s data buffer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper check for unusual conditions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-10T14:06:14",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:23.midi.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190910-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2019-5612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "before 12.0-RELEASE-p10"
},
{
"version_value": "before 11.3-RELEASE-p3"
},
{
"version_value": "before 11.2-RELEASE-p14"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the handler to copy out kernel memory outside the boundaries of midistat\u0027s data buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper check for unusual conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:23.midi.asc",
"refsource": "CONFIRM",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:23.midi.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190910-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190910-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2019-5612",
"datePublished": "2019-08-29T22:31:46",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:51.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0375 (GCVE-0-2000-0375)
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 05:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/6084 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:14:21.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6084",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6084",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6084",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0375",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2000-05-23T00:00:00",
"dateUpdated": "2024-08-08T05:14:21.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4862 (GCVE-0-2011-4862)
Vulnerability from cvelistv5
Published
2011-12-25 01:00
Modified
2024-08-07 00:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:35.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2012:0042",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"
},
{
"name": "47399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47399"
},
{
"name": "DSA-2375",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2375"
},
{
"name": "RHSA-2011:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1854.html"
},
{
"name": "SUSE-SU-2012:0018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html"
},
{
"name": "20111226 MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html"
},
{
"name": "DSA-2372",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2372"
},
{
"name": "47359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47359"
},
{
"name": "FEDORA-2011-17493",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html"
},
{
"name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html"
},
{
"name": "47374",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47374"
},
{
"name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html"
},
{
"name": "FreeBSD-SA-11:08",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc"
},
{
"name": "openSUSE-SU-2012:0019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html"
},
{
"name": "FEDORA-2011-17492",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html"
},
{
"name": "MDVSA-2011:195",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:195"
},
{
"name": "SUSE-SU-2012:0024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html"
},
{
"name": "SUSE-SU-2012:0050",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html"
},
{
"name": "78020",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78020"
},
{
"name": "1026463",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026463"
},
{
"name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html"
},
{
"name": "47341",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47341"
},
{
"name": "RHSA-2011:1852",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1852.html"
},
{
"name": "RHSA-2011:1853",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1853.html"
},
{
"name": "openSUSE-SU-2012:0051",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.freebsd.org/patches/SA-11:08/telnetd.patch"
},
{
"name": "47357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47357"
},
{
"name": "46239",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46239"
},
{
"name": "SUSE-SU-2012:0010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"
},
{
"name": "47397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47397"
},
{
"name": "47373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47373"
},
{
"name": "SUSE-SU-2012:0056",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html"
},
{
"name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html"
},
{
"name": "47441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47441"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt"
},
{
"name": "RHSA-2011:1851",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1851.html"
},
{
"name": "18280",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18280/"
},
{
"name": "47348",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47348"
},
{
"name": "1026460",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026460"
},
{
"name": "DSA-2373",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2373"
},
{
"name": "multiple-telnetd-bo(71970)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71970"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "SUSE-SU-2012:0042",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"
},
{
"name": "47399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47399"
},
{
"name": "DSA-2375",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2375"
},
{
"name": "RHSA-2011:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1854.html"
},
{
"name": "SUSE-SU-2012:0018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html"
},
{
"name": "20111226 MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html"
},
{
"name": "DSA-2372",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2372"
},
{
"name": "47359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47359"
},
{
"name": "FEDORA-2011-17493",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html"
},
{
"name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html"
},
{
"name": "47374",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47374"
},
{
"name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html"
},
{
"name": "FreeBSD-SA-11:08",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc"
},
{
"name": "openSUSE-SU-2012:0019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html"
},
{
"name": "FEDORA-2011-17492",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html"
},
{
"name": "MDVSA-2011:195",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:195"
},
{
"name": "SUSE-SU-2012:0024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html"
},
{
"name": "SUSE-SU-2012:0050",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html"
},
{
"name": "78020",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78020"
},
{
"name": "1026463",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026463"
},
{
"name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html"
},
{
"name": "47341",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47341"
},
{
"name": "RHSA-2011:1852",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1852.html"
},
{
"name": "RHSA-2011:1853",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1853.html"
},
{
"name": "openSUSE-SU-2012:0051",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.freebsd.org/patches/SA-11:08/telnetd.patch"
},
{
"name": "47357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47357"
},
{
"name": "46239",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46239"
},
{
"name": "SUSE-SU-2012:0010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"
},
{
"name": "47397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47397"
},
{
"name": "47373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47373"
},
{
"name": "SUSE-SU-2012:0056",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html"
},
{
"name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html"
},
{
"name": "47441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47441"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt"
},
{
"name": "RHSA-2011:1851",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1851.html"
},
{
"name": "18280",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18280/"
},
{
"name": "47348",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47348"
},
{
"name": "1026460",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026460"
},
{
"name": "DSA-2373",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2373"
},
{
"name": "multiple-telnetd-bo(71970)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71970"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2011-4862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2012:0042",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"
},
{
"name": "47399",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47399"
},
{
"name": "DSA-2375",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2375"
},
{
"name": "RHSA-2011:1854",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1854.html"
},
{
"name": "SUSE-SU-2012:0018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html"
},
{
"name": "20111226 MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862]",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html"
},
{
"name": "DSA-2372",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2372"
},
{
"name": "47359",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47359"
},
{
"name": "FEDORA-2011-17493",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html"
},
{
"name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
"refsource": "MLIST",
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html"
},
{
"name": "47374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47374"
},
{
"name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
"refsource": "MLIST",
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html"
},
{
"name": "FreeBSD-SA-11:08",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc"
},
{
"name": "openSUSE-SU-2012:0019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html"
},
{
"name": "FEDORA-2011-17492",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html"
},
{
"name": "MDVSA-2011:195",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:195"
},
{
"name": "SUSE-SU-2012:0024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html"
},
{
"name": "SUSE-SU-2012:0050",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html"
},
{
"name": "78020",
"refsource": "OSVDB",
"url": "http://osvdb.org/78020"
},
{
"name": "1026463",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026463"
},
{
"name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
"refsource": "MLIST",
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html"
},
{
"name": "47341",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47341"
},
{
"name": "RHSA-2011:1852",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1852.html"
},
{
"name": "RHSA-2011:1853",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1853.html"
},
{
"name": "openSUSE-SU-2012:0051",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html"
},
{
"name": "http://security.freebsd.org/patches/SA-11:08/telnetd.patch",
"refsource": "CONFIRM",
"url": "http://security.freebsd.org/patches/SA-11:08/telnetd.patch"
},
{
"name": "47357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47357"
},
{
"name": "46239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46239"
},
{
"name": "SUSE-SU-2012:0010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"
},
{
"name": "47397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47397"
},
{
"name": "47373",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47373"
},
{
"name": "SUSE-SU-2012:0056",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html"
},
{
"name": "[freebsd-security] 20111223 Merry Christmas from the FreeBSD Security Team",
"refsource": "MLIST",
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html"
},
{
"name": "47441",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47441"
},
{
"name": "http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592"
},
{
"name": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt"
},
{
"name": "RHSA-2011:1851",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1851.html"
},
{
"name": "18280",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18280/"
},
{
"name": "47348",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47348"
},
{
"name": "1026460",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026460"
},
{
"name": "DSA-2373",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2373"
},
{
"name": "multiple-telnetd-bo(71970)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71970"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2011-4862",
"datePublished": "2011-12-25T01:00:00",
"dateReserved": "2011-12-19T00:00:00",
"dateUpdated": "2024-08-07T00:16:35.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0318 (GCVE-0-2010-0318)
Vulnerability from cvelistv5
Published
2010-01-15 18:00
Modified
2024-08-07 00:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, and 8.0, when creating files during replay of a setattr transaction, uses 7777 permissions instead of the original permissions, which might allow local users to read or modify unauthorized files in opportunistic circumstances after a system crash or power failure.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/38124 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/37657 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1023407 | vdb-entry, x_refsource_SECTRACK | |
| http://security.FreeBSD.org/advisories/FreeBSD-SA-10:03.zfs.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38124"
},
{
"name": "37657",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37657"
},
{
"name": "1023407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023407"
},
{
"name": "FreeBSD-SA-10:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:03.zfs.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, and 8.0, when creating files during replay of a setattr transaction, uses 7777 permissions instead of the original permissions, which might allow local users to read or modify unauthorized files in opportunistic circumstances after a system crash or power failure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-11T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38124"
},
{
"name": "37657",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37657"
},
{
"name": "1023407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023407"
},
{
"name": "FreeBSD-SA-10:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:03.zfs.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, and 8.0, when creating files during replay of a setattr transaction, uses 7777 permissions instead of the original permissions, which might allow local users to read or modify unauthorized files in opportunistic circumstances after a system crash or power failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38124",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38124"
},
{
"name": "37657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37657"
},
{
"name": "1023407",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023407"
},
{
"name": "FreeBSD-SA-10:03",
"refsource": "FREEBSD",
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:03.zfs.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0318",
"datePublished": "2010-01-15T18:00:00",
"dateReserved": "2010-01-15T00:00:00",
"dateUpdated": "2024-08-07T00:45:12.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0863 (GCVE-0-1999-0863)
Vulnerability from cvelistv5
Published
2000-02-04 05:00
Modified
2024-08-01 16:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in FreeBSD seyon via HOME environmental variable, -emulator argument, -modems argument, or the GUI.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0863 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:27.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0863"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in FreeBSD seyon via HOME environmental variable, -emulator argument, -modems argument, or the GUI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T08:05:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0863"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in FreeBSD seyon via HOME environmental variable, -emulator argument, -modems argument, or the GUI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0863",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0863"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0863",
"datePublished": "2000-02-04T05:00:00",
"dateReserved": "1999-12-07T00:00:00",
"dateUpdated": "2024-08-01T16:55:27.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1066 (GCVE-0-2004-1066)
Vulnerability from cvelistv5
Published
2004-12-05 05:00
Modified
2024-08-08 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly validate a process argument vector, which allows local users to cause a denial of service (panic) or read portions of kernel memory. NOTE: this candidate might be SPLIT into 2 separate items in the future.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18321 | vdb-entry, x_refsource_XF | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:17.procfs.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:00.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "freebsd-profs-linprocfs-info-disclosure(18321)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18321"
},
{
"name": "FreeBSD-SA-04:17",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:17.procfs.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly validate a process argument vector, which allows local users to cause a denial of service (panic) or read portions of kernel memory. NOTE: this candidate might be SPLIT into 2 separate items in the future."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "freebsd-profs-linprocfs-info-disclosure(18321)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18321"
},
{
"name": "FreeBSD-SA-04:17",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:17.procfs.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly validate a process argument vector, which allows local users to cause a denial of service (panic) or read portions of kernel memory. NOTE: this candidate might be SPLIT into 2 separate items in the future."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "freebsd-profs-linprocfs-info-disclosure(18321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18321"
},
{
"name": "FreeBSD-SA-04:17",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:17.procfs.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1066",
"datePublished": "2004-12-05T05:00:00",
"dateReserved": "2004-11-29T00:00:00",
"dateUpdated": "2024-08-08T00:39:00.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-1066 (GCVE-0-2000-1066)
Vulnerability from cvelistv5
Published
2000-11-29 05:00
Modified
2024-08-08 05:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5454 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/1894 | vdb-entry, x_refsource_BID | |
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:63.getnameinfo.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:37.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "getnameinfo-dos(5454)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5454"
},
{
"name": "1894",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1894"
},
{
"name": "FreeBSD-SA-00:63",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:63.getnameinfo.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-11-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "getnameinfo-dos(5454)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5454"
},
{
"name": "1894",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1894"
},
{
"name": "FreeBSD-SA-00:63",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:63.getnameinfo.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "getnameinfo-dos(5454)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5454"
},
{
"name": "1894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1894"
},
{
"name": "FreeBSD-SA-00:63",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:63.getnameinfo.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1066",
"datePublished": "2000-11-29T05:00:00",
"dateReserved": "2000-11-29T00:00:00",
"dateUpdated": "2024-08-08T05:45:37.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-1012 (GCVE-0-2000-1012)
Vulnerability from cvelistv5
Published
2000-11-29 05:00
Modified
2024-08-08 05:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:53.catopen.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:32.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-00:53",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:53.catopen.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-05-08T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-00:53",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:53.catopen.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-00:53",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:53.catopen.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1012",
"datePublished": "2000-11-29T05:00:00",
"dateReserved": "2000-11-24T00:00:00",
"dateUpdated": "2024-08-08T05:37:32.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0855 (GCVE-0-1999-0855)
Vulnerability from cvelistv5
Published
2000-02-04 05:00
Modified
2024-08-01 16:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in FreeBSD gdc program.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/834 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:27.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "834",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/834"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in FreeBSD gdc program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-21T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "834",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/834"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in FreeBSD gdc program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "834",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/834"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0855",
"datePublished": "2000-02-04T05:00:00",
"dateReserved": "1999-12-07T00:00:00",
"dateUpdated": "2024-08-01T16:55:27.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0129 (GCVE-0-1999-0129)
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cert.org/advisories/CA-1996-25.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:27:57.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-1996-25.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T05:31:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cert.org/advisories/CA-1996-25.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cert.org/advisories/CA-1996-25.html",
"refsource": "MISC",
"url": "http://www.cert.org/advisories/CA-1996-25.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0129",
"datePublished": "1999-09-29T04:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:27:57.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0126 (GCVE-0-2004-0126)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn't have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/9762 | vdb-entry, x_refsource_BID | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.osvdb.org/4101 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15344 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9762",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9762"
},
{
"name": "FreeBSD-SA-04:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc"
},
{
"name": "4101",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4101"
},
{
"name": "freebsd-jailattach-gain-privileges(15344)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15344"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn\u0027t have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9762",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9762"
},
{
"name": "FreeBSD-SA-04:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc"
},
{
"name": "4101",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4101"
},
{
"name": "freebsd-jailattach-gain-privileges(15344)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15344"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn\u0027t have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9762"
},
{
"name": "FreeBSD-SA-04:03",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc"
},
{
"name": "4101",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4101"
},
{
"name": "freebsd-jailattach-gain-privileges(15344)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15344"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0126",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-02-03T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13084 (GCVE-0-2017-13084)
Vulnerability from cvelistv5
Published
2017-10-17 13:00
Modified
2024-08-05 18:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-323 - Reusing a Nonce, Key Pair in Encryption
Summary
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wi-Fi Alliance | Wi-Fi Protected Access (WPA and WPA2) |
Version: WPA Version: WPA2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:58:12.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039581",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039581"
},
{
"name": "101274",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101274"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/kracks"
},
{
"name": "20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt"
},
{
"name": "1039577",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039577"
},
{
"name": "GLSA-201711-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201711-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-17420"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.krackattacks.com/"
},
{
"name": "1039576",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039576"
},
{
"name": "VU#228519",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/228519"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wi-Fi Protected Access (WPA and WPA2)",
"vendor": "Wi-Fi Alliance",
"versions": [
{
"status": "affected",
"version": "WPA"
},
{
"status": "affected",
"version": "WPA2"
}
]
}
],
"datePublic": "2017-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-323",
"description": "CWE-323: Reusing a Nonce, Key Pair in Encryption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-10T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "1039581",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039581"
},
{
"name": "101274",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101274"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/security/vulnerabilities/kracks"
},
{
"name": "20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt"
},
{
"name": "1039577",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039577"
},
{
"name": "GLSA-201711-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201711-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-17420"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.krackattacks.com/"
},
{
"name": "1039576",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039576"
},
{
"name": "VU#228519",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/228519"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-13084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wi-Fi Protected Access (WPA and WPA2)",
"version": {
"version_data": [
{
"version_value": "WPA"
},
{
"version_value": "WPA2"
}
]
}
}
]
},
"vendor_name": "Wi-Fi Alliance"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-323: Reusing a Nonce, Key Pair in Encryption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039581",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039581"
},
{
"name": "101274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101274"
},
{
"name": "https://access.redhat.com/security/vulnerabilities/kracks",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/vulnerabilities/kracks"
},
{
"name": "20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"
},
{
"name": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt",
"refsource": "MISC",
"url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt"
},
{
"name": "1039577",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039577"
},
{
"name": "GLSA-201711-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-03"
},
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-17420",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-17420"
},
{
"name": "https://www.krackattacks.com/",
"refsource": "MISC",
"url": "https://www.krackattacks.com/"
},
{
"name": "1039576",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039576"
},
{
"name": "VU#228519",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/228519"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-13084",
"datePublished": "2017-10-17T13:00:00",
"dateReserved": "2017-08-22T00:00:00",
"dateUpdated": "2024-08-05T18:58:12.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13078 (GCVE-0-2017-13078)
Vulnerability from cvelistv5
Published
2017-10-17 13:00
Modified
2024-08-05 18:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-323 - Reusing a Nonce, Key Pair in Encryption
Summary
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wi-Fi Alliance | Wi-Fi Protected Access (WPA and WPA2) |
Version: WPA Version: WPA2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:58:12.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039581",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039581"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208221"
},
{
"name": "101274",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101274"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "SUSE-SU-2017:2745",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html"
},
{
"name": "DSA-3999",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3999"
},
{
"name": "1039578",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039578"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/kracks"
},
{
"name": "20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"
},
{
"name": "RHSA-2017:2911",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2911"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt"
},
{
"name": "1039577",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039577"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03792en_us"
},
{
"name": "openSUSE-SU-2017:2755",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-11-01"
},
{
"name": "GLSA-201711-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201711-03"
},
{
"name": "RHSA-2017:2907",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2907"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-17420"
},
{
"name": "FreeBSD-SA-17:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.krackattacks.com/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "1039573",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039573"
},
{
"name": "SUSE-SU-2017:2752",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html"
},
{
"name": "1039576",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039576"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2017-003"
},
{
"name": "1039585",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039585"
},
{
"name": "VU#228519",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/228519"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208220"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208219"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2017-005"
},
{
"name": "USN-3455-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3455-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wi-Fi Protected Access (WPA and WPA2)",
"vendor": "Wi-Fi Alliance",
"versions": [
{
"status": "affected",
"version": "WPA"
},
{
"status": "affected",
"version": "WPA2"
}
]
}
],
"datePublic": "2017-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-323",
"description": "CWE-323: Reusing a Nonce, Key Pair in Encryption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-13T10:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "1039581",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039581"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208221"
},
{
"name": "101274",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101274"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "SUSE-SU-2017:2745",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html"
},
{
"name": "DSA-3999",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3999"
},
{
"name": "1039578",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039578"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/security/vulnerabilities/kracks"
},
{
"name": "20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"
},
{
"name": "RHSA-2017:2911",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2911"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt"
},
{
"name": "1039577",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039577"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03792en_us"
},
{
"name": "openSUSE-SU-2017:2755",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-11-01"
},
{
"name": "GLSA-201711-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201711-03"
},
{
"name": "RHSA-2017:2907",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2907"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-17420"
},
{
"name": "FreeBSD-SA-17:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.krackattacks.com/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "1039573",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039573"
},
{
"name": "SUSE-SU-2017:2752",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html"
},
{
"name": "1039576",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039576"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2017-003"
},
{
"name": "1039585",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039585"
},
{
"name": "VU#228519",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/228519"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208220"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208219"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2017-005"
},
{
"name": "USN-3455-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3455-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-13078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wi-Fi Protected Access (WPA and WPA2)",
"version": {
"version_data": [
{
"version_value": "WPA"
},
{
"version_value": "WPA2"
}
]
}
}
]
},
"vendor_name": "Wi-Fi Alliance"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-323: Reusing a Nonce, Key Pair in Encryption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039581",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039581"
},
{
"name": "https://support.apple.com/HT208221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208221"
},
{
"name": "101274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101274"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "SUSE-SU-2017:2745",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html"
},
{
"name": "DSA-3999",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3999"
},
{
"name": "1039578",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039578"
},
{
"name": "https://access.redhat.com/security/vulnerabilities/kracks",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/vulnerabilities/kracks"
},
{
"name": "20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"
},
{
"name": "RHSA-2017:2911",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2911"
},
{
"name": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt",
"refsource": "MISC",
"url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt"
},
{
"name": "1039577",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039577"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03792en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03792en_us"
},
{
"name": "openSUSE-SU-2017:2755",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html"
},
{
"name": "https://support.apple.com/HT208222",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208222"
},
{
"name": "https://source.android.com/security/bulletin/2017-11-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-11-01"
},
{
"name": "GLSA-201711-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-03"
},
{
"name": "RHSA-2017:2907",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2907"
},
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-17420",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-17420"
},
{
"name": "FreeBSD-SA-17:07",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc"
},
{
"name": "https://www.krackattacks.com/",
"refsource": "MISC",
"url": "https://www.krackattacks.com/"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "1039573",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039573"
},
{
"name": "SUSE-SU-2017:2752",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html"
},
{
"name": "1039576",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039576"
},
{
"name": "https://cert.vde.com/en-us/advisories/vde-2017-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2017-003"
},
{
"name": "1039585",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039585"
},
{
"name": "VU#228519",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/228519"
},
{
"name": "https://support.apple.com/HT208220",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208220"
},
{
"name": "https://support.apple.com/HT208219",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208219"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
},
{
"name": "https://cert.vde.com/en-us/advisories/vde-2017-005",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2017-005"
},
{
"name": "USN-3455-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3455-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-13078",
"datePublished": "2017-10-17T13:00:00",
"dateReserved": "2017-08-22T00:00:00",
"dateUpdated": "2024-08-05T18:58:12.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0912 (GCVE-0-1999-0912)
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-01 16:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/1079 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/653 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:29.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1079",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1079"
},
{
"name": "653",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/653"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1079",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1079"
},
{
"name": "653",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/653"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1079",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1079"
},
{
"name": "653",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/653"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0912",
"datePublished": "2000-10-13T04:00:00",
"dateReserved": "1999-12-08T00:00:00",
"dateUpdated": "2024-08-01T16:55:29.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0017 (GCVE-0-1999-0017)
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0017 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:27:56.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T06:25:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0017",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0017",
"datePublished": "1999-09-29T04:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:27:56.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0381 (GCVE-0-2006-0381)
Vulnerability from cvelistv5
Published
2006-01-25 22:00
Modified
2024-08-07 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a 'scrub fragment crop' or 'scrub fragment drop-ovl' rule is being used, allows remote attackers to cause a denial of service (crash) via crafted packets that cause a packet fragment to be inserted twice.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/16375 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1015542 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/18609 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24337 | vdb-entry, x_refsource_XF | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:07.pf.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.osvdb.org/22732 | vdb-entry, x_refsource_OSVDB | |
| http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_norm.c.diff?r1=1.103&r2=1.104 | x_refsource_CONFIRM | |
| ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-004.txt.asc | vendor-advisory, x_refsource_NETBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16375",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16375"
},
{
"name": "1015542",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015542"
},
{
"name": "18609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18609"
},
{
"name": "bsd-pf-fragment-dos(24337)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24337"
},
{
"name": "FreeBSD-SA-06:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:07.pf.asc"
},
{
"name": "22732",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22732"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_norm.c.diff?r1=1.103\u0026r2=1.104"
},
{
"name": "NetBSD-SA2006-004",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-004.txt.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a \u0027scrub fragment crop\u0027 or \u0027scrub fragment drop-ovl\u0027 rule is being used, allows remote attackers to cause a denial of service (crash) via crafted packets that cause a packet fragment to be inserted twice."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "16375",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16375"
},
{
"name": "1015542",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015542"
},
{
"name": "18609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18609"
},
{
"name": "bsd-pf-fragment-dos(24337)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24337"
},
{
"name": "FreeBSD-SA-06:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:07.pf.asc"
},
{
"name": "22732",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22732"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_norm.c.diff?r1=1.103\u0026r2=1.104"
},
{
"name": "NetBSD-SA2006-004",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-004.txt.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2006-0381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a \u0027scrub fragment crop\u0027 or \u0027scrub fragment drop-ovl\u0027 rule is being used, allows remote attackers to cause a denial of service (crash) via crafted packets that cause a packet fragment to be inserted twice."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16375"
},
{
"name": "1015542",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015542"
},
{
"name": "18609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18609"
},
{
"name": "bsd-pf-fragment-dos(24337)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24337"
},
{
"name": "FreeBSD-SA-06:07",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:07.pf.asc"
},
{
"name": "22732",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22732"
},
{
"name": "http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_norm.c.diff?r1=1.103\u0026r2=1.104",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_norm.c.diff?r1=1.103\u0026r2=1.104"
},
{
"name": "NetBSD-SA2006-004",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-004.txt.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2006-0381",
"datePublished": "2006-01-25T22:00:00",
"dateReserved": "2006-01-24T00:00:00",
"dateUpdated": "2024-08-07T16:34:14.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0114 (GCVE-0-2004-0114)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15061 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/9586 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/3836 | vdb-entry, x_refsource_OSVDB | |
| http://www.openbsd.org/errata33.html#sysvshm | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=107608375207601&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.pine.nl/press/pine-cert-20040201.txt | x_refsource_MISC | |
| ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-004.txt.asc | vendor-advisory, x_refsource_NETBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bsd-shmat-gain-privileges(15061)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15061"
},
{
"name": "9586",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9586"
},
{
"name": "3836",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3836"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openbsd.org/errata33.html#sysvshm"
},
{
"name": "20040205 [PINE-CERT-20040201] reference count overflow in shmat()",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107608375207601\u0026w=2"
},
{
"name": "FreeBSD-SA-04:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pine.nl/press/pine-cert-20040201.txt"
},
{
"name": "NetBSD-SA2004-004",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-004.txt.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment\u0027s reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bsd-shmat-gain-privileges(15061)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15061"
},
{
"name": "9586",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9586"
},
{
"name": "3836",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3836"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openbsd.org/errata33.html#sysvshm"
},
{
"name": "20040205 [PINE-CERT-20040201] reference count overflow in shmat()",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107608375207601\u0026w=2"
},
{
"name": "FreeBSD-SA-04:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pine.nl/press/pine-cert-20040201.txt"
},
{
"name": "NetBSD-SA2004-004",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-004.txt.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment\u0027s reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bsd-shmat-gain-privileges(15061)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15061"
},
{
"name": "9586",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9586"
},
{
"name": "3836",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3836"
},
{
"name": "http://www.openbsd.org/errata33.html#sysvshm",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/errata33.html#sysvshm"
},
{
"name": "20040205 [PINE-CERT-20040201] reference count overflow in shmat()",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107608375207601\u0026w=2"
},
{
"name": "FreeBSD-SA-04:02",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc"
},
{
"name": "http://www.pine.nl/press/pine-cert-20040201.txt",
"refsource": "MISC",
"url": "http://www.pine.nl/press/pine-cert-20040201.txt"
},
{
"name": "NetBSD-SA2004-004",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-004.txt.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0114",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-02-03T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2218 (GCVE-0-2005-2218)
Vulnerability from cvelistv5
Published
2005-07-26 04:00
Modified
2024-08-07 22:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type when creating a device node, which makes hidden devices available to attackers, who can then bypass restrictions on a jailed process.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/14334 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/18123 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/21451 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/16145 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1014536 | vdb-entry, x_refsource_SECTRACK | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:17.devfs.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:47.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14334",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14334"
},
{
"name": "18123",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/18123"
},
{
"name": "freebsd-devfs-gain-privileges(21451)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21451"
},
{
"name": "16145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16145"
},
{
"name": "1014536",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014536"
},
{
"name": "FreeBSD-SA-05:17",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:17.devfs.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type when creating a device node, which makes hidden devices available to attackers, who can then bypass restrictions on a jailed process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14334",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14334"
},
{
"name": "18123",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/18123"
},
{
"name": "freebsd-devfs-gain-privileges(21451)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21451"
},
{
"name": "16145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16145"
},
{
"name": "1014536",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014536"
},
{
"name": "FreeBSD-SA-05:17",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:17.devfs.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type when creating a device node, which makes hidden devices available to attackers, who can then bypass restrictions on a jailed process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14334",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14334"
},
{
"name": "18123",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18123"
},
{
"name": "freebsd-devfs-gain-privileges(21451)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21451"
},
{
"name": "16145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16145"
},
{
"name": "1014536",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014536"
},
{
"name": "FreeBSD-SA-05:17",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:17.devfs.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2218",
"datePublished": "2005-07-26T04:00:00",
"dateReserved": "2005-07-12T00:00:00",
"dateUpdated": "2024-08-07T22:22:47.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0040 (GCVE-0-1999-0040)
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0040 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:27:56.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0040"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T06:29:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0040"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0040",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0040"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0040",
"datePublished": "1999-09-29T04:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:27:56.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0883 (GCVE-0-2006-0883)
Vulnerability from cvelistv5
Published
2006-03-07 02:00
Modified
2024-08-07 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/0805 | vdb-entry, x_refsource_VUPEN | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:09.openssh.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.osvdb.org/23797 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1015706 | vdb-entry, x_refsource_SECTRACK | |
| http://securityreason.com/securityalert/520 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/16892 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25116 | vdb-entry, x_refsource_XF | |
| http://bugzilla.mindrot.org/show_bug.cgi?id=839 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0805",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0805"
},
{
"name": "FreeBSD-SA-06:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:09.openssh.asc"
},
{
"name": "23797",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23797"
},
{
"name": "1015706",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015706"
},
{
"name": "520",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/520"
},
{
"name": "16892",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16892"
},
{
"name": "openssh-openpam-dos(25116)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25116"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.mindrot.org/show_bug.cgi?id=839"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "ADV-2006-0805",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0805"
},
{
"name": "FreeBSD-SA-06:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:09.openssh.asc"
},
{
"name": "23797",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23797"
},
{
"name": "1015706",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015706"
},
{
"name": "520",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/520"
},
{
"name": "16892",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16892"
},
{
"name": "openssh-openpam-dos(25116)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25116"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.mindrot.org/show_bug.cgi?id=839"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2006-0883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0805",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0805"
},
{
"name": "FreeBSD-SA-06:09",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:09.openssh.asc"
},
{
"name": "23797",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23797"
},
{
"name": "1015706",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015706"
},
{
"name": "520",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/520"
},
{
"name": "16892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16892"
},
{
"name": "openssh-openpam-dos(25116)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25116"
},
{
"name": "http://bugzilla.mindrot.org/show_bug.cgi?id=839",
"refsource": "CONFIRM",
"url": "http://bugzilla.mindrot.org/show_bug.cgi?id=839"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2006-0883",
"datePublished": "2006-03-07T02:00:00",
"dateReserved": "2006-02-24T00:00:00",
"dateUpdated": "2024-08-07T16:48:56.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5599 (GCVE-0-2019-5599)
Vulnerability from cvelistv5
Published
2019-07-02 20:02
Modified
2024-08-04 20:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Kernel resource exhaustion in network stack
Summary
In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-RELEASE-p6, a bug in the non-default RACK TCP stack can allow an attacker to cause several linked lists to grow unbounded and cause an expensive list traversal on every packet being processed, leading to resource exhaustion and a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2019/06/17/5 | mailing-list, x_refsource_MLIST | |
| https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md | x_refsource_MISC | |
| http://packetstormsecurity.com/files/153329/Linux-FreeBSD-TCP-Based-Denial-Of-Service.html | x_refsource_MISC | |
| https://security.FreeBSD.org/advisories/FreeBSD-SA-19:08.rack.asc | vendor-advisory, x_refsource_FREEBSD | |
| https://www.kb.cert.org/vuls/id/905115 | third-party-advisory, x_refsource_CERT-VN | |
| https://seclists.org/bugtraq/2019/Jun/27 | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/153378/FreeBSD-Security-Advisory-FreeBSD-SA-19-08.rack.html | x_refsource_MISC | |
| https://support.f5.com/csp/article/K75521003 | x_refsource_MISC | |
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20190625-0004/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20190617 Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/17/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153329/Linux-FreeBSD-TCP-Based-Denial-Of-Service.html"
},
{
"name": "FreeBSD-SA-19:08",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:08.rack.asc"
},
{
"name": "VU#905115",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/905115"
},
{
"name": "20190624 FreeBSD Security Advisory FreeBSD-SA-19:08.rack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/27"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153378/FreeBSD-Security-Advisory-FreeBSD-SA-19-08.rack.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K75521003"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190625-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FreeBSD 12.0 before 12.0-RELEASE-p6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-RELEASE-p6, a bug in the non-default RACK TCP stack can allow an attacker to cause several linked lists to grow unbounded and cause an expensive list traversal on every packet being processed, leading to resource exhaustion and a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Kernel resource exhaustion in network stack",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-02T20:09:11",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "[oss-security] 20190617 Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/17/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153329/Linux-FreeBSD-TCP-Based-Denial-Of-Service.html"
},
{
"name": "FreeBSD-SA-19:08",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:08.rack.asc"
},
{
"name": "VU#905115",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/905115"
},
{
"name": "20190624 FreeBSD Security Advisory FreeBSD-SA-19:08.rack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/27"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153378/FreeBSD-Security-Advisory-FreeBSD-SA-19-08.rack.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.f5.com/csp/article/K75521003"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.netapp.com/advisory/ntap-20190625-0004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2019-5599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 12.0 before 12.0-RELEASE-p6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-RELEASE-p6, a bug in the non-default RACK TCP stack can allow an attacker to cause several linked lists to grow unbounded and cause an expensive list traversal on every packet being processed, leading to resource exhaustion and a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Kernel resource exhaustion in network stack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20190617 Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/06/17/5"
},
{
"name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md",
"refsource": "MISC",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
},
{
"name": "http://packetstormsecurity.com/files/153329/Linux-FreeBSD-TCP-Based-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153329/Linux-FreeBSD-TCP-Based-Denial-Of-Service.html"
},
{
"name": "FreeBSD-SA-19:08",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:08.rack.asc"
},
{
"name": "VU#905115",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/905115"
},
{
"name": "20190624 FreeBSD Security Advisory FreeBSD-SA-19:08.rack",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/27"
},
{
"name": "http://packetstormsecurity.com/files/153378/FreeBSD-Security-Advisory-FreeBSD-SA-19-08.rack.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153378/FreeBSD-Security-Advisory-FreeBSD-SA-19-08.rack.html"
},
{
"name": "https://support.f5.com/csp/article/K75521003",
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K75521003"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193",
"refsource": "MISC",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190625-0004/",
"refsource": "MISC",
"url": "https://security.netapp.com/advisory/ntap-20190625-0004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2019-5599",
"datePublished": "2019-07-02T20:02:17",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:51.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5602 (GCVE-0-2019-5602)
Vulnerability from cvelistv5
Published
2019-07-03 18:52
Modified
2024-08-04 20:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Privilege escalation
Summary
In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory when media is present thereby allowing a malicious user in the operator group to gain root privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-19:11.cd_ioctl.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://packetstormsecurity.com/files/153522/FreeBSD-Security-Advisory-FreeBSD-SA-19-11.cd_ioctl.html | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-19:11",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:11.cd_ioctl.asc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153522/FreeBSD-Security-Advisory-FreeBSD-SA-19-11.cd_ioctl.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"status": "affected",
"version": "FreeBSD 12.0 before 12.0-RELEASE-p7 and 11.2 before 11.2-RELEASE-p11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory when media is present thereby allowing a malicious user in the operator group to gain root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-03T19:06:06",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "FreeBSD-SA-19:11",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:11.cd_ioctl.asc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153522/FreeBSD-Security-Advisory-FreeBSD-SA-19-11.cd_ioctl.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2019-5602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 12.0 before 12.0-RELEASE-p7 and 11.2 before 11.2-RELEASE-p11"
}
]
}
}
]
},
"vendor_name": "FreeBSD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory when media is present thereby allowing a malicious user in the operator group to gain root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-19:11",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:11.cd_ioctl.asc"
},
{
"name": "http://packetstormsecurity.com/files/153522/FreeBSD-Security-Advisory-FreeBSD-SA-19-11.cd_ioctl.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153522/FreeBSD-Security-Advisory-FreeBSD-SA-19-11.cd_ioctl.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2019-5602",
"datePublished": "2019-07-03T18:52:45",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:51.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25583 (GCVE-0-2020-25583)
Vulnerability from cvelistv5
Published
2021-03-29 19:53
Modified
2024-08-04 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Out-of-bounds write
Summary
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains the label's length. rtsold(8) did not validate label lengths correctly and could overflow the destination buffer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-20:32.rtsold.asc | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210423-0004/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:33:05.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:32.rtsold.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210423-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FreeBSD 12.2-RELEASE before p1, 12.1-RELEASE before p11, 11.4-RELEASE before p5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains the label\u0027s length. rtsold(8) did not validate label lengths correctly and could overflow the destination buffer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-23T05:06:27",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:32.rtsold.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210423-0004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2020-25583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 12.2-RELEASE before p1, 12.1-RELEASE before p11, 11.4-RELEASE before p5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains the label\u0027s length. rtsold(8) did not validate label lengths correctly and could overflow the destination buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:32.rtsold.asc",
"refsource": "MISC",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:32.rtsold.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210423-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210423-0004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2020-25583",
"datePublished": "2021-03-29T19:53:57",
"dateReserved": "2020-09-14T00:00:00",
"dateUpdated": "2024-08-04T15:33:05.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1881 (GCVE-0-2016-1881)
Vulnerability from cvelistv5
Published
2017-02-15 15:00
Modified
2024-08-05 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1034676 | vdb-entry, x_refsource_SECTRACK | |
| https://www.freebsd.org/security/advisories/FreeBSD-SA-16:04.linux.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:40.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "1034676",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034676"
},
{
"name": "FreeBSD-SA-16:04",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:04.linux.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-29T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "1034676",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034676"
},
{
"name": "FreeBSD-SA-16:04",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:04.linux.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "1034676",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034676"
},
{
"name": "FreeBSD-SA-16:04",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:04.linux.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1881",
"datePublished": "2017-02-15T15:00:00",
"dateReserved": "2016-01-13T00:00:00",
"dateUpdated": "2024-08-05T23:10:40.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5609 (GCVE-0-2019-5609)
Vulnerability from cvelistv5
Published
2019-08-29 21:54
Modified
2024-08-04 20:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper input validation
Summary
In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided value to determine the size of the on-stack buffer without validation when TCP segmentation offload is requested for a transmitted packet. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-19:21.bhyve.asc | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20190910-0002/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:21.bhyve.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190910-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before 12.0-RELEASE-p9"
},
{
"status": "affected",
"version": "before 11.3-RELEASE-p2"
},
{
"status": "affected",
"version": "and before 11.2-RELEASE-p13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided value to determine the size of the on-stack buffer without validation when TCP segmentation offload is requested for a transmitted packet. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper input validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-10T14:06:14",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:21.bhyve.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190910-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2019-5609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "before 12.0-RELEASE-p9"
},
{
"version_value": "before 11.3-RELEASE-p2"
},
{
"version_value": "and before 11.2-RELEASE-p13"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided value to determine the size of the on-stack buffer without validation when TCP segmentation offload is requested for a transmitted packet. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper input validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:21.bhyve.asc",
"refsource": "CONFIRM",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:21.bhyve.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190910-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190910-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2019-5609",
"datePublished": "2019-08-29T21:54:42",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:51.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1402 (GCVE-0-1999-1402)
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-01 17:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/7172.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/456 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=87602248718482&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=bugtraq&m=87602167418317&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:11:03.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sun-domain-socket-permissions(7172)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7172.php"
},
{
"name": "456",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/456"
},
{
"name": "19971003 Solaris 2.6 and sockets",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=87602248718482\u0026w=2"
},
{
"name": "19970517 UNIX domain socket (Solarisx86 2.5)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=87602167418317\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1997-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sun-domain-socket-permissions(7172)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7172.php"
},
{
"name": "456",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/456"
},
{
"name": "19971003 Solaris 2.6 and sockets",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=87602248718482\u0026w=2"
},
{
"name": "19970517 UNIX domain socket (Solarisx86 2.5)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=87602167418317\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sun-domain-socket-permissions(7172)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7172.php"
},
{
"name": "456",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/456"
},
{
"name": "19971003 Solaris 2.6 and sockets",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=87602248718482\u0026w=2"
},
{
"name": "19970517 UNIX domain socket (Solarisx86 2.5)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=87602167418317\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1402",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:11:03.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0309 (GCVE-0-2017-0309)
Vulnerability from cvelistv5
Published
2017-02-15 23:00
Modified
2024-08-05 13:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service and possible Escalation of Privileges
Summary
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://nvidia.custhelp.com/app/answers/detail/a_id/4398 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nvidia Corporation | GPU Display Driver |
Version: All |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:03:56.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GPU Display Driver",
"vendor": "Nvidia Corporation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2017-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service and possible Escalation of Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-15T22:57:01",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2017-0309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPU Display Driver",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service and possible Escalation of Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2017-0309",
"datePublished": "2017-02-15T23:00:00",
"dateReserved": "2016-11-23T00:00:00",
"dateUpdated": "2024-08-05T13:03:56.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6920 (GCVE-0-2018-6920)
Vulnerability from cvelistv5
Published
2018-05-08 19:00
Modified
2024-09-16 16:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Kernel memory disclosure
Summary
In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104114 | vdb-entry, x_refsource_BID | |
| https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:16.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104114",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104114"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"status": "affected",
"version": "All supported versions of FreeBSD."
}
]
}
],
"datePublic": "2018-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Kernel memory disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-10T09:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "104114",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104114"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"DATE_PUBLIC": "2018-05-08T00:00:00",
"ID": "CVE-2018-6920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "All supported versions of FreeBSD."
}
]
}
}
]
},
"vendor_name": "FreeBSD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Kernel memory disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104114",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104114"
},
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc",
"refsource": "CONFIRM",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2018-6920",
"datePublished": "2018-05-08T19:00:00Z",
"dateReserved": "2018-02-12T00:00:00",
"dateUpdated": "2024-09-16T16:17:45.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0128 (GCVE-0-2001-0128)
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 04:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/6284 | vdb-entry, x_refsource_OSVDB | |
| http://www.redhat.com/support/errata/RHSA-2000-127.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5777 | vdb-entry, x_refsource_XF | |
| http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-083.php3 | vendor-advisory, x_refsource_MANDRAKE | |
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:06.zope.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.debian.org/security/2000/20001219 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:55.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6284",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6284"
},
{
"name": "RHSA-2000:127",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-127.html"
},
{
"name": "zope-calculate-roles(5777)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5777"
},
{
"name": "MDKSA-2000-083",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-083.php3"
},
{
"name": "FreeBSD-SA-01:06",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:06.zope.asc"
},
{
"name": "CLA-2000:365",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000365"
},
{
"name": "DSA-006-1",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2000/20001219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6284",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6284"
},
{
"name": "RHSA-2000:127",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-127.html"
},
{
"name": "zope-calculate-roles(5777)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5777"
},
{
"name": "MDKSA-2000-083",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-083.php3"
},
{
"name": "FreeBSD-SA-01:06",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:06.zope.asc"
},
{
"name": "CLA-2000:365",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000365"
},
{
"name": "DSA-006-1",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2000/20001219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6284",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6284"
},
{
"name": "RHSA-2000:127",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-127.html"
},
{
"name": "zope-calculate-roles(5777)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5777"
},
{
"name": "MDKSA-2000-083",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-083.php3"
},
{
"name": "FreeBSD-SA-01:06",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:06.zope.asc"
},
{
"name": "CLA-2000:365",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000365"
},
{
"name": "DSA-006-1",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2000/20001219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0128",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2001-02-06T00:00:00",
"dateUpdated": "2024-08-08T04:06:55.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0915 (GCVE-0-2000-0915)
Vulnerability from cvelistv5
Published
2001-01-22 05:00
Modified
2024-08-08 05:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/433 | vdb-entry, x_refsource_OSVDB | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:54.fingerd.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://archives.neohapsis.com/archives/bugtraq/2000-10/0017.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/1803 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5385 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:31.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "433",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/433"
},
{
"name": "FreeBSD-SA-00:54",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:54.fingerd.asc"
},
{
"name": "20001002 [sa2c@and.or.jp: bin/21704: enabling fingerd makes files world readable]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0017.html"
},
{
"name": "1803",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1803"
},
{
"name": "freebsd-fingerd-files(5385)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5385"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "433",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/433"
},
{
"name": "FreeBSD-SA-00:54",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:54.fingerd.asc"
},
{
"name": "20001002 [sa2c@and.or.jp: bin/21704: enabling fingerd makes files world readable]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0017.html"
},
{
"name": "1803",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1803"
},
{
"name": "freebsd-fingerd-files(5385)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5385"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "433",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/433"
},
{
"name": "FreeBSD-SA-00:54",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:54.fingerd.asc"
},
{
"name": "20001002 [sa2c@and.or.jp: bin/21704: enabling fingerd makes files world readable]",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0017.html"
},
{
"name": "1803",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1803"
},
{
"name": "freebsd-fingerd-files(5385)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5385"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0915",
"datePublished": "2001-01-22T05:00:00",
"dateReserved": "2000-11-24T00:00:00",
"dateUpdated": "2024-08-08T05:37:31.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0829 (GCVE-0-2002-0829)
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 03:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/5399 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=102865404413458&w=2 | vendor-advisory, x_refsource_FREEBSD | |
| http://www.osvdb.org/5073 | vdb-entry, x_refsource_OSVDB | |
| http://www.iss.net/security_center/static/9771.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:48.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5399",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5399"
},
{
"name": "FreeBSD-SA-02:35.ffs",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102865404413458\u0026w=2"
},
{
"name": "5073",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5073"
},
{
"name": "freebsd-ffs-integer-overflow(9771)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9771.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-24T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5399",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5399"
},
{
"name": "FreeBSD-SA-02:35.ffs",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102865404413458\u0026w=2"
},
{
"name": "5073",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5073"
},
{
"name": "freebsd-ffs-integer-overflow(9771)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9771.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5399",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5399"
},
{
"name": "FreeBSD-SA-02:35.ffs",
"refsource": "FREEBSD",
"url": "http://marc.info/?l=bugtraq\u0026m=102865404413458\u0026w=2"
},
{
"name": "5073",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5073"
},
{
"name": "freebsd-ffs-integer-overflow(9771)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9771.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0829",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-08-06T00:00:00",
"dateUpdated": "2024-08-08T03:03:48.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39281 (GCVE-0-2024-39281)
Vulnerability from cvelistv5
Published
2024-11-12 15:01
Modified
2025-01-10 13:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
The command ctl_persistent_reserve_out allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.freebsd.org/advisories/FreeBSD-SA-24:18.ctl.asc | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freebsd",
"vendor": "freebsd",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T20:09:13.996777Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T20:19:19.316Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-10T13:06:46.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250110-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"bhyve"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p6",
"status": "affected",
"version": "14.1-RELEASE",
"versionType": "release"
},
{
"lessThan": "p2",
"status": "affected",
"version": "13.4-RELEASE",
"versionType": "release"
},
{
"lessThan": "p8",
"status": "affected",
"version": "13.3-RELEASE",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Synacktiv"
},
{
"lang": "en",
"type": "sponsor",
"value": "The FreeBSD Foundation"
},
{
"lang": "en",
"type": "sponsor",
"value": "The Alpha-Omega Project"
}
],
"datePublic": "2024-10-29T21:32:58.000Z",
"descriptions": [
{
"lang": "en",
"value": "The command ctl_persistent_reserve_out allows the caller to specify an arbitrary size which will be passed to the kernel\u0027s memory allocator."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T15:01:57.151Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:18.ctl.asc"
}
],
"title": "Unbounded allocation in ctl(4) CAM Target Layer"
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2024-39281",
"datePublished": "2024-11-12T15:01:57.151Z",
"dateReserved": "2024-08-27T16:30:55.986Z",
"dateUpdated": "2025-01-10T13:06:46.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1166 (GCVE-0-2001-1166)
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 04:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
linprocfs on FreeBSD 4.3 and earlier does not properly restrict access to kernel memory, which allows one process with debugging rights on a privileged process to read restricted memory from that process.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:55.procfs.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.osvdb.org/1938 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/3217 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/7017.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:08.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-01:55",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:55.procfs.asc"
},
{
"name": "1938",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1938"
},
{
"name": "3217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3217"
},
{
"name": "linprocfs-process-memory-leak(7017)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7017.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "linprocfs on FreeBSD 4.3 and earlier does not properly restrict access to kernel memory, which allows one process with debugging rights on a privileged process to read restricted memory from that process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-22T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-01:55",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:55.procfs.asc"
},
{
"name": "1938",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1938"
},
{
"name": "3217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3217"
},
{
"name": "linprocfs-process-memory-leak(7017)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7017.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "linprocfs on FreeBSD 4.3 and earlier does not properly restrict access to kernel memory, which allows one process with debugging rights on a privileged process to read restricted memory from that process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-01:55",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:55.procfs.asc"
},
{
"name": "1938",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1938"
},
{
"name": "3217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3217"
},
{
"name": "linprocfs-process-memory-leak(7017)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7017.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1166",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-03-15T00:00:00",
"dateUpdated": "2024-08-08T04:44:08.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1187 (GCVE-0-1999-1187)
Vulnerability from cvelistv5
Published
2001-09-12 04:00
Modified
2024-08-01 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=87602167419803&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/416 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:02:53.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19960826 [BUG] Vulnerability in PINE",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=87602167419803\u0026w=2"
},
{
"name": "pine-tmpfile(416)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/416"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1996-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19960826 [BUG] Vulnerability in PINE",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=87602167419803\u0026w=2"
},
{
"name": "pine-tmpfile(416)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/416"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19960826 [BUG] Vulnerability in PINE",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=87602167419803\u0026w=2"
},
{
"name": "pine-tmpfile(416)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/416"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1187",
"datePublished": "2001-09-12T04:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:02:53.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1084 (GCVE-0-2017-1084)
Vulnerability from cvelistv5
Published
2018-09-12 14:00
Modified
2024-09-16 20:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Userspace stack overflow
Summary
In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by the guard-page. This results in the possibility a poorly written process could be cause a stack overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/42277/ | exploit, x_refsource_EXPLOIT-DB | |
| https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/42278/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42277",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42277/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
},
{
"name": "42278",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42278/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"status": "affected",
"version": "before 11.2-RELEASE"
}
]
}
],
"datePublic": "2017-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by the guard-page. This results in the possibility a poorly written process could be cause a stack overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Userspace stack overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-13T09:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "42277",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42277/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
},
{
"name": "42278",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42278/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"DATE_PUBLIC": "2017-06-19T00:00:00",
"ID": "CVE-2017-1084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "before 11.2-RELEASE"
}
]
}
}
]
},
"vendor_name": "FreeBSD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by the guard-page. This results in the possibility a poorly written process could be cause a stack overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Userspace stack overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42277",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42277/"
},
{
"name": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt",
"refsource": "MISC",
"url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
},
{
"name": "42278",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42278/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2017-1084",
"datePublished": "2018-09-12T14:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T20:37:51.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5597 (GCVE-0-2019-5597)
Vulnerability from cvelistv5
Published
2019-05-15 15:27
Modified
2024-08-04 20:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Check for Unusual or Exceptional Conditions
Summary
In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet allowing maliciously crafted IPv6 packets to cause a crash or potentially bypass the packet filter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-19:05.pf.asc | x_refsource_MISC | |
| https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf | x_refsource_MISC | |
| http://packetstormsecurity.com/files/152933/FreeBSD-Security-Advisory-FreeBSD-SA-19-05.pf.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/108395 | vdb-entry, x_refsource_BID | |
| https://security.netapp.com/advisory/ntap-20190611-0001/ | x_refsource_CONFIRM | |
| https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:05.pf.asc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152933/FreeBSD-Security-Advisory-FreeBSD-SA-19-05.pf.html"
},
{
"name": "108395",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108395"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190611-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FreeBSD 11.2 before 11.2-RELEASE-p10 and 12.0 before 12.0-RELEASE-p4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet allowing maliciously crafted IPv6 packets to cause a crash or potentially bypass the packet filter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-23T22:31:53",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:05.pf.asc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152933/FreeBSD-Security-Advisory-FreeBSD-SA-19-05.pf.html"
},
{
"name": "108395",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108395"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190611-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2019-5597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 11.2 before 11.2-RELEASE-p10 and 12.0 before 12.0-RELEASE-p4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet allowing maliciously crafted IPv6 packets to cause a crash or potentially bypass the packet filter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:05.pf.asc",
"refsource": "MISC",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:05.pf.asc"
},
{
"name": "https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf",
"refsource": "MISC",
"url": "https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf"
},
{
"name": "http://packetstormsecurity.com/files/152933/FreeBSD-Security-Advisory-FreeBSD-SA-19-05.pf.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152933/FreeBSD-Security-Advisory-FreeBSD-SA-19-05.pf.html"
},
{
"name": "108395",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108395"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190611-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190611-0001/"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2019-5597",
"datePublished": "2019-05-15T15:27:22",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:51.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0584 (GCVE-0-2000-0584)
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/1445 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/4912 | vdb-entry, x_refsource_XF | |
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:31.canna.asc.v1.1 | vendor-advisory, x_refsource_FREEBSD | |
| http://shadowpenguin.backsection.net/advisories/advisory038.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:21:31.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1445",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1445"
},
{
"name": "canna-bin-execute-bo(4912)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4912"
},
{
"name": "FreeBSD-SA-00:31",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:31.canna.asc.v1.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://shadowpenguin.backsection.net/advisories/advisory038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1445",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1445"
},
{
"name": "canna-bin-execute-bo(4912)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4912"
},
{
"name": "FreeBSD-SA-00:31",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:31.canna.asc.v1.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://shadowpenguin.backsection.net/advisories/advisory038.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1445",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1445"
},
{
"name": "canna-bin-execute-bo(4912)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4912"
},
{
"name": "FreeBSD-SA-00:31",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:31.canna.asc.v1.1"
},
{
"name": "http://shadowpenguin.backsection.net/advisories/advisory038.html",
"refsource": "MISC",
"url": "http://shadowpenguin.backsection.net/advisories/advisory038.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0584",
"datePublished": "2000-10-13T04:00:00",
"dateReserved": "2000-07-19T00:00:00",
"dateUpdated": "2024-08-08T05:21:31.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1056 (GCVE-0-2006-1056)
Vulnerability from cvelistv5
Published
2006-04-20 10:00
Modified
2024-08-07 16:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9995",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9995"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187911"
},
{
"name": "RHSA-2006:0437",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0437.html"
},
{
"name": "22876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22876"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9"
},
{
"name": "19735",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19735"
},
{
"name": "ADV-2006-4502",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4502"
},
{
"name": "ADV-2006-2554",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2554"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187910"
},
{
"name": "RHSA-2006:0579",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0579.html"
},
{
"name": "20716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20716"
},
{
"name": "22875",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22875"
},
{
"name": "FEDORA-2006-423",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lwn.net/Alerts/180820/"
},
{
"name": "21136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21136"
},
{
"name": "USN-302-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-302-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.vmware.com/kb/2533126"
},
{
"name": "24746",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24746"
},
{
"name": "24807",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24807"
},
{
"name": "21983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21983"
},
{
"name": "ADV-2006-4353",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4353"
},
{
"name": "21035",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21035"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/download/esx/esx-213-200610-patch.html"
},
{
"name": "DSA-1097",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1097"
},
{
"name": "RHSA-2006:0575",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0575.html"
},
{
"name": "SUSE-SA:2006:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006-05-31.html"
},
{
"name": "20061113 VMSA-2006-0009 - VMware ESX Server 3.0.0 AMD fxsave/restore issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/451421/100/0/threaded"
},
{
"name": "ADV-2006-1426",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1426"
},
{
"name": "19715",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19715"
},
{
"name": "1015966",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015966"
},
{
"name": "20060419 FreeBSD Security Advisory FreeBSD-SA-06:14.fpu",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/431341"
},
{
"name": "17600",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17600"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm"
},
{
"name": "DSA-1103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1103"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/download/esx/esx-254-200610-patch.html"
},
{
"name": "FreeBSD-SA-06:14",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:14.fpu.asc"
},
{
"name": "21465",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21465"
},
{
"name": "SUSE-SU-2014:0446",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
},
{
"name": "[linux-kernel] 20060419 RE: Linux 2.6.16.9",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=linux-kernel\u0026m=114548768214478\u0026w=2"
},
{
"name": "ADV-2006-1475",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1475"
},
{
"name": "20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/451404/100/0/threaded"
},
{
"name": "amd-fpu-information-disclosure(25871)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25871"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm"
},
{
"name": "20398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20398"
},
{
"name": "20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/451417/100/200/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:14-amd.txt"
},
{
"name": "22417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22417"
},
{
"name": "19724",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19724"
},
{
"name": "20671",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20671"
},
{
"name": "20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/451419/100/200/threaded"
},
{
"name": "20914",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20914"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9995",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9995"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187911"
},
{
"name": "RHSA-2006:0437",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0437.html"
},
{
"name": "22876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22876"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9"
},
{
"name": "19735",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19735"
},
{
"name": "ADV-2006-4502",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4502"
},
{
"name": "ADV-2006-2554",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2554"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187910"
},
{
"name": "RHSA-2006:0579",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0579.html"
},
{
"name": "20716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20716"
},
{
"name": "22875",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22875"
},
{
"name": "FEDORA-2006-423",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lwn.net/Alerts/180820/"
},
{
"name": "21136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21136"
},
{
"name": "USN-302-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-302-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.vmware.com/kb/2533126"
},
{
"name": "24746",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24746"
},
{
"name": "24807",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24807"
},
{
"name": "21983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21983"
},
{
"name": "ADV-2006-4353",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4353"
},
{
"name": "21035",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21035"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/download/esx/esx-213-200610-patch.html"
},
{
"name": "DSA-1097",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1097"
},
{
"name": "RHSA-2006:0575",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0575.html"
},
{
"name": "SUSE-SA:2006:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006-05-31.html"
},
{
"name": "20061113 VMSA-2006-0009 - VMware ESX Server 3.0.0 AMD fxsave/restore issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/451421/100/0/threaded"
},
{
"name": "ADV-2006-1426",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1426"
},
{
"name": "19715",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19715"
},
{
"name": "1015966",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015966"
},
{
"name": "20060419 FreeBSD Security Advisory FreeBSD-SA-06:14.fpu",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/431341"
},
{
"name": "17600",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17600"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm"
},
{
"name": "DSA-1103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1103"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/download/esx/esx-254-200610-patch.html"
},
{
"name": "FreeBSD-SA-06:14",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:14.fpu.asc"
},
{
"name": "21465",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21465"
},
{
"name": "SUSE-SU-2014:0446",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
},
{
"name": "[linux-kernel] 20060419 RE: Linux 2.6.16.9",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=linux-kernel\u0026m=114548768214478\u0026w=2"
},
{
"name": "ADV-2006-1475",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1475"
},
{
"name": "20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/451404/100/0/threaded"
},
{
"name": "amd-fpu-information-disclosure(25871)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25871"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm"
},
{
"name": "20398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20398"
},
{
"name": "20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/451417/100/200/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:14-amd.txt"
},
{
"name": "22417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22417"
},
{
"name": "19724",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19724"
},
{
"name": "20671",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20671"
},
{
"name": "20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/451419/100/200/threaded"
},
{
"name": "20914",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20914"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-1056",
"datePublished": "2006-04-20T10:00:00",
"dateReserved": "2006-03-07T00:00:00",
"dateUpdated": "2024-08-07T16:56:15.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6111 (GCVE-0-2019-6111)
Vulnerability from cvelistv5
Published
2019-01-31 00:00
Modified
2024-08-04 20:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:23.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4387",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4387"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190213-0001/"
},
{
"name": "106741",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106741"
},
{
"tags": [
"x_transferred"
],
"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"
},
{
"name": "USN-3885-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3885-1/"
},
{
"name": "USN-3885-2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3885-2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677794"
},
{
"tags": [
"x_transferred"
],
"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
},
{
"name": "46193",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46193/"
},
{
"name": "GLSA-201903-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-16"
},
{
"name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"
},
{
"name": "[oss-security] 20190417 Announce: OpenSSH 8.0 released",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/18/1"
},
{
"name": "FEDORA-2019-0f4190cdb0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/"
},
{
"name": "[mina-dev] 20190620 [jira] [Created] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E"
},
{
"name": "[mina-dev] 20190623 [jira] [Comment Edited] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E"
},
{
"name": "[mina-dev] 20190623 [jira] [Commented] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:1602",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html"
},
{
"name": "FreeBSD-EN-19:10",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc"
},
{
"name": "[mina-dev] 20190820 [jira] [Resolved] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "RHSA-2019:3702",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3702"
},
{
"name": "[oss-security] 20220802 CVE-2022-29154: Rsync client-side arbitrary file write vulnerability.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/02/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4387",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4387"
},
{
"url": "https://security.netapp.com/advisory/ntap-20190213-0001/"
},
{
"name": "106741",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/106741"
},
{
"url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c"
},
{
"name": "USN-3885-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/3885-1/"
},
{
"name": "USN-3885-2",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/3885-2/"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677794"
},
{
"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
},
{
"name": "46193",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46193/"
},
{
"name": "GLSA-201903-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201903-16"
},
{
"name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html"
},
{
"name": "[oss-security] 20190417 Announce: OpenSSH 8.0 released",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/18/1"
},
{
"name": "FEDORA-2019-0f4190cdb0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/"
},
{
"name": "[mina-dev] 20190620 [jira] [Created] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E"
},
{
"name": "[mina-dev] 20190623 [jira] [Comment Edited] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E"
},
{
"name": "[mina-dev] 20190623 [jira] [Commented] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:1602",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html"
},
{
"name": "FreeBSD-EN-19:10",
"tags": [
"vendor-advisory"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc"
},
{
"name": "[mina-dev] 20190820 [jira] [Resolved] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "RHSA-2019:3702",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3702"
},
{
"name": "[oss-security] 20220802 CVE-2022-29154: Rsync client-side arbitrary file write vulnerability.",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/02/1"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-6111",
"datePublished": "2019-01-31T00:00:00",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:16:23.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2654 (GCVE-0-2006-2654)
Vulnerability from cvelistv5
Published
2006-06-02 01:00
Modified
2024-08-07 17:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to 6.1 allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences. NOTE: this is similar to CVE-2006-1864, but this is a different implementation of smbfs, so it has a different CVE identifier.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/25851 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/20390 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/18202 | vdb-entry, x_refsource_BID | |
| http://security.freebsd.org/advisories/FreeBSD-SA-06:16.smbfs.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://securitytracker.com/id?1016194 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26860 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:58:51.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25851",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25851"
},
{
"name": "20390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20390"
},
{
"name": "18202",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18202"
},
{
"name": "FreeBSD-SA-06:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:16.smbfs.asc"
},
{
"name": "1016194",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016194"
},
{
"name": "freebsd-smbfs-directory-traversal(26860)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26860"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to 6.1 allows local users to escape chroot restrictions for an SMB-mounted filesystem via \"..\\\\\" sequences. NOTE: this is similar to CVE-2006-1864, but this is a different implementation of smbfs, so it has a different CVE identifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "25851",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25851"
},
{
"name": "20390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20390"
},
{
"name": "18202",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18202"
},
{
"name": "FreeBSD-SA-06:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:16.smbfs.asc"
},
{
"name": "1016194",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016194"
},
{
"name": "freebsd-smbfs-directory-traversal(26860)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26860"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2006-2654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to 6.1 allows local users to escape chroot restrictions for an SMB-mounted filesystem via \"..\\\\\" sequences. NOTE: this is similar to CVE-2006-1864, but this is a different implementation of smbfs, so it has a different CVE identifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25851",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25851"
},
{
"name": "20390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20390"
},
{
"name": "18202",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18202"
},
{
"name": "FreeBSD-SA-06:16",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:16.smbfs.asc"
},
{
"name": "1016194",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016194"
},
{
"name": "freebsd-smbfs-directory-traversal(26860)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26860"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2006-2654",
"datePublished": "2006-06-02T01:00:00",
"dateReserved": "2006-05-30T00:00:00",
"dateUpdated": "2024-08-07T17:58:51.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4147 (GCVE-0-2009-4147)
Vulnerability from cvelistv5
Published
2009-12-02 19:00
Modified
2024-08-07 06:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the (1) LD_LIBMAP, (2) LD_LIBRARY_PATH, (3) LD_LIBMAP_DISABLE, (4) LD_DEBUG, and (5) LD_ELF_HINTS_PATH environment variables, which allows local users to gain privileges by executing a setuid or setguid program with a modified variable containing an untrusted search path that points to a Trojan horse library, different vectors than CVE-2009-4146.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/37154 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/508146/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/37517 | third-party-advisory, x_refsource_SECUNIA | |
| http://people.freebsd.org/~cperciva/rtld.patch | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/508142/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id?1023250 | vdb-entry, x_refsource_SECTRACK | |
| http://packetstormsecurity.com/files/152997/FreeBSD-rtld-execl-Privilege-Escalation.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37154",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37154"
},
{
"name": "20091201 Upcoming FreeBSD Security Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508146/100/0/threaded"
},
{
"name": "37517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37517"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://people.freebsd.org/~cperciva/rtld.patch"
},
{
"name": "20091130 ** FreeBSD local r00t zeroday",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508142/100/0/threaded"
},
{
"name": "1023250",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023250"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152997/FreeBSD-rtld-execl-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the (1) LD_LIBMAP, (2) LD_LIBRARY_PATH, (3) LD_LIBMAP_DISABLE, (4) LD_DEBUG, and (5) LD_ELF_HINTS_PATH environment variables, which allows local users to gain privileges by executing a setuid or setguid program with a modified variable containing an untrusted search path that points to a Trojan horse library, different vectors than CVE-2009-4146."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-22T02:06:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37154",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37154"
},
{
"name": "20091201 Upcoming FreeBSD Security Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508146/100/0/threaded"
},
{
"name": "37517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37517"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://people.freebsd.org/~cperciva/rtld.patch"
},
{
"name": "20091130 ** FreeBSD local r00t zeroday",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508142/100/0/threaded"
},
{
"name": "1023250",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023250"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152997/FreeBSD-rtld-execl-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the (1) LD_LIBMAP, (2) LD_LIBRARY_PATH, (3) LD_LIBMAP_DISABLE, (4) LD_DEBUG, and (5) LD_ELF_HINTS_PATH environment variables, which allows local users to gain privileges by executing a setuid or setguid program with a modified variable containing an untrusted search path that points to a Trojan horse library, different vectors than CVE-2009-4146."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37154"
},
{
"name": "20091201 Upcoming FreeBSD Security Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508146/100/0/threaded"
},
{
"name": "37517",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37517"
},
{
"name": "http://people.freebsd.org/~cperciva/rtld.patch",
"refsource": "CONFIRM",
"url": "http://people.freebsd.org/~cperciva/rtld.patch"
},
{
"name": "20091130 ** FreeBSD local r00t zeroday",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508142/100/0/threaded"
},
{
"name": "1023250",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023250"
},
{
"name": "http://packetstormsecurity.com/files/152997/FreeBSD-rtld-execl-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152997/FreeBSD-rtld-execl-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4147",
"datePublished": "2009-12-02T19:00:00",
"dateReserved": "2009-12-01T00:00:00",
"dateUpdated": "2024-08-07T06:54:09.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2895 (GCVE-0-2011-2895)
Vulnerability from cvelistv5
Published
2011-08-19 17:00
Modified
2024-08-06 23:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:31.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205635"
},
{
"name": "RHSA-2011:1154",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1154.html"
},
{
"name": "USN-1191-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1191-1"
},
{
"name": "[oss-security] 20110810 LZW decompression issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/10/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=725760"
},
{
"name": "45544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45544"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205637"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "APPLE-SA-2015-12-08-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html"
},
{
"name": "MDVSA-2011:153",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:153"
},
{
"name": "49124",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49124"
},
{
"name": "45599",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45599"
},
{
"name": "RHSA-2011:1155",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1155.html"
},
{
"name": "1025920",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025920"
},
{
"name": "openSUSE-SU-2011:1299",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html"
},
{
"name": "APPLE-SA-2015-12-08-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
},
{
"name": "SUSE-SU-2011:1035",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "[xorg-announce] 20110810 X.Org security advisory: libXfont LZW decompression heap corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html"
},
{
"name": "46127",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46127"
},
{
"name": "45986",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45986"
},
{
"name": "RHSA-2011:1161",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1161.html"
},
{
"name": "RHSA-2011:1834",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1834.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17"
},
{
"name": "xorg-lzw-bo(69141)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69141"
},
{
"name": "APPLE-SA-2015-12-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
},
{
"name": "45568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45568"
},
{
"name": "[xorg-announce] 20110810 [ANNOUNCE] libXfont 1.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205641"
},
{
"name": "NetBSD-SA2011-007",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205640"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0"
},
{
"name": "48951",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48951"
},
{
"name": "APPLE-SA-2015-12-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "APPLE-SA-2012-05-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name": "DSA-2293",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2293"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=727624"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205635"
},
{
"name": "RHSA-2011:1154",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1154.html"
},
{
"name": "USN-1191-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1191-1"
},
{
"name": "[oss-security] 20110810 LZW decompression issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/10/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=725760"
},
{
"name": "45544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45544"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205637"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "APPLE-SA-2015-12-08-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html"
},
{
"name": "MDVSA-2011:153",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:153"
},
{
"name": "49124",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49124"
},
{
"name": "45599",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45599"
},
{
"name": "RHSA-2011:1155",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1155.html"
},
{
"name": "1025920",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025920"
},
{
"name": "openSUSE-SU-2011:1299",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html"
},
{
"name": "APPLE-SA-2015-12-08-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
},
{
"name": "SUSE-SU-2011:1035",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "[xorg-announce] 20110810 X.Org security advisory: libXfont LZW decompression heap corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html"
},
{
"name": "46127",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46127"
},
{
"name": "45986",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45986"
},
{
"name": "RHSA-2011:1161",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1161.html"
},
{
"name": "RHSA-2011:1834",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1834.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17"
},
{
"name": "xorg-lzw-bo(69141)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69141"
},
{
"name": "APPLE-SA-2015-12-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
},
{
"name": "45568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45568"
},
{
"name": "[xorg-announce] 20110810 [ANNOUNCE] libXfont 1.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205641"
},
{
"name": "NetBSD-SA2011-007",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205640"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0"
},
{
"name": "48951",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48951"
},
{
"name": "APPLE-SA-2015-12-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "APPLE-SA-2012-05-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name": "DSA-2293",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2293"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=727624"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2895",
"datePublished": "2011-08-19T17:00:00",
"dateReserved": "2011-07-27T00:00:00",
"dateUpdated": "2024-08-06T23:15:31.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0062 (GCVE-0-2002-0062)
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/2116 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2002/dsa-113 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.redhat.com/support/errata/RHSA-2002-020.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.iss.net/security_center/static/8222.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2116",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2116"
},
{
"name": "DSA-113",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-113"
},
{
"name": "RHSA-2002:020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-020.html"
},
{
"name": "gnu-ncurses-window-bo(8222)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8222.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to \"routines for moving the physical cursor and scrolling.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-19T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2116",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2116"
},
{
"name": "DSA-113",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-113"
},
{
"name": "RHSA-2002:020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-020.html"
},
{
"name": "gnu-ncurses-window-bo(8222)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8222.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to \"routines for moving the physical cursor and scrolling.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2116",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2116"
},
{
"name": "DSA-113",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-113"
},
{
"name": "RHSA-2002:020",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-020.html"
},
{
"name": "gnu-ncurses-window-bo(8222)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8222.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0062",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-02-13T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1230 (GCVE-0-2003-1230)
Vulnerability from cvelistv5
Published
2005-08-17 04:00
Modified
2024-08-08 02:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through 5.0-RELEASE-p3 uses only 32-bit internal keys when generating syncookies, which makes it easier for remote attackers to conduct brute force ISN guessing attacks and spoof legitimate traffic.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/19785 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11397 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/6920 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/8142/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/advisories/5013 | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:45.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19785",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19785"
},
{
"name": "freebsd-syncookie-brute-force(11397)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11397"
},
{
"name": "6920",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6920"
},
{
"name": "8142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/8142/"
},
{
"name": "FreeBSD-SA-03:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/5013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through 5.0-RELEASE-p3 uses only 32-bit internal keys when generating syncookies, which makes it easier for remote attackers to conduct brute force ISN guessing attacks and spoof legitimate traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19785",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19785"
},
{
"name": "freebsd-syncookie-brute-force(11397)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11397"
},
{
"name": "6920",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6920"
},
{
"name": "8142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/8142/"
},
{
"name": "FreeBSD-SA-03:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://www.securityfocus.com/advisories/5013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through 5.0-RELEASE-p3 uses only 32-bit internal keys when generating syncookies, which makes it easier for remote attackers to conduct brute force ISN guessing attacks and spoof legitimate traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19785",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19785"
},
{
"name": "freebsd-syncookie-brute-force(11397)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11397"
},
{
"name": "6920",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6920"
},
{
"name": "8142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8142/"
},
{
"name": "FreeBSD-SA-03:03",
"refsource": "FREEBSD",
"url": "http://www.securityfocus.com/advisories/5013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1230",
"datePublished": "2005-08-17T04:00:00",
"dateReserved": "2005-08-17T00:00:00",
"dateUpdated": "2024-08-08T02:19:45.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3048 (GCVE-0-2009-3048)
Vulnerability from cvelistv5
Published
2009-09-02 17:00
Modified
2024-08-07 06:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.opera.com/docs/changelogs/freebsd/1000/ | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5679 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.opera.com/docs/changelogs/solaris/1000/ | x_refsource_CONFIRM | |
| http://www.opera.com/docs/changelogs/linux/1000/ | x_refsource_CONFIRM | |
| http://www.opera.com/support/kb/view/931/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:55.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/freebsd/1000/"
},
{
"name": "oval:org.mitre.oval:def:5679",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5679"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/solaris/1000/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/linux/1000/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/support/kb/view/931/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the \"INPUT TYPE=file\" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a \"dropped file.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/freebsd/1000/"
},
{
"name": "oval:org.mitre.oval:def:5679",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5679"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/solaris/1000/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/linux/1000/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/support/kb/view/931/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the \"INPUT TYPE=file\" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a \"dropped file.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opera.com/docs/changelogs/freebsd/1000/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/freebsd/1000/"
},
{
"name": "oval:org.mitre.oval:def:5679",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5679"
},
{
"name": "http://www.opera.com/docs/changelogs/solaris/1000/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/solaris/1000/"
},
{
"name": "http://www.opera.com/docs/changelogs/linux/1000/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/linux/1000/"
},
{
"name": "http://www.opera.com/support/kb/view/931/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/kb/view/931/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3048",
"datePublished": "2009-09-02T17:00:00",
"dateReserved": "2009-09-02T00:00:00",
"dateUpdated": "2024-08-07T06:14:55.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15878 (GCVE-0-2019-15878)
Vulnerability from cvelistv5
Published
2020-05-13 15:38
Modified
2024-08-05 01:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use after free
Summary
In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and 11.3-RELEASE before p9, an unprivileged local user can trigger a use-after-free situation due to improper checking in SCTP when an application tries to update an SCTP-AUTH shared key.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-20:14.sctp.asc | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200518-0007/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:03:31.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:14.sctp.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200518-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FreeBSD 11.3-RELEASE before p9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and 11.3-RELEASE before p9, an unprivileged local user can trigger a use-after-free situation due to improper checking in SCTP when an application tries to update an SCTP-AUTH shared key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-18T04:06:19",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:14.sctp.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200518-0007/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2019-15878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 11.3-RELEASE before p9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and 11.3-RELEASE before p9, an unprivileged local user can trigger a use-after-free situation due to improper checking in SCTP when an application tries to update an SCTP-AUTH shared key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:14.sctp.asc",
"refsource": "MISC",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:14.sctp.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200518-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200518-0007/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2019-15878",
"datePublished": "2020-05-13T15:38:05",
"dateReserved": "2019-09-03T00:00:00",
"dateUpdated": "2024-08-05T01:03:31.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1283 (GCVE-0-2006-1283)
Vulnerability from cvelistv5
Published
2006-03-23 20:00
Modified
2024-08-07 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25397 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1015817 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/17194 | vdb-entry, x_refsource_BID | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:12.opie.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://secunia.com/advisories/19347 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/24067 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2006/1074 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bsd-opie-unauthorized-privileges(25397)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25397"
},
{
"name": "1015817",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015817"
},
{
"name": "17194",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17194"
},
{
"name": "FreeBSD-SA-06:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:12.opie.asc"
},
{
"name": "19347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19347"
},
{
"name": "24067",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24067"
},
{
"name": "ADV-2006-1074",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1074"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "bsd-opie-unauthorized-privileges(25397)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25397"
},
{
"name": "1015817",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015817"
},
{
"name": "17194",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17194"
},
{
"name": "FreeBSD-SA-06:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:12.opie.asc"
},
{
"name": "19347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19347"
},
{
"name": "24067",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24067"
},
{
"name": "ADV-2006-1074",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1074"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2006-1283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bsd-opie-unauthorized-privileges(25397)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25397"
},
{
"name": "1015817",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015817"
},
{
"name": "17194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17194"
},
{
"name": "FreeBSD-SA-06:12",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:12.opie.asc"
},
{
"name": "19347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19347"
},
{
"name": "24067",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24067"
},
{
"name": "ADV-2006-1074",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1074"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2006-1283",
"datePublished": "2006-03-23T20:00:00",
"dateReserved": "2006-03-19T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3326 (GCVE-0-2023-3326)
Vulnerability from cvelistv5
Published
2023-06-22 16:37
Modified
2024-12-05 17:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-303 - Incorrect Implementation of Authentication Algorithm
Summary
pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-23:04.pam_krb5.asc | vendor-advisory | |
| https://security.netapp.com/advisory/ntap-20230714-0005/ | third-party-advisory | |
| https://security.FreeBSD.org/advisories/FreeBSD-SA-23:09.pam_krb5.asc | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:04.pam_krb5.asc"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230714-0005/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:09.pam_krb5.asc"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T17:45:11.407919Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T17:45:19.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"pam_krb5"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "13.2-RELEASE-p1",
"status": "affected",
"version": "13.2-RELEASE",
"versionType": "release"
},
{
"lessThan": "13.1-RELEASE-p8",
"status": "affected",
"version": "13.1-RELEASE",
"versionType": "release"
},
{
"lessThan": "12.4-RELEASE-p3",
"status": "affected",
"version": "12.4-RELEASE",
"versionType": "release"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eExposure only occurs if pam_krb5 is enabled in the PAM configuration, an /etc/krb5.conf is installed, and the system does not have a system keytab.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eFor FreeBSD, the default installation has pam_krb5 commented out and does not have an /etc/krb5.conf.\u003c/div\u003e"
}
],
"value": "Exposure only occurs if pam_krb5 is enabled in the PAM configuration, an /etc/krb5.conf is installed, and the system does not have a system keytab.\n\n\n\n\nFor FreeBSD, the default installation has pam_krb5 commented out and does not have an /etc/krb5.conf.\n\n"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Taylor R Campbell \u003criastradh@NetBSD.org\u003e"
}
],
"datePublic": "2023-06-21T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system.\u003cbr\u003e"
}
],
"value": "pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303 Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-01T22:40:58.267Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:04.pam_krb5.asc"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230714-0005/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:09.pam_krb5.asc"
}
],
"source": {
"advisory": "FreeBSD-SA-23:04.pam_krb5",
"discovery": "UNKNOWN"
},
"title": "Network authentication attack via pam_krb5",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "If you are not using Kerberos at all, ensure /etc/krb5.conf is missing from your system. Additionally, ensure pam_krb5 is commented out of your PAM configuration located as documented in pam.conf(5), generally /etc/pam.d. Note, the default FreeBSD PAM configuration has pam_krb5 commented out.\u003cbr\u003e\u003cbr\u003eIf you are using Kerberos, but not using pam_krb5, ensure pam_krb5 is commented out of your PAM configuration located as documented in pam.conf(5), generally /etc/pam.d. Note, the default FreeBSD PAM configuration has pam_krb5 commented out.\u003cbr\u003e\u003cbr\u003eIf you are using pam_krb5, ensure you have a keytab on your system as provided by your Kerberos administrator.\u003cbr\u003e"
}
],
"value": "If you are not using Kerberos at all, ensure /etc/krb5.conf is missing from your system. Additionally, ensure pam_krb5 is commented out of your PAM configuration located as documented in pam.conf(5), generally /etc/pam.d. Note, the default FreeBSD PAM configuration has pam_krb5 commented out.\n\nIf you are using Kerberos, but not using pam_krb5, ensure pam_krb5 is commented out of your PAM configuration located as documented in pam.conf(5), generally /etc/pam.d. Note, the default FreeBSD PAM configuration has pam_krb5 commented out.\n\nIf you are using pam_krb5, ensure you have a keytab on your system as provided by your Kerberos administrator.\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2023-3326",
"datePublished": "2023-06-22T16:37:51.360Z",
"dateReserved": "2023-06-19T16:14:36.133Z",
"dateUpdated": "2024-12-05T17:45:19.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3530 (GCVE-0-2008-3530)
Vulnerability from cvelistv5
Published
2008-09-05 16:00
Modified
2024-08-07 09:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD 3.0 through 4.0, and possibly other operating systems does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message, which allows remote attackers to cause a denial of service (panic) via a crafted Packet Too Big Message.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:18.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "NetBSD-SA2008-015",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-015.txt.asc"
},
{
"name": "31745",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31745"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3467"
},
{
"name": "FreeBSD-SA-08:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:09.icmp6.asc"
},
{
"name": "35074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35074"
},
{
"name": "APPLE-SA-2009-05-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "1021111",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021111"
},
{
"name": "freebsd-icmp6mtudiscupdate-dos(44908)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44908"
},
{
"name": "31004",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31004"
},
{
"name": "TA09-133A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "ADV-2009-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "1020820",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020820"
},
{
"name": "32401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32401"
},
{
"name": "ADV-2009-0633",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0633"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD 3.0 through 4.0, and possibly other operating systems does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message, which allows remote attackers to cause a denial of service (panic) via a crafted Packet Too Big Message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "NetBSD-SA2008-015",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-015.txt.asc"
},
{
"name": "31745",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31745"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3467"
},
{
"name": "FreeBSD-SA-08:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:09.icmp6.asc"
},
{
"name": "35074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35074"
},
{
"name": "APPLE-SA-2009-05-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "1021111",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021111"
},
{
"name": "freebsd-icmp6mtudiscupdate-dos(44908)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44908"
},
{
"name": "31004",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31004"
},
{
"name": "TA09-133A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "ADV-2009-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "1020820",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020820"
},
{
"name": "32401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32401"
},
{
"name": "ADV-2009-0633",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0633"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD 3.0 through 4.0, and possibly other operating systems does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message, which allows remote attackers to cause a denial of service (panic) via a crafted Packet Too Big Message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "NetBSD-SA2008-015",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-015.txt.asc"
},
{
"name": "31745",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31745"
},
{
"name": "http://support.apple.com/kb/HT3549",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "http://support.apple.com/kb/HT3467",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3467"
},
{
"name": "FreeBSD-SA-08:09",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:09.icmp6.asc"
},
{
"name": "35074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35074"
},
{
"name": "APPLE-SA-2009-05-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "1021111",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021111"
},
{
"name": "freebsd-icmp6mtudiscupdate-dos(44908)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44908"
},
{
"name": "31004",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31004"
},
{
"name": "TA09-133A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "ADV-2009-1297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "1020820",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020820"
},
{
"name": "32401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32401"
},
{
"name": "ADV-2009-0633",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0633"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3530",
"datePublished": "2008-09-05T16:00:00",
"dateReserved": "2008-08-07T00:00:00",
"dateUpdated": "2024-08-07T09:45:18.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5370 (GCVE-0-2023-5370)
Vulnerability from cvelistv5
Published
2023-10-04 03:59
Modified
2025-02-13 17:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-665 - Improper Initialization
Summary
On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:43.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:14.smccc.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231124-0005/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5370",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T19:39:59.332598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T19:40:47.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"arm64"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p4",
"status": "affected",
"version": "13.2-RELEASE",
"versionType": "release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0.\u003c/p\u003e"
}
],
"value": "On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665 Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-24T09:06:43.272Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:14.smccc.asc"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231124-0005/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "arm64 boot CPUs may lack speculative execution protections",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2023-5370",
"datePublished": "2023-10-04T03:59:45.199Z",
"dateReserved": "2023-10-03T21:26:17.789Z",
"dateUpdated": "2025-02-13T17:20:10.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25578 (GCVE-0-2020-25578)
Vulnerability from cvelistv5
Published
2021-03-26 20:44
Modified
2024-08-04 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper initialization
Summary
In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular, tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by these file systems.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-21:01.fsdisclosure.asc | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210423-0002/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:33:05.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:01.fsdisclosure.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210423-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FreeBSD 12.2-RELEASE before p3, 12.1-RELEASE before p13, 11.4-RELEASE before p7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular, tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by these file systems."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper initialization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-23T05:06:25",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:01.fsdisclosure.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210423-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2020-25578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 12.2-RELEASE before p3, 12.1-RELEASE before p13, 11.4-RELEASE before p7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular, tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by these file systems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper initialization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:01.fsdisclosure.asc",
"refsource": "MISC",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:01.fsdisclosure.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210423-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210423-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2020-25578",
"datePublished": "2021-03-26T20:44:43",
"dateReserved": "2020-09-14T00:00:00",
"dateUpdated": "2024-08-04T15:33:05.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6834 (GCVE-0-2013-6834)
Vulnerability from cvelistv5
Published
2013-11-21 02:00
Modified
2024-08-06 17:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ql_eioctl function in sys/dev/qlxgbe/ql_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0107.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:23.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131115 XADV-2013006 FreeBSD \u003c= 10 kernel qlxge/qlxgbe Driver IOCTL Multiple Kernel Memory Leak Bugs",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0107.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ql_eioctl function in sys/dev/qlxgbe/ql_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-23T18:10:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20131115 XADV-2013006 FreeBSD \u003c= 10 kernel qlxge/qlxgbe Driver IOCTL Multiple Kernel Memory Leak Bugs",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0107.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ql_eioctl function in sys/dev/qlxgbe/ql_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131115 XADV-2013006 FreeBSD \u003c= 10 kernel qlxge/qlxgbe Driver IOCTL Multiple Kernel Memory Leak Bugs",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0107.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6834",
"datePublished": "2013-11-21T02:00:00",
"dateReserved": "2013-11-20T00:00:00",
"dateUpdated": "2024-08-06T17:46:23.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0099 (GCVE-0-2004-0099)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when creating a snapshot for a file system, which causes default values for other flags to be used, possibly disabling security-critical settings and allowing a local user to bypass intended access restrictions.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.osvdb.org/3790 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15005 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/9533 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:02.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-04:01",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc"
},
{
"name": "3790",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3790"
},
{
"name": "freebsd-mksnapffs-bypass-security(15005)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15005"
},
{
"name": "9533",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9533"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when creating a snapshot for a file system, which causes default values for other flags to be used, possibly disabling security-critical settings and allowing a local user to bypass intended access restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-04:01",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc"
},
{
"name": "3790",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3790"
},
{
"name": "freebsd-mksnapffs-bypass-security(15005)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15005"
},
{
"name": "9533",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9533"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when creating a snapshot for a file system, which causes default values for other flags to be used, possibly disabling security-critical settings and allowing a local user to bypass intended access restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-04:01",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc"
},
{
"name": "3790",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3790"
},
{
"name": "freebsd-mksnapffs-bypass-security(15005)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15005"
},
{
"name": "9533",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9533"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0099",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-01-29T00:00:00",
"dateUpdated": "2024-08-08T00:10:02.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4755 (GCVE-0-2010-4755)
Vulnerability from cvelistv5
Published
2011-03-02 19:00
Modified
2024-08-07 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
References
| ▼ | URL | Tags |
|---|---|---|
| http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1 | x_refsource_CONFIRM | |
| http://securityreason.com/achievement_securityalert/89 | third-party-advisory, x_refsource_SREASONRES | |
| http://securityreason.com/exploitalert/9223 | x_refsource_MISC | |
| http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1 | x_refsource_CONFIRM | |
| http://cxib.net/stuff/glob-0day.c | x_refsource_MISC | |
| http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc | vendor-advisory, x_refsource_NETBSD | |
| http://securityreason.com/securityalert/8116 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:34.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1"
},
{
"name": "20101007 Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/89"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityreason.com/exploitalert/9223"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cxib.net/stuff/glob-0day.c"
},
{
"name": "NetBSD-SA2010-008",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc"
},
{
"name": "8116",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8116"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-22T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1"
},
{
"name": "20101007 Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon)",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/89"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityreason.com/exploitalert/9223"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cxib.net/stuff/glob-0day.c"
},
{
"name": "NetBSD-SA2010-008",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc"
},
{
"name": "8116",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8116"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1",
"refsource": "CONFIRM",
"url": "http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1"
},
{
"name": "20101007 Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon)",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/89"
},
{
"name": "http://securityreason.com/exploitalert/9223",
"refsource": "MISC",
"url": "http://securityreason.com/exploitalert/9223"
},
{
"name": "http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1",
"refsource": "CONFIRM",
"url": "http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1"
},
{
"name": "http://cxib.net/stuff/glob-0day.c",
"refsource": "MISC",
"url": "http://cxib.net/stuff/glob-0day.c"
},
{
"name": "NetBSD-SA2010-008",
"refsource": "NETBSD",
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc"
},
{
"name": "8116",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8116"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4755",
"datePublished": "2011-03-02T19:00:00",
"dateReserved": "2011-03-02T00:00:00",
"dateUpdated": "2024-08-07T03:55:34.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3449 (GCVE-0-2021-3449)
Vulnerability from cvelistv5
Published
2021-03-25 14:25
Modified
2024-09-17 03:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- NULL pointer dereference
Summary
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20210325.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148"
},
{
"name": "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
},
{
"name": "DSA-4875",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4875"
},
{
"name": "[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
},
{
"name": "[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
},
{
"name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
},
{
"name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
},
{
"name": "GLSA-202103-03",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202103-03"
},
{
"name": "FEDORA-2021-cbf14ab8f9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-09"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-06"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-05"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
},
{
"name": "[debian-lts-announce] 20210831 [SECURITY] [DLA 2751-1] postgresql-9.6 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"status": "affected",
"version": "Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Peter K\u00e4stle (Nokia) and Samuel Sapalski (Nokia)"
}
],
"datePublic": "2021-03-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j)."
}
],
"metrics": [
{
"other": {
"content": {
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#High",
"value": "High"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NULL pointer dereference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:05:57.096577",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"url": "https://www.openssl.org/news/secadv/20210325.txt"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148"
},
{
"name": "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
},
{
"name": "DSA-4875",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4875"
},
{
"name": "[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
},
{
"name": "[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
},
{
"name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
},
{
"name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
},
{
"name": "GLSA-202103-03",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202103-03"
},
{
"name": "FEDORA-2021-cbf14ab8f9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"url": "https://www.tenable.com/security/tns-2021-09"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
},
{
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
},
{
"url": "https://www.tenable.com/security/tns-2021-06"
},
{
"url": "https://www.tenable.com/security/tns-2021-05"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf"
},
{
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
},
{
"name": "[debian-lts-announce] 20210831 [SECURITY] [DLA 2751-1] postgresql-9.6 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "NULL pointer deref in signature_algorithms processing"
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2021-3449",
"datePublished": "2021-03-25T14:25:13.659307Z",
"dateReserved": "2021-03-17T00:00:00",
"dateUpdated": "2024-09-17T03:43:55.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1518 (GCVE-0-1999-1518)
Vulnerability from cvelistv5
Published
2001-09-12 04:00
Modified
2024-08-01 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Operating systems with shared memory implementations based on BSD 4.4 code allow a user to conduct a denial of service and bypass memory limits (e.g., as specified with rlimits) using mmap or shmget to allocate memory and cause page faults.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/526 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=93207728118694&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/2351 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:18:07.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "526",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/526"
},
{
"name": "19990715 Shared memory DoS\u0027s",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=93207728118694\u0026w=2"
},
{
"name": "bsd-shared-memory-dos(2351)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2351"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Operating systems with shared memory implementations based on BSD 4.4 code allow a user to conduct a denial of service and bypass memory limits (e.g., as specified with rlimits) using mmap or shmget to allocate memory and cause page faults."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "526",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/526"
},
{
"name": "19990715 Shared memory DoS\u0027s",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=93207728118694\u0026w=2"
},
{
"name": "bsd-shared-memory-dos(2351)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2351"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Operating systems with shared memory implementations based on BSD 4.4 code allow a user to conduct a denial of service and bypass memory limits (e.g., as specified with rlimits) using mmap or shmget to allocate memory and cause page faults."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "526",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/526"
},
{
"name": "19990715 Shared memory DoS\u0027s",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=93207728118694\u0026w=2"
},
{
"name": "bsd-shared-memory-dos(2351)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2351"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1518",
"datePublished": "2001-09-12T04:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:18:07.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0356 (GCVE-0-2005-0356)
Vulnerability from cvelistv5
Published
2005-05-31 04:00
Modified
2024-08-07 21:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20635 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/15393 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.kb.cert.org/vuls/id/637934 | third-party-advisory, x_refsource_CERT-VN | |
| http://secunia.com/advisories/15417/ | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/18662 | third-party-advisory, x_refsource_SECUNIA | |
| ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt | vendor-advisory, x_refsource_SCO | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.securityfocus.com/bid/13676 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml | vendor-advisory, x_refsource_CISCO | |
| http://secunia.com/advisories/18222 | third-party-advisory, x_refsource_SECUNIA | |
| http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:53.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "tcp-ip-timestamp-dos(20635)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20635"
},
{
"name": "15393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15393"
},
{
"name": "VU#637934",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/637934"
},
{
"name": "15417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15417/"
},
{
"name": "18662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18662"
},
{
"name": "SCOSA-2005.64",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt"
},
{
"name": "FreeBSD-SA-05:15",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc"
},
{
"name": "13676",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13676"
},
{
"name": "20050518 Vulnerability in a Variant of the TCP Timestamps Option",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml"
},
{
"name": "18222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "tcp-ip-timestamp-dos(20635)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20635"
},
{
"name": "15393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15393"
},
{
"name": "VU#637934",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/637934"
},
{
"name": "15417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15417/"
},
{
"name": "18662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18662"
},
{
"name": "SCOSA-2005.64",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt"
},
{
"name": "FreeBSD-SA-05:15",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc"
},
{
"name": "13676",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13676"
},
{
"name": "20050518 Vulnerability in a Variant of the TCP Timestamps Option",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml"
},
{
"name": "18222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2005-0356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tcp-ip-timestamp-dos(20635)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20635"
},
{
"name": "15393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15393"
},
{
"name": "VU#637934",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/637934"
},
{
"name": "15417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15417/"
},
{
"name": "18662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18662"
},
{
"name": "SCOSA-2005.64",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt"
},
{
"name": "FreeBSD-SA-05:15",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc"
},
{
"name": "13676",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13676"
},
{
"name": "20050518 Vulnerability in a Variant of the TCP Timestamps Option",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml"
},
{
"name": "18222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18222"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2005-0356",
"datePublished": "2005-05-31T04:00:00",
"dateReserved": "2005-02-11T00:00:00",
"dateUpdated": "2024-08-07T21:13:53.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0914 (GCVE-0-2003-0914)
Vulnerability from cvelistv5
Published
2003-12-02 05:00
Modified
2024-08-08 02:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57434 | vendor-advisory, x_refsource_SUNALERT | |
| ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-003.0/CSSA-2004-003.0.txt | vendor-advisory, x_refsource_SCO | |
| ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33/CSSA-2003-SCO.33.txt | vendor-advisory, x_refsource_SCO | |
| http://www.trustix.org/errata/misc/2003/TSL-2003-0044-bind.asc.txt | vendor-advisory, x_refsource_TRUSTIX | |
| http://www.kb.cert.org/vuls/id/734644 | third-party-advisory, x_refsource_CERT-VN | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2011 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.debian.org/security/2004/dsa-409 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/10542 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:12:34.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57434",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57434"
},
{
"name": "CSSA-2004-003.0",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-003.0/CSSA-2004-003.0.txt"
},
{
"name": "CSSA-2003-SCO.33",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33/CSSA-2003-SCO.33.txt"
},
{
"name": "2003-0044",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/misc/2003/TSL-2003-0044-bind.asc.txt"
},
{
"name": "VU#734644",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/734644"
},
{
"name": "oval:org.mitre.oval:def:2011",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2011"
},
{
"name": "DSA-409",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-409"
},
{
"name": "10542",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10542"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-11-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "57434",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57434"
},
{
"name": "CSSA-2004-003.0",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-003.0/CSSA-2004-003.0.txt"
},
{
"name": "CSSA-2003-SCO.33",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33/CSSA-2003-SCO.33.txt"
},
{
"name": "2003-0044",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/misc/2003/TSL-2003-0044-bind.asc.txt"
},
{
"name": "VU#734644",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/734644"
},
{
"name": "oval:org.mitre.oval:def:2011",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2011"
},
{
"name": "DSA-409",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-409"
},
{
"name": "10542",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10542"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57434",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57434"
},
{
"name": "CSSA-2004-003.0",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-003.0/CSSA-2004-003.0.txt"
},
{
"name": "CSSA-2003-SCO.33",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33/CSSA-2003-SCO.33.txt"
},
{
"name": "2003-0044",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/misc/2003/TSL-2003-0044-bind.asc.txt"
},
{
"name": "VU#734644",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/734644"
},
{
"name": "oval:org.mitre.oval:def:2011",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2011"
},
{
"name": "DSA-409",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-409"
},
{
"name": "10542",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10542"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0914",
"datePublished": "2003-12-02T05:00:00",
"dateReserved": "2003-11-04T00:00:00",
"dateUpdated": "2024-08-08T02:12:34.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1391 (GCVE-0-2008-1391)
Vulnerability from cvelistv5
Published
2008-03-27 17:00
Modified
2024-08-07 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28479",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28479"
},
{
"name": "20080327 [securityreason] *BSD libc (strfmon) Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490158/100/0/threaded"
},
{
"name": "ADV-2008-3444",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3444"
},
{
"name": "TA08-350A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
},
{
"name": "bsd-strfmon-overflow(41504)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41504"
},
{
"name": "33179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33179"
},
{
"name": "3770",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3770"
},
{
"name": "SUSE-SA:2010:052",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdlib/strfmon.c"
},
{
"name": "20080325 *BSD libc (strfmon) Multiple vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/53"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3338"
},
{
"name": "DSA-2058",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2058"
},
{
"name": "APPLE-SA-2008-12-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
},
{
"name": "1019722",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019722"
},
{
"name": "29574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29574"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28479",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28479"
},
{
"name": "20080327 [securityreason] *BSD libc (strfmon) Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490158/100/0/threaded"
},
{
"name": "ADV-2008-3444",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3444"
},
{
"name": "TA08-350A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
},
{
"name": "bsd-strfmon-overflow(41504)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41504"
},
{
"name": "33179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33179"
},
{
"name": "3770",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3770"
},
{
"name": "SUSE-SA:2010:052",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdlib/strfmon.c"
},
{
"name": "20080325 *BSD libc (strfmon) Multiple vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/53"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3338"
},
{
"name": "DSA-2058",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2058"
},
{
"name": "APPLE-SA-2008-12-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
},
{
"name": "1019722",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019722"
},
{
"name": "29574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29574"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28479",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28479"
},
{
"name": "20080327 [securityreason] *BSD libc (strfmon) Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490158/100/0/threaded"
},
{
"name": "ADV-2008-3444",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3444"
},
{
"name": "TA08-350A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
},
{
"name": "bsd-strfmon-overflow(41504)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41504"
},
{
"name": "33179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33179"
},
{
"name": "3770",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3770"
},
{
"name": "SUSE-SA:2010:052",
"refsource": "SUSE",
"url": "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html"
},
{
"name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdlib/strfmon.c",
"refsource": "CONFIRM",
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdlib/strfmon.c"
},
{
"name": "20080325 *BSD libc (strfmon) Multiple vulnerabilities",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/53"
},
{
"name": "http://support.apple.com/kb/HT3338",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3338"
},
{
"name": "DSA-2058",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2058"
},
{
"name": "APPLE-SA-2008-12-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
},
{
"name": "1019722",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019722"
},
{
"name": "29574",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29574"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1391",
"datePublished": "2008-03-27T17:00:00",
"dateReserved": "2008-03-18T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6257 (GCVE-0-2017-6257)
Vulnerability from cvelistv5
Published
2017-07-28 19:00
Modified
2024-09-16 22:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service, Escalation of Privileges
Summary
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges
References
| ▼ | URL | Tags |
|---|---|---|
| http://nvidia.custhelp.com/app/answers/detail/a_id/4525 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nvidia Corporation | NVIDIA GPU Display Driver |
Version: All |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:48.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4525"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NVIDIA GPU Display Driver",
"vendor": "Nvidia Corporation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2017-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service, Escalation of Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T18:57:01",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4525"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"DATE_PUBLIC": "2017-07-27T00:00:00",
"ID": "CVE-2017-6257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA GPU Display Driver",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service, Escalation of Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4525",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4525"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2017-6257",
"datePublished": "2017-07-28T19:00:00Z",
"dateReserved": "2017-02-23T00:00:00",
"dateUpdated": "2024-09-16T22:50:22.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3711 (GCVE-0-2014-3711)
Vulnerability from cvelistv5
Published
2014-10-27 15:00
Modified
2024-08-06 10:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2014/dsa-3070 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/62218 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.securitytracker.com/id/1031100 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:18.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3070",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3070"
},
{
"name": "62218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62218"
},
{
"name": "FreeBSD-SA-14:22",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc"
},
{
"name": "1031100",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031100"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-13T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-3070",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3070"
},
{
"name": "62218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62218"
},
{
"name": "FreeBSD-SA-14:22",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc"
},
{
"name": "1031100",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031100"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3070",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3070"
},
{
"name": "62218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62218"
},
{
"name": "FreeBSD-SA-14:22",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc"
},
{
"name": "1031100",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031100"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3711",
"datePublished": "2014-10-27T15:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:18.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7460 (GCVE-0-2020-7460)
Vulnerability from cvelistv5
Published
2020-08-06 16:49
Modified
2024-08-04 09:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Kernel out of bounds write
Summary
In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace program to modify control message headers after they were validation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-20:23.sendmsg.asc | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-949/ | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200821-0005/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:23.sendmsg.asc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-949/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200821-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FreeBSD 12.1-RELEASE before p8, 11.4-RELEASE before p2, 11.3-RELEASE before p12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace program to modify control message headers after they were validation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Kernel out of bounds write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-21T09:06:13",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:23.sendmsg.asc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-949/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200821-0005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2020-7460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 12.1-RELEASE before p8, 11.4-RELEASE before p2, 11.3-RELEASE before p12"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace program to modify control message headers after they were validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Kernel out of bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:23.sendmsg.asc",
"refsource": "MISC",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:23.sendmsg.asc"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-949/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-949/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200821-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200821-0005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2020-7460",
"datePublished": "2020-08-06T16:49:16",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:25:49.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-1011 (GCVE-0-2000-1011)
Vulnerability from cvelistv5
Published
2001-01-22 05:00
Modified
2024-08-08 05:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to gain root privileges via a long environmental variable.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:53.catopen.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.osvdb.org/6070 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5638 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:32.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-00:53",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:53.catopen.asc"
},
{
"name": "6070",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6070"
},
{
"name": "freebsd-catopen-bo(5638)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5638"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to gain root privileges via a long environmental variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-00:53",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:53.catopen.asc"
},
{
"name": "6070",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6070"
},
{
"name": "freebsd-catopen-bo(5638)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5638"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to gain root privileges via a long environmental variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-00:53",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:53.catopen.asc"
},
{
"name": "6070",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6070"
},
{
"name": "freebsd-catopen-bo(5638)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5638"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1011",
"datePublished": "2001-01-22T05:00:00",
"dateReserved": "2000-11-24T00:00:00",
"dateUpdated": "2024-08-08T05:37:32.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5710 (GCVE-0-2013-5710)
Vulnerability from cvelistv5
Published
2013-09-23 20:00
Modified
2024-08-06 17:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs instance to a file in a different instance.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/54861 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id/1029015 | vdb-entry, x_refsource_SECTRACK | |
| http://www.debian.org/security/2013/dsa-2769 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.freebsd.org/security/advisories/FreeBSD-SA-13:13.nullfs.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://svnweb.freebsd.org/base?view=revision&revision=255442 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:22:30.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54861",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54861"
},
{
"name": "1029015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029015"
},
{
"name": "DSA-2769",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2769"
},
{
"name": "FreeBSD-SA-13:13",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:13.nullfs.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=255442"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs instance to a file in a different instance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-24T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "54861",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54861"
},
{
"name": "1029015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029015"
},
{
"name": "DSA-2769",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2769"
},
{
"name": "FreeBSD-SA-13:13",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:13.nullfs.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=255442"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs instance to a file in a different instance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54861",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54861"
},
{
"name": "1029015",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029015"
},
{
"name": "DSA-2769",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2769"
},
{
"name": "FreeBSD-SA-13:13",
"refsource": "FREEBSD",
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:13.nullfs.asc"
},
{
"name": "http://svnweb.freebsd.org/base?view=revision\u0026revision=255442",
"refsource": "CONFIRM",
"url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=255442"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5710",
"datePublished": "2013-09-23T20:00:00",
"dateReserved": "2013-09-06T00:00:00",
"dateUpdated": "2024-08-06T17:22:30.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3494 (GCVE-0-2023-3494)
Vulnerability from cvelistv5
Published
2023-08-01 22:13
Modified
2025-02-13 16:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer overflowing when copying this string. Malicious, privileged software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root, mitigated by the capabilities assigned through the Capsicum sandbox available to the bhyve process.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:07.bhyve.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230831-0006/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3494",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T20:16:54.904181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T20:17:19.843Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"bhyve"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "13.2-RELEASE-p2",
"status": "affected",
"version": "13.2-RELEASE",
"versionType": "release"
},
{
"lessThan": "13.1-RELEASE-p9",
"status": "affected",
"version": "13.1-RELEASE",
"versionType": "release"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Only bhyve guests that are executed with the \"-l bootrom\" option are affected.\u003cbr\u003e"
}
],
"value": "Only bhyve guests that are executed with the \"-l bootrom\" option are affected."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Omri Ben Bassat and Vladimir Eli Tokarev from Microsoft"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process\u0027 memory. A bug in the state machine implementation can result in a buffer overflowing when copying this string. Malicious, privileged software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root, mitigated by the capabilities assigned through the Capsicum sandbox available to the bhyve process.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process\u0027 memory. A bug in the state machine implementation can result in a buffer overflowing when copying this string. Malicious, privileged software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root, mitigated by the capabilities assigned through the Capsicum sandbox available to the bhyve process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T18:06:15.335Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:07.bhyve.asc"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230831-0006/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "bhyve privileged guest escape via fwctl",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2023-3494",
"datePublished": "2023-08-01T22:13:21.634Z",
"dateReserved": "2023-06-30T22:57:48.603Z",
"dateUpdated": "2025-02-13T16:55:41.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6660 (GCVE-0-2023-6660)
Vulnerability from cvelistv5
Published
2023-12-13 08:23
Modified
2025-02-13 17:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever data had been in the packet buffer previously. Thus, an unprivileged user with access to an affected system may abuse the bug to trigger disclosure of sensitive information. In particular, the leak is limited to data previously stored in mbufs, which are used for network transmission and reception, and for certain types of inter-process communication.
The bug can also be triggered unintentionally by system applications, in which case the data written by the application to an NFS mount may be corrupted. Corrupted data is written over the network to the NFS server, and thus also susceptible to being snooped by other hosts on the network.
Note that the bug exists only in the NFS client; the version and implementation of the server has no effect on whether a given system is affected by the problem.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-23:18.nfsclient.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240322-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"nfsclient"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p3",
"status": "affected",
"version": "14.0-RELEASE",
"versionType": "release"
},
{
"lessThan": "p8",
"status": "affected",
"version": "13.2-RELEASE",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Hostpoint AG"
}
],
"datePublic": "2023-12-12T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever data had been in the packet buffer previously. Thus, an unprivileged user with access to an affected system may abuse the bug to trigger disclosure of sensitive information. In particular, the leak is limited to data previously stored in mbufs, which are used for network transmission and reception, and for certain types of inter-process communication.\n\nThe bug can also be triggered unintentionally by system applications, in which case the data written by the application to an NFS mount may be corrupted. Corrupted data is written over the network to the NFS server, and thus also susceptible to being snooped by other hosts on the network.\n\nNote that the bug exists only in the NFS client; the version and implementation of the server has no effect on whether a given system is affected by the problem."
}
],
"providerMetadata": {
"dateUpdated": "2024-03-22T19:06:07.627Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-23:18.nfsclient.asc"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240322-0002/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NFS client data corruption and kernel memory disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2023-6660",
"datePublished": "2023-12-13T08:23:40.149Z",
"dateReserved": "2023-12-11T02:57:26.026Z",
"dateUpdated": "2025-02-13T17:26:28.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43110 (GCVE-0-2024-43110)
Vulnerability from cvelistv5
Published
2024-09-05 04:31
Modified
2024-09-05 13:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
The ctl_request_sense function could expose up to three bytes of the kernel heap to userspace.
Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freebsd",
"vendor": "freebsd",
"versions": [
{
"lessThan": "14.1_p4",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "14.0_p10",
"status": "affected",
"version": "14.0",
"versionType": "custom"
},
{
"lessThan": "13.3_p6",
"status": "affected",
"version": "13.3",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-43110",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T13:11:06.616986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T13:11:27.145Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"ctl"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p4",
"status": "affected",
"version": "14.1-RELEASE",
"versionType": "release"
},
{
"lessThan": "p10",
"status": "affected",
"version": "14.0-RELEASE",
"versionType": "release"
},
{
"lessThan": "p6",
"status": "affected",
"version": "13.3-RELEASE",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Synacktiv"
},
{
"lang": "en",
"type": "sponsor",
"value": "The FreeBSD Foundation"
},
{
"lang": "en",
"type": "sponsor",
"value": "The Alpha-Omega Project"
}
],
"datePublic": "2024-09-04T23:37:17.000Z",
"descriptions": [
{
"lang": "en",
"value": "The ctl_request_sense function could expose up to three bytes of the kernel heap to userspace.\n\nMalicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T04:31:19.166Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc"
}
],
"title": "Multiple issues in ctl(4) CAM Target Layer"
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2024-43110",
"datePublished": "2024-09-05T04:31:19.166Z",
"dateReserved": "2024-08-27T16:30:55.973Z",
"dateUpdated": "2024-09-05T13:11:27.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0572 (GCVE-0-2002-0572)
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/8920.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/4568 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/809347 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.osvdb.org/6095 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0033.html | mailing-list, x_refsource_VULNWATCH | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.ciac.org/ciac/bulletins/m-072.shtml | third-party-advisory, government-resource, x_refsource_CIAC | |
| http://online.securityfocus.com/archive/1/268970 | mailing-list, x_refsource_BUGTRAQ | |
| http://online.securityfocus.com/archive/1/269102 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:37.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bsd-suid-apps-gain-privileges(8920)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8920.php"
},
{
"name": "4568",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4568"
},
{
"name": "VU#809347",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/809347"
},
{
"name": "6095",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6095"
},
{
"name": "20020422 Pine Internet Advisory: Setuid application execution may give local root in FreeBSD",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0033.html"
},
{
"name": "FreeBSD-SA-02:23",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc"
},
{
"name": "M-072",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/m-072.shtml"
},
{
"name": "20020422 Pine Internet Advisory: Setuid application execution may give local root in FreeBSD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/268970"
},
{
"name": "20020423 cheers",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/269102"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-17T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bsd-suid-apps-gain-privileges(8920)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8920.php"
},
{
"name": "4568",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4568"
},
{
"name": "VU#809347",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/809347"
},
{
"name": "6095",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6095"
},
{
"name": "20020422 Pine Internet Advisory: Setuid application execution may give local root in FreeBSD",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0033.html"
},
{
"name": "FreeBSD-SA-02:23",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc"
},
{
"name": "M-072",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/m-072.shtml"
},
{
"name": "20020422 Pine Internet Advisory: Setuid application execution may give local root in FreeBSD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/268970"
},
{
"name": "20020423 cheers",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/269102"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bsd-suid-apps-gain-privileges(8920)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8920.php"
},
{
"name": "4568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4568"
},
{
"name": "VU#809347",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/809347"
},
{
"name": "6095",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6095"
},
{
"name": "20020422 Pine Internet Advisory: Setuid application execution may give local root in FreeBSD",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0033.html"
},
{
"name": "FreeBSD-SA-02:23",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc"
},
{
"name": "M-072",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/m-072.shtml"
},
{
"name": "20020422 Pine Internet Advisory: Setuid application execution may give local root in FreeBSD",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/268970"
},
{
"name": "20020423 cheers",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/269102"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0572",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-11T00:00:00",
"dateUpdated": "2024-08-08T02:56:37.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6534 (GCVE-0-2023-6534)
Vulnerability from cvelistv5
Published
2023-12-13 08:12
Modified
2025-02-13 17:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2-RELEASE before 13.2-RELEASE-p7 and FreeBSD 12.4-RELEASE before 12.4-RELEASE-p9, the pf(4) packet filter incorrectly validates TCP sequence numbers. This could allow a malicious actor to execute a denial-of-service attack against hosts behind the firewall.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-23:17.pf.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240112-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"pf"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p2",
"status": "affected",
"version": "14.0-RELEASE",
"versionType": "release"
},
{
"lessThan": "p7",
"status": "affected",
"version": "13.2-RELEASE",
"versionType": "release"
},
{
"lessThan": "p9",
"status": "affected",
"version": "12.4-RELEASE",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Yuxiang Yang, Ao Wang, Xuewei Feng, Qi Li and Ke Xu from Tsinghua University"
}
],
"datePublic": "2023-12-05T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2-RELEASE before 13.2-RELEASE-p7 and FreeBSD 12.4-RELEASE before 12.4-RELEASE-p9, the pf(4) packet filter incorrectly validates TCP sequence numbers. \u00a0This could allow a malicious actor to execute a denial-of-service attack against hosts behind the firewall."
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T14:06:22.880Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-23:17.pf.asc"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240112-0007/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TCP spoofing vulnerability in pf(4)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2023-6534",
"datePublished": "2023-12-13T08:12:14.616Z",
"dateReserved": "2023-12-05T19:03:31.535Z",
"dateUpdated": "2025-02-13T17:26:26.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0781 (GCVE-0-1999-0781)
Vulnerability from cvelistv5
Published
2000-04-25 04:00
Modified
2024-08-01 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=91141486301691&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:48:38.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19981118 Multiple KDE security vulnerabilities (root compromise)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=91141486301691\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19981118 Multiple KDE security vulnerabilities (root compromise)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=91141486301691\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19981118 Multiple KDE security vulnerabilities (root compromise)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=91141486301691\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0781",
"datePublished": "2000-04-25T04:00:00",
"dateReserved": "1999-11-25T00:00:00",
"dateUpdated": "2024-08-01T16:48:38.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4809 (GCVE-0-2023-4809)
Vulnerability from cvelistv5
Published
2023-09-06 19:26
Modified
2025-02-13 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-167 - Improper Handling of Additional Special Element
Summary
In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a packet with multiple IPv6 fragment headers would unexpectedly be interpreted as a fragmented packet, rather than as whatever the real payload is.
As a result, IPv6 fragments may bypass pf firewall rules written on the assumption all fragments have been reassembled and, as a result, be forwarded or processed by the host.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:10.pf.asc"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/08/5"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/08/6"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/08/7"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231221-0009/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"pf"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p3",
"status": "affected",
"version": "13.2-RELEASE",
"versionType": "release"
},
{
"lessThan": "p5",
"status": "affected",
"version": "12.4-RELEASE",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Enrico Bassetti bassetti@di.uniroma1.it (NetSecurityLab @ Sapienza University of Rome)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eIn pf packet processing with a \u0027scrub fragment reassemble\u0027 rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a packet with multiple IPv6 fragment headers would unexpectedly be interpreted as a fragmented packet, rather than as whatever the real payload is.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eAs a result, IPv6 fragments may bypass pf firewall rules written on the assumption all fragments have been reassembled and, as a result, be forwarded or processed by the host.\u003c/div\u003e"
}
],
"value": "In pf packet processing with a \u0027scrub fragment reassemble\u0027 rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a packet with multiple IPv6 fragment headers would unexpectedly be interpreted as a fragmented packet, rather than as whatever the real payload is.\n\n\n\n\nAs a result, IPv6 fragments may bypass pf firewall rules written on the assumption all fragments have been reassembled and, as a result, be forwarded or processed by the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-167",
"description": "CWE-167: Improper Handling of Additional Special Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T22:06:15.441Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:10.pf.asc"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/08/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/08/6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/08/7"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231221-0009/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "pf incorrectly handles multiple IPv6 fragment headers",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2023-4809",
"datePublished": "2023-09-06T19:26:45.833Z",
"dateReserved": "2023-09-06T17:11:30.349Z",
"dateUpdated": "2025-02-13T17:18:10.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15876 (GCVE-0-2019-15876)
Vulnerability from cvelistv5
Published
2020-04-28 19:11
Modified
2024-08-05 01:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Missing authorization
Summary
In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r356090, and 11.3-RELEASE before 11.3-RELEASE-p7, driver specific ioctl command handlers in the oce network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to send passthrough commands to the device firmware.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:03:31.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r356090, 11.3-RELEASE before 11.3-RELEASE-p7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r356090, and 11.3-RELEASE before 11.3-RELEASE-p7, driver specific ioctl command handlers in the oce network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to send passthrough commands to the device firmware."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T19:11:39",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2019-15876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r356090, 11.3-RELEASE before 11.3-RELEASE-p7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r356090, and 11.3-RELEASE before 11.3-RELEASE-p7, driver specific ioctl command handlers in the oce network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to send passthrough commands to the device firmware."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc",
"refsource": "CONFIRM",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2019-15876",
"datePublished": "2020-04-28T19:11:39",
"dateReserved": "2019-09-03T00:00:00",
"dateUpdated": "2024-08-05T01:03:31.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0323 (GCVE-0-1999-0323)
Vulnerability from cvelistv5
Published
2000-06-02 04:00
Modified
2024-08-01 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FreeBSD mmap function allows users to modify append-only or immutable files.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1998-003.txt.asc | vendor-advisory, x_refsource_NETBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:34:51.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1998-003",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1998-003.txt.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeBSD mmap function allows users to modify append-only or immutable files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1998-003",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1998-003.txt.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeBSD mmap function allows users to modify append-only or immutable files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1998-003",
"refsource": "NETBSD",
"url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1998-003.txt.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0323",
"datePublished": "2000-06-02T04:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:34:51.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0402 (GCVE-0-2001-0402)
Vulnerability from cvelistv5
Published
2001-09-18 04:00
Modified
2024-08-08 04:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/freebsd/2001-04/0338.html | vendor-advisory, x_refsource_FREEBSD | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6331 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=98679734015538&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-01:32",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2001-04/0338.html"
},
{
"name": "ipfilter-access-ports(6331)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6331"
},
{
"name": "20010408 A fragmentation attack against IP Filter",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98679734015538\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-01:32",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2001-04/0338.html"
},
{
"name": "ipfilter-access-ports(6331)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6331"
},
{
"name": "20010408 A fragmentation attack against IP Filter",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98679734015538\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-01:32",
"refsource": "FREEBSD",
"url": "http://archives.neohapsis.com/archives/freebsd/2001-04/0338.html"
},
{
"name": "ipfilter-access-ports(6331)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6331"
},
{
"name": "20010408 A fragmentation attack against IP Filter",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=98679734015538\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0402",
"datePublished": "2001-09-18T04:00:00",
"dateReserved": "2001-05-24T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4197 (GCVE-0-2008-4197)
Vulnerability from cvelistv5
Published
2008-09-27 00:00
Modified
2024-08-07 10:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:34.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2416",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2416"
},
{
"name": "32538",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32538"
},
{
"name": "opera-shortcuts-code-execution(44552)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44552"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/solaris/952/"
},
{
"name": "1020720",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020720"
},
{
"name": "30768",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30768"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/windows/952/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/linux/952/"
},
{
"name": "[oss-security] 20080923 Re: CVE request: Opera \u003c 9.52 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/24/4"
},
{
"name": "[oss-security] 20080919 CVE request: Opera \u003c 9.52 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/19/2"
},
{
"name": "31549",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31549"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=235298"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/freebsd/952/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/support/search/view/894/"
},
{
"name": "GLSA-200811-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-01.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2416",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2416"
},
{
"name": "32538",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32538"
},
{
"name": "opera-shortcuts-code-execution(44552)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44552"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/solaris/952/"
},
{
"name": "1020720",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020720"
},
{
"name": "30768",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30768"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/windows/952/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/linux/952/"
},
{
"name": "[oss-security] 20080923 Re: CVE request: Opera \u003c 9.52 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/24/4"
},
{
"name": "[oss-security] 20080919 CVE request: Opera \u003c 9.52 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/19/2"
},
{
"name": "31549",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31549"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=235298"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/freebsd/952/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/support/search/view/894/"
},
{
"name": "GLSA-200811-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200811-01.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2416",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2416"
},
{
"name": "32538",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32538"
},
{
"name": "opera-shortcuts-code-execution(44552)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44552"
},
{
"name": "http://www.opera.com/docs/changelogs/solaris/952/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/solaris/952/"
},
{
"name": "1020720",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020720"
},
{
"name": "30768",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30768"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/952/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/952/"
},
{
"name": "http://www.opera.com/docs/changelogs/linux/952/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/linux/952/"
},
{
"name": "[oss-security] 20080923 Re: CVE request: Opera \u003c 9.52 multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/24/4"
},
{
"name": "[oss-security] 20080919 CVE request: Opera \u003c 9.52 multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/19/2"
},
{
"name": "31549",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31549"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=235298",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=235298"
},
{
"name": "http://www.opera.com/docs/changelogs/freebsd/952/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/freebsd/952/"
},
{
"name": "http://www.opera.com/support/search/view/894/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/search/view/894/"
},
{
"name": "GLSA-200811-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200811-01.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4197",
"datePublished": "2008-09-27T00:00:00",
"dateReserved": "2008-09-23T00:00:00",
"dateUpdated": "2024-08-07T10:08:34.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12900 (GCVE-0-2019-12900)
Vulnerability from cvelistv5
Published
2019-06-19 22:07
Modified
2025-06-09 15:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"
},
{
"name": "USN-4038-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4038-2/"
},
{
"name": "USN-4038-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4038-1/"
},
{
"name": "20190715 [slackware-security] bzip2 (SSA:2019-195-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/22"
},
{
"name": "[debian-lts-announce] 20190718 [SECURITY] [DLA 1833-2] bzip2 regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html"
},
{
"name": "openSUSE-SU-2019:1781",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html"
},
{
"name": "FreeBSD-SA-19:18",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"
},
{
"name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/4"
},
{
"name": "openSUSE-SU-2019:1918",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html"
},
{
"name": "USN-4146-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4146-1/"
},
{
"name": "USN-4146-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4146-2/"
},
{
"name": "[debian-lts-announce] 20191010 [SECURITY] [DLA 1953-1] clamav security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html"
},
{
"name": "[debian-lts-announce] 20191014 [SECURITY] [DLA 1953-2] clamav regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html"
},
{
"name": "openSUSE-SU-2019:2595",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"
},
{
"name": "openSUSE-SU-2019:2597",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"
},
{
"name": "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "[flink-user] 20210716 Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-user] 20210717 Re: Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-12900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:54:12.653578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:57:25.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-17T13:06:11.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"
},
{
"name": "USN-4038-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4038-2/"
},
{
"name": "USN-4038-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4038-1/"
},
{
"name": "20190715 [slackware-security] bzip2 (SSA:2019-195-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/22"
},
{
"name": "[debian-lts-announce] 20190718 [SECURITY] [DLA 1833-2] bzip2 regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html"
},
{
"name": "openSUSE-SU-2019:1781",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html"
},
{
"name": "FreeBSD-SA-19:18",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"
},
{
"name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/4"
},
{
"name": "openSUSE-SU-2019:1918",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html"
},
{
"name": "USN-4146-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4146-1/"
},
{
"name": "USN-4146-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4146-2/"
},
{
"name": "[debian-lts-announce] 20191010 [SECURITY] [DLA 1953-1] clamav security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html"
},
{
"name": "[debian-lts-announce] 20191014 [SECURITY] [DLA 1953-2] clamav regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html"
},
{
"name": "openSUSE-SU-2019:2595",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"
},
{
"name": "openSUSE-SU-2019:2597",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"
},
{
"name": "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "[flink-user] 20210716 Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-user] 20210717 Re: Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"
},
{
"name": "USN-4038-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4038-2/"
},
{
"name": "USN-4038-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4038-1/"
},
{
"name": "20190715 [slackware-security] bzip2 (SSA:2019-195-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/22"
},
{
"name": "[debian-lts-announce] 20190718 [SECURITY] [DLA 1833-2] bzip2 regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html"
},
{
"name": "openSUSE-SU-2019:1781",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html"
},
{
"name": "FreeBSD-SA-19:18",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"
},
{
"name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/4"
},
{
"name": "openSUSE-SU-2019:1918",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html"
},
{
"name": "USN-4146-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4146-1/"
},
{
"name": "USN-4146-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4146-2/"
},
{
"name": "[debian-lts-announce] 20191010 [SECURITY] [DLA 1953-1] clamav security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html"
},
{
"name": "[debian-lts-announce] 20191014 [SECURITY] [DLA 1953-2] clamav regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html"
},
{
"name": "openSUSE-SU-2019:2595",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"
},
{
"name": "openSUSE-SU-2019:2597",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"
},
{
"name": "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b@%3Cusers.kafka.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"
},
{
"name": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"
},
{
"name": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc",
"refsource": "MISC",
"url": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc"
},
{
"name": "https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "[flink-user] 20210716 Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4@%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-user] 20210717 Re: Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774@%3Cuser.flink.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12900",
"datePublished": "2019-06-19T22:07:57.000Z",
"dateReserved": "2019-06-19T00:00:00.000Z",
"dateUpdated": "2025-06-09T15:57:25.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10566 (GCVE-0-2020-10566)
Vulnerability from cvelistv5
Published
2020-03-14 00:52
Modified
2024-08-04 11:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://svnweb.freebsd.org/ports?view=revision&revision=525916 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:09.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://svnweb.freebsd.org/ports?view=revision\u0026revision=525916"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-14T00:52:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://svnweb.freebsd.org/ports?view=revision\u0026revision=525916"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://svnweb.freebsd.org/ports?view=revision\u0026revision=525916",
"refsource": "MISC",
"url": "https://svnweb.freebsd.org/ports?view=revision\u0026revision=525916"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10566",
"datePublished": "2020-03-14T00:52:53",
"dateReserved": "2020-03-14T00:00:00",
"dateUpdated": "2024-08-04T11:06:09.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0230 (GCVE-0-2001-0230)
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 04:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly other operating systems, allows local users to gain privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/freebsd/2001-02/0083.html | vendor-advisory, x_refsource_FREEBSD | |
| http://www.osvdb.org/6081 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6077 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:14:07.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-01:22",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2001-02/0083.html"
},
{
"name": "6081",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6081"
},
{
"name": "dc20ctrl-port-bo(6077)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6077"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly other operating systems, allows local users to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-01:22",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2001-02/0083.html"
},
{
"name": "6081",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6081"
},
{
"name": "dc20ctrl-port-bo(6077)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6077"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly other operating systems, allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-01:22",
"refsource": "FREEBSD",
"url": "http://archives.neohapsis.com/archives/freebsd/2001-02/0083.html"
},
{
"name": "6081",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6081"
},
{
"name": "dc20ctrl-port-bo(6077)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6077"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0230",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2001-03-08T00:00:00",
"dateUpdated": "2024-08-08T04:14:07.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0729 (GCVE-0-2000-0729)
Vulnerability from cvelistv5
Published
2001-01-22 05:00
Modified
2024-08-08 05:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/freebsd/2000-08/0337.html | vendor-advisory, x_refsource_FREEBSD | |
| http://www.osvdb.org/1534 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5967 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/1625 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:28:41.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-00:41",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2000-08/0337.html"
},
{
"name": "1534",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1534"
},
{
"name": "freebsd-elf-dos(5967)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5967"
},
{
"name": "1625",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1625"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-00:41",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2000-08/0337.html"
},
{
"name": "1534",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1534"
},
{
"name": "freebsd-elf-dos(5967)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5967"
},
{
"name": "1625",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1625"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-00:41",
"refsource": "FREEBSD",
"url": "http://archives.neohapsis.com/archives/freebsd/2000-08/0337.html"
},
{
"name": "1534",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1534"
},
{
"name": "freebsd-elf-dos(5967)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5967"
},
{
"name": "1625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1625"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0729",
"datePublished": "2001-01-22T05:00:00",
"dateReserved": "2000-09-19T00:00:00",
"dateUpdated": "2024-08-08T05:28:41.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5368 (GCVE-0-2023-5368)
Vulnerability from cvelistv5
Published
2023-10-04 03:38
Modified
2024-08-02 07:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Summary
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes.
This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:43.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231124-0004/"
},
{
"tags": [
"x_transferred"
],
"url": "https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"msdosfs"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p4",
"status": "affected",
"version": "13.2-RELEASE",
"versionType": "release"
},
{
"lessThan": "p6",
"status": "affected",
"version": "12.4-RELEASE",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Maxim Suhanov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn an msdosfs filesystem, the \u0027truncate\u0027 or \u0027ftruncate\u0027 system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes.\u003c/p\u003e\u003cp\u003eThis may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).\u003c/p\u003e"
}
],
"value": "On an msdosfs filesystem, the \u0027truncate\u0027 or \u0027ftruncate\u0027 system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes.\n\nThis may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-29T20:59:57.519Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231124-0004/"
},
{
"url": "https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "msdosfs data disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2023-5368",
"datePublished": "2023-10-04T03:38:09.357Z",
"dateReserved": "2023-10-03T21:14:20.733Z",
"dateUpdated": "2024-08-02T07:59:43.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5608 (GCVE-0-2019-5608)
Vulnerability from cvelistv5
Published
2019-08-29 21:54
Modified
2024-08-04 20:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Out of bounds read
Summary
In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-19:19.mldv2.asc | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20190910-0002/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:19.mldv2.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190910-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before 12.0-RELEASE-p9"
},
{
"status": "affected",
"version": "before 11.3-RELEASE-p2"
},
{
"status": "affected",
"version": "and before 11.2-RELEASE-p13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out of bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-10T14:06:14",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:19.mldv2.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190910-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2019-5608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "before 12.0-RELEASE-p9"
},
{
"version_value": "before 11.3-RELEASE-p2"
},
{
"version_value": "and before 11.2-RELEASE-p13"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out of bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:19.mldv2.asc",
"refsource": "CONFIRM",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:19.mldv2.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190910-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190910-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2019-5608",
"datePublished": "2019-08-29T21:54:22",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:51.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1073 (GCVE-0-2011-1073)
Vulnerability from cvelistv5
Published
2011-03-04 22:00
Modified
2024-08-06 22:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/65899 | vdb-entry, x_refsource_XF | |
| http://openwall.com/lists/oss-security/2011/02/28/14 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/46604 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/8117 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/516716/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://openwall.com/lists/oss-security/2011/02/28/6 | mailing-list, x_refsource_MLIST | |
| http://marc.info/?l=full-disclosure&m=129891323028897&w=2 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "freebsd-realpath-info-disc(65899)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65899"
},
{
"name": "[oss-security] 20110228 Re: CVE request: FreeBSD/OS X crontab information leakage",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/14"
},
{
"name": "46604",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46604"
},
{
"name": "8117",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8117"
},
{
"name": "20110228 FreeBSD crontab information leakage",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516716/100/0/threaded"
},
{
"name": "[oss-security] 20110228 CVE request: FreeBSD/OS X crontab information leakage",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/6"
},
{
"name": "20110228 FreeBSD crontab information leakage",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=129891323028897\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "freebsd-realpath-info-disc(65899)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65899"
},
{
"name": "[oss-security] 20110228 Re: CVE request: FreeBSD/OS X crontab information leakage",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/14"
},
{
"name": "46604",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46604"
},
{
"name": "8117",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8117"
},
{
"name": "20110228 FreeBSD crontab information leakage",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516716/100/0/threaded"
},
{
"name": "[oss-security] 20110228 CVE request: FreeBSD/OS X crontab information leakage",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/6"
},
{
"name": "20110228 FreeBSD crontab information leakage",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=129891323028897\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "freebsd-realpath-info-disc(65899)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65899"
},
{
"name": "[oss-security] 20110228 Re: CVE request: FreeBSD/OS X crontab information leakage",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/28/14"
},
{
"name": "46604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46604"
},
{
"name": "8117",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8117"
},
{
"name": "20110228 FreeBSD crontab information leakage",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516716/100/0/threaded"
},
{
"name": "[oss-security] 20110228 CVE request: FreeBSD/OS X crontab information leakage",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/28/6"
},
{
"name": "20110228 FreeBSD crontab information leakage",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=129891323028897\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1073",
"datePublished": "2011-03-04T22:00:00",
"dateReserved": "2011-02-24T00:00:00",
"dateUpdated": "2024-08-06T22:14:27.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2393 (GCVE-0-2011-2393)
Vulnerability from cvelistv5
Published
2012-02-02 17:00
Modified
2024-09-16 20:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, a similar vulnerability to CVE-2010-4670.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2011/Apr/86 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:33.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt"
},
{
"name": "20110405 ICMPv6 Router Announcement flooding denial of service affecting multiple systems",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2011/Apr/86"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, a similar vulnerability to CVE-2010-4670."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-02T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt"
},
{
"name": "20110405 ICMPv6 Router Announcement flooding denial of service affecting multiple systems",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2011/Apr/86"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, a similar vulnerability to CVE-2010-4670."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt",
"refsource": "MISC",
"url": "http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt"
},
{
"name": "20110405 ICMPv6 Router Announcement flooding denial of service affecting multiple systems",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2011/Apr/86"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2393",
"datePublished": "2012-02-02T17:00:00Z",
"dateReserved": "2011-06-05T00:00:00Z",
"dateUpdated": "2024-09-16T20:32:12.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6559 (GCVE-0-2016-6559)
Vulnerability from cvelistv5
Published
2018-07-13 20:00
Modified
2024-08-06 01:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1037398 | vdb-entry, x_refsource_SECTRACK | |
| https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc | vendor-advisory, x_refsource_FREEBSD | |
| https://www.kb.cert.org/vuls/id/548487 | third-party-advisory, x_refsource_CERT-VN | |
| https://www.securityfocus.com/bid/94694 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BSD | libc library |
Version: link_ntoa() |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:29.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1037398",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037398"
},
{
"name": "FreeBSD-SA-16:37",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc"
},
{
"name": "VU#548487",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/548487"
},
{
"name": "94694",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/94694"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libc library",
"vendor": "BSD",
"versions": [
{
"status": "affected",
"version": "link_ntoa()"
}
]
}
],
"datePublic": "2016-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-14T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "1037398",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037398"
},
{
"name": "FreeBSD-SA-16:37",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc"
},
{
"name": "VU#548487",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/548487"
},
{
"name": "94694",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "https://www.securityfocus.com/bid/94694"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The BSD libc library\u0027s link_ntoa() function may be vulnerable to a classic buffer overflow",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6559",
"STATE": "PUBLIC",
"TITLE": "The BSD libc library\u0027s link_ntoa() function may be vulnerable to a classic buffer overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libc library",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "link_ntoa()",
"version_value": "link_ntoa()"
}
]
}
}
]
},
"vendor_name": "BSD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037398",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037398"
},
{
"name": "FreeBSD-SA-16:37",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc"
},
{
"name": "VU#548487",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/548487"
},
{
"name": "94694",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/94694"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-6559",
"datePublished": "2018-07-13T20:00:00",
"dateReserved": "2016-08-03T00:00:00",
"dateUpdated": "2024-08-06T01:36:29.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0055 (GCVE-0-2006-0055)
Vulnerability from cvelistv5
Published
2006-01-11 21:00
Modified
2024-08-07 16:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/16207 | vdb-entry, x_refsource_BID | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:02.ee.asc | vendor-advisory, x_refsource_FREEBSD | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24074 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1015469 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/22320 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/18404 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16207",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16207"
},
{
"name": "FreeBSD-SA-06:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:02.ee.asc"
},
{
"name": "ee-ispell-op-symlink(24074)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24074"
},
{
"name": "1015469",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015469"
},
{
"name": "22320",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22320"
},
{
"name": "18404",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18404"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "16207",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16207"
},
{
"name": "FreeBSD-SA-06:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:02.ee.asc"
},
{
"name": "ee-ispell-op-symlink(24074)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24074"
},
{
"name": "1015469",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015469"
},
{
"name": "22320",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22320"
},
{
"name": "18404",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18404"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2006-0055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16207",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16207"
},
{
"name": "FreeBSD-SA-06:02",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:02.ee.asc"
},
{
"name": "ee-ispell-op-symlink(24074)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24074"
},
{
"name": "1015469",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015469"
},
{
"name": "22320",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22320"
},
{
"name": "18404",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18404"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2006-0055",
"datePublished": "2006-01-11T21:00:00",
"dateReserved": "2005-12-30T00:00:00",
"dateUpdated": "2024-08-07T16:18:20.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4210 (GCVE-0-2010-4210)
Vulnerability from cvelistv5
Published
2010-11-20 20:00
Modified
2024-08-07 03:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x before 8.0-RC1 unlocks a mutex that was not previously locked, which allows local users to cause a denial of service (kernel panic), overwrite arbitrary memory locations, and possibly execute arbitrary code via vectors related to opening a file on a file system that uses pseudofs.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2010/2956 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1024724 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/42200 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/63218 | vdb-entry, x_refsource_XF | |
| https://www.exploit-db.com/exploits/15206/ | exploit, x_refsource_EXPLOIT-DB | |
| http://security.FreeBSD.org/advisories/FreeBSD-SA-10:09.pseudofs.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-2956",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2956"
},
{
"name": "1024724",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024724"
},
{
"name": "42200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42200"
},
{
"name": "freebsd-pfsgetextattr-dos(63218)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63218"
},
{
"name": "15206",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/15206/"
},
{
"name": "FreeBSD-SA-10:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:09.pseudofs.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x before 8.0-RC1 unlocks a mutex that was not previously locked, which allows local users to cause a denial of service (kernel panic), overwrite arbitrary memory locations, and possibly execute arbitrary code via vectors related to opening a file on a file system that uses pseudofs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2010-2956",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2956"
},
{
"name": "1024724",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024724"
},
{
"name": "42200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42200"
},
{
"name": "freebsd-pfsgetextattr-dos(63218)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63218"
},
{
"name": "15206",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/15206/"
},
{
"name": "FreeBSD-SA-10:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:09.pseudofs.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x before 8.0-RC1 unlocks a mutex that was not previously locked, which allows local users to cause a denial of service (kernel panic), overwrite arbitrary memory locations, and possibly execute arbitrary code via vectors related to opening a file on a file system that uses pseudofs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2956",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2956"
},
{
"name": "1024724",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024724"
},
{
"name": "42200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42200"
},
{
"name": "freebsd-pfsgetextattr-dos(63218)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63218"
},
{
"name": "15206",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/15206/"
},
{
"name": "FreeBSD-SA-10:09",
"refsource": "FREEBSD",
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:09.pseudofs.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4210",
"datePublished": "2010-11-20T20:00:00",
"dateReserved": "2010-11-07T00:00:00",
"dateUpdated": "2024-08-07T03:34:37.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2068 (GCVE-0-2005-2068)
Vulnerability from cvelistv5
Published
2005-06-30 04:00
Modified
2024-09-16 16:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers to modify certain TCP options via a TCP packet with the SYN flag set for an already established session.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:36.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-05:15",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers to modify certain TCP options via a TCP packet with the SYN flag set for an already established session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-30T04:00:00Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "FreeBSD-SA-05:15",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2005-2068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers to modify certain TCP options via a TCP packet with the SYN flag set for an already established session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-05:15",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2005-2068",
"datePublished": "2005-06-30T04:00:00Z",
"dateReserved": "2005-06-29T00:00:00Z",
"dateUpdated": "2024-09-16T16:53:31.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23092 (GCVE-0-2022-23092)
Vulnerability from cvelistv5
Published
2024-02-15 05:13
Modified
2025-02-13 16:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The implementation of lib9p's handling of RWALK messages was missing a bounds check needed when unpacking the message contents. The missing check means that the receipt of a specially crafted message will cause lib9p to overwrite unrelated memory.
The bug can be triggered by a malicious bhyve guest kernel to overwrite memory in the bhyve(8) process. This could potentially lead to user-mode code execution on the host, subject to bhyve's Capsicum sandbox.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:43.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:12.lib9p.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240415-0009/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freebsd",
"vendor": "freebsd",
"versions": [
{
"lessThan": "p1",
"status": "affected",
"version": "13.1-release",
"versionType": "custom"
},
{
"lessThan": "p12",
"status": "affected",
"version": "13.0-release",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-23092",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-15T16:43:44.126625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T18:40:51.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"lib9p"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p1",
"status": "affected",
"version": "13.1-RELEASE",
"versionType": "release"
},
{
"lessThan": "p12",
"status": "affected",
"version": "13.0-RELEASE",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Robert Morris"
}
],
"datePublic": "2022-08-09T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The implementation of lib9p\u0027s handling of RWALK messages was missing a bounds check needed when unpacking the message contents. The missing check means that the receipt of a specially crafted message will cause lib9p to overwrite unrelated memory.\n\nThe bug can be triggered by a malicious bhyve guest kernel to overwrite memory in the bhyve(8) process. This could potentially lead to user-mode code execution on the host, subject to bhyve\u0027s Capsicum sandbox."
}
],
"providerMetadata": {
"dateUpdated": "2024-04-15T15:06:21.396Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:12.lib9p.asc"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240415-0009/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing bounds check in 9p message handling",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2022-23092",
"datePublished": "2024-02-15T05:13:50.356Z",
"dateReserved": "2022-01-10T22:07:46.042Z",
"dateUpdated": "2025-02-13T16:29:03.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45287 (GCVE-0-2024-45287)
Vulnerability from cvelistv5
Published
2024-09-05 03:18
Modified
2024-09-26 15:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.freebsd.org/advisories/FreeBSD-SA-24:09.libnv.asc | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freebsd",
"vendor": "freebsd",
"versions": [
{
"lessThan": "14.1_p4",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "14.0_p10",
"status": "affected",
"version": "14.0",
"versionType": "custom"
},
{
"lessThan": "13.3_p6",
"status": "affected",
"version": "13.3",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45287",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T13:16:32.402606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T13:16:36.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-26T15:03:11.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240926-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"libnv"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p4",
"status": "affected",
"version": "14.1-RELEASE",
"versionType": "release"
},
{
"lessThan": "p10",
"status": "affected",
"version": "14.0-RELEASE",
"versionType": "release"
},
{
"lessThan": "p6",
"status": "affected",
"version": "13.3-RELEASE",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Synacktiv"
},
{
"lang": "en",
"type": "finder",
"value": "Taylor R Campbell (NetBSD)"
}
],
"datePublic": "2024-09-04T23:37:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "CWE-131 Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T03:18:16.076Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:09.libnv.asc"
}
],
"title": "Multiple vulnerabilities in libnv"
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2024-45287",
"datePublished": "2024-09-05T03:18:16.076Z",
"dateReserved": "2024-08-26T14:20:00.870Z",
"dateUpdated": "2024-09-26T15:03:11.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0424 (GCVE-0-2001-0424)
Vulnerability from cvelistv5
Published
2001-05-24 04:00
Modified
2024-08-08 04:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/2609 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=98744422105430&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:37.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2609",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2609"
},
{
"name": "20010415 BubbleMon 1.31",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98744422105430\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2609",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2609"
},
{
"name": "20010415 BubbleMon 1.31",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98744422105430\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2609"
},
{
"name": "20010415 BubbleMon 1.31",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=98744422105430\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0424",
"datePublished": "2001-05-24T04:00:00",
"dateReserved": "2001-05-24T00:00:00",
"dateUpdated": "2024-08-08T04:21:37.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8613 (GCVE-0-2014-8613)
Vulnerability from cvelistv5
Published
2015-02-02 16:00
Modified
2024-08-06 13:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The sctp module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted RE_CONFIG chunk.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/72345 | vdb-entry, x_refsource_BID | |
| https://www.freebsd.org/security/advisories/FreeBSD-SA-15:03.sctp.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.securitytracker.com/id/1031649 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:02.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "72345",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72345"
},
{
"name": "FreeBSD-SA-15:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:03.sctp.asc"
},
{
"name": "1031649",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031649"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The sctp module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted RE_CONFIG chunk."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-02T15:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "72345",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72345"
},
{
"name": "FreeBSD-SA-15:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:03.sctp.asc"
},
{
"name": "1031649",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031649"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sctp module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted RE_CONFIG chunk."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "72345",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72345"
},
{
"name": "FreeBSD-SA-15:03",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:03.sctp.asc"
},
{
"name": "1031649",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031649"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8613",
"datePublished": "2015-02-02T16:00:00",
"dateReserved": "2014-11-04T00:00:00",
"dateUpdated": "2024-08-06T13:26:02.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0761 (GCVE-0-1999-0761)
Vulnerability from cvelistv5
Published
2000-01-04 05:00
Modified
2024-08-01 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/644 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/1074 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:48:37.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "644",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/644"
},
{
"name": "1074",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1074"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "644",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/644"
},
{
"name": "1074",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1074"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "644",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/644"
},
{
"name": "1074",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1074"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0761",
"datePublished": "2000-01-04T05:00:00",
"dateReserved": "1999-11-25T00:00:00",
"dateUpdated": "2024-08-01T16:48:37.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7453 (GCVE-0-2020-7453)
Vulnerability from cvelistv5
Published
2020-04-28 23:36
Modified
2024-08-04 09:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Null Termination
Summary
In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r359020, and 11.3-RELEASE before 11.3-RELEASE-p7, a missing null termination check in the jail_set configuration option "osrelease" may return more bytes with a subsequent jail_get system call allowing a malicious jail superuser with permission to create nested jails to read kernel memory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-20:08.jail.asc | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:08.jail.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r359020, 11.3-RELEASE before 11.3-RELEASE-p7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r359020, and 11.3-RELEASE before 11.3-RELEASE-p7, a missing null termination check in the jail_set configuration option \"osrelease\" may return more bytes with a subsequent jail_get system call allowing a malicious jail superuser with permission to create nested jails to read kernel memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Null Termination",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T23:36:45",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:08.jail.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2020-7453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r359020, 11.3-RELEASE before 11.3-RELEASE-p7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r359020, and 11.3-RELEASE before 11.3-RELEASE-p7, a missing null termination check in the jail_set configuration option \"osrelease\" may return more bytes with a subsequent jail_get system call allowing a malicious jail superuser with permission to create nested jails to read kernel memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Null Termination"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:08.jail.asc",
"refsource": "CONFIRM",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:08.jail.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2020-7453",
"datePublished": "2020-04-28T23:36:45",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:25:49.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6165 (GCVE-0-2006-6165)
Vulnerability from cvelistv5
Published
2006-11-29 01:00
Modified
2025-01-17 14:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/452428/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/452371/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:34.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061123 Re: Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/452428/100/0/threaded"
},
{
"name": "20061122 Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/452371/100/0/threaded"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2006-6165",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-15T19:58:55.438328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T14:08:58.926Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061123 Re: Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/452428/100/0/threaded"
},
{
"name": "20061122 Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/452371/100/0/threaded"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061123 Re: Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452428/100/0/threaded"
},
{
"name": "20061122 Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452371/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6165",
"datePublished": "2006-11-29T01:00:00",
"dateReserved": "2006-11-28T00:00:00",
"dateUpdated": "2025-01-17T14:08:58.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29631 (GCVE-0-2021-29631)
Vulnerability from cvelistv5
Published
2021-08-30 18:00
Modified
2024-08-03 22:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use of Uninitialized Resource
Summary
In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models in bhyve failed to handle errors when fetching I/O descriptors. A malicious guest may cause the device model to operate on uninitialized I/O vectors leading to memory corruption, crashing of the bhyve process, and possibly arbitrary code execution in the bhyve process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-21:13.bhyve.asc | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210923-0004/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:06.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:13.bhyve.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210923-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FreeBSD 13.0-RELEASE before p4, 12.2-RELEASE before p10, 11.4-RELEASE before p13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models in bhyve failed to handle errors when fetching I/O descriptors. A malicious guest may cause the device model to operate on uninitialized I/O vectors leading to memory corruption, crashing of the bhyve process, and possibly arbitrary code execution in the bhyve process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Uninitialized Resource",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T12:06:45",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:13.bhyve.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210923-0004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2021-29631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 13.0-RELEASE before p4, 12.2-RELEASE before p10, 11.4-RELEASE before p13"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models in bhyve failed to handle errors when fetching I/O descriptors. A malicious guest may cause the device model to operate on uninitialized I/O vectors leading to memory corruption, crashing of the bhyve process, and possibly arbitrary code execution in the bhyve process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Uninitialized Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:13.bhyve.asc",
"refsource": "MISC",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:13.bhyve.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210923-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210923-0004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2021-29631",
"datePublished": "2021-08-30T18:00:15",
"dateReserved": "2021-03-30T00:00:00",
"dateUpdated": "2024-08-03T22:11:06.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2143 (GCVE-0-2012-2143)
Vulnerability from cvelistv5
Published
2012-07-05 14:00
Modified
2024-08-06 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-4.html"
},
{
"name": "SUSE-SU-2012:0840",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html"
},
{
"name": "FreeBSD-SA-12:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc"
},
{
"name": "50718",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50718"
},
{
"name": "FEDORA-2012-8924",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html"
},
{
"name": "FEDORA-2012-8893",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=816956"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/support/security/"
},
{
"name": "DSA-2491",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2491"
},
{
"name": "1026995",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026995"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aab49e934de1fff046e659cbec46e3d053b41c34"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/8.3/static/release-8-3-19.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-12.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.postgresql.org/gitweb/?p=postgresql.git\u0026a=commit\u0026h=932ded2ed51e8333852e370c7a6dad75d9f236f9"
},
{
"name": "APPLE-SA-2012-09-19-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5501"
},
{
"name": "RHSA-2012:1037",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1037.html"
},
{
"name": "FEDORA-2012-8915",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html"
},
{
"name": "MDVSA-2012:092",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:092"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-8.html"
},
{
"name": "openSUSE-SU-2012:1251",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html"
},
{
"name": "openSUSE-SU-2012:1288",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html"
},
{
"name": "49304",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49304"
},
{
"name": "openSUSE-SU-2012:1299",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-4.html"
},
{
"name": "SUSE-SU-2012:0840",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html"
},
{
"name": "FreeBSD-SA-12:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc"
},
{
"name": "50718",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50718"
},
{
"name": "FEDORA-2012-8924",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html"
},
{
"name": "FEDORA-2012-8893",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=816956"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/support/security/"
},
{
"name": "DSA-2491",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2491"
},
{
"name": "1026995",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026995"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aab49e934de1fff046e659cbec46e3d053b41c34"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/8.3/static/release-8-3-19.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-12.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.postgresql.org/gitweb/?p=postgresql.git\u0026a=commit\u0026h=932ded2ed51e8333852e370c7a6dad75d9f236f9"
},
{
"name": "APPLE-SA-2012-09-19-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5501"
},
{
"name": "RHSA-2012:1037",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1037.html"
},
{
"name": "FEDORA-2012-8915",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html"
},
{
"name": "MDVSA-2012:092",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:092"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-8.html"
},
{
"name": "openSUSE-SU-2012:1251",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html"
},
{
"name": "openSUSE-SU-2012:1288",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html"
},
{
"name": "49304",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49304"
},
{
"name": "openSUSE-SU-2012:1299",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.postgresql.org/docs/9.1/static/release-9-1-4.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-4.html"
},
{
"name": "SUSE-SU-2012:0840",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html"
},
{
"name": "FreeBSD-SA-12:02",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc"
},
{
"name": "50718",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50718"
},
{
"name": "FEDORA-2012-8924",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html"
},
{
"name": "FEDORA-2012-8893",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=816956",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=816956"
},
{
"name": "http://www.postgresql.org/support/security/",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/support/security/"
},
{
"name": "DSA-2491",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2491"
},
{
"name": "1026995",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026995"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=aab49e934de1fff046e659cbec46e3d053b41c34",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=aab49e934de1fff046e659cbec46e3d053b41c34"
},
{
"name": "http://www.postgresql.org/docs/8.3/static/release-8-3-19.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/8.3/static/release-8-3-19.html"
},
{
"name": "http://www.postgresql.org/docs/8.4/static/release-8-4-12.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-12.html"
},
{
"name": "http://git.postgresql.org/gitweb/?p=postgresql.git\u0026a=commit\u0026h=932ded2ed51e8333852e370c7a6dad75d9f236f9",
"refsource": "CONFIRM",
"url": "http://git.postgresql.org/gitweb/?p=postgresql.git\u0026a=commit\u0026h=932ded2ed51e8333852e370c7a6dad75d9f236f9"
},
{
"name": "APPLE-SA-2012-09-19-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"name": "http://support.apple.com/kb/HT5501",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5501"
},
{
"name": "RHSA-2012:1037",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1037.html"
},
{
"name": "FEDORA-2012-8915",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html"
},
{
"name": "MDVSA-2012:092",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:092"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "http://www.postgresql.org/docs/9.0/static/release-9-0-8.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-8.html"
},
{
"name": "openSUSE-SU-2012:1251",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html"
},
{
"name": "openSUSE-SU-2012:1288",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html"
},
{
"name": "49304",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49304"
},
{
"name": "openSUSE-SU-2012:1299",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2143",
"datePublished": "2012-07-05T14:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1935 (GCVE-0-2009-1935)
Vulnerability from cvelistv5
Published
2009-06-18 18:00
Modified
2024-08-07 05:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the pipe_build_write_buffer function (sys/kern/sys_pipe.c) in the direct write optimization feature in the pipe implementation in FreeBSD 7.1 through 7.2 and 6.3 through 6.4 allows local users to bypass virtual-to-physical address lookups and read sensitive information in memory pages via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/51109 | vdb-entry, x_refsource_XF | |
| http://security.freebsd.org/patches/SA-09:09/pipe.patch | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/35279 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/35398 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/55044 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id?1022365 | vdb-entry, x_refsource_SECTRACK | |
| http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "freebsd-directpipe-info-disclosure(51109)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51109"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.freebsd.org/patches/SA-09:09/pipe.patch"
},
{
"name": "35279",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35279"
},
{
"name": "35398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35398"
},
{
"name": "55044",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55044"
},
{
"name": "1022365",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022365"
},
{
"name": "FreeBSD-SA-09:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the pipe_build_write_buffer function (sys/kern/sys_pipe.c) in the direct write optimization feature in the pipe implementation in FreeBSD 7.1 through 7.2 and 6.3 through 6.4 allows local users to bypass virtual-to-physical address lookups and read sensitive information in memory pages via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "freebsd-directpipe-info-disclosure(51109)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51109"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.freebsd.org/patches/SA-09:09/pipe.patch"
},
{
"name": "35279",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35279"
},
{
"name": "35398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35398"
},
{
"name": "55044",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55044"
},
{
"name": "1022365",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022365"
},
{
"name": "FreeBSD-SA-09:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2009-1935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the pipe_build_write_buffer function (sys/kern/sys_pipe.c) in the direct write optimization feature in the pipe implementation in FreeBSD 7.1 through 7.2 and 6.3 through 6.4 allows local users to bypass virtual-to-physical address lookups and read sensitive information in memory pages via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "freebsd-directpipe-info-disclosure(51109)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51109"
},
{
"name": "http://security.freebsd.org/patches/SA-09:09/pipe.patch",
"refsource": "CONFIRM",
"url": "http://security.freebsd.org/patches/SA-09:09/pipe.patch"
},
{
"name": "35279",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35279"
},
{
"name": "35398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35398"
},
{
"name": "55044",
"refsource": "OSVDB",
"url": "http://osvdb.org/55044"
},
{
"name": "1022365",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022365"
},
{
"name": "FreeBSD-SA-09:09",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2009-1935",
"datePublished": "2009-06-18T18:00:00",
"dateReserved": "2009-06-05T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0032 (GCVE-0-1999-0032)
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://patches.sgi.com/support/free/security/advisories/19980402-01-PX | vendor-advisory, x_refsource_SGI | |
| http://www.securityfocus.com/bid/707 | vdb-entry, x_refsource_BID | |
| http://www.ciac.org/ciac/bulletins/i-042.shtml | third-party-advisory, government-resource, x_refsource_CIAC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:27:57.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19980402-01-PX",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/19980402-01-PX"
},
{
"name": "707",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/707"
},
{
"name": "I-042",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/i-042.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1996-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19980402-01-PX",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/19980402-01-PX"
},
{
"name": "707",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/707"
},
{
"name": "I-042",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/i-042.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19980402-01-PX",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/19980402-01-PX"
},
{
"name": "707",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/707"
},
{
"name": "I-042",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/i-042.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0032",
"datePublished": "1999-09-29T04:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:27:57.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1017 (GCVE-0-2001-1017)
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-08 04:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/3282 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7086 | vdb-entry, x_refsource_XF | |
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:59.rmuser.v1.1.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.osvdb.org/1947 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:06.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3282",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3282"
},
{
"name": "rmuser-insecure-password-file(7086)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7086"
},
{
"name": "FreeBSD-SA-01:59",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:59.rmuser.v1.1.asc"
},
{
"name": "1947",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1947"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-06T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3282",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3282"
},
{
"name": "rmuser-insecure-password-file(7086)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7086"
},
{
"name": "FreeBSD-SA-01:59",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:59.rmuser.v1.1.asc"
},
{
"name": "1947",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1947"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3282"
},
{
"name": "rmuser-insecure-password-file(7086)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7086"
},
{
"name": "FreeBSD-SA-01:59",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:59.rmuser.v1.1.asc"
},
{
"name": "1947",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1947"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1017",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2002-01-31T00:00:00",
"dateUpdated": "2024-08-08T04:44:06.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0037 (GCVE-0-1999-0037)
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0037 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:27:57.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0037"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary command execution via metamail package using message headers, when user processes attacker\u0027s message using metamail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T06:29:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0037"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary command execution via metamail package using message headers, when user processes attacker\u0027s message using metamail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0037",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0037"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0037",
"datePublished": "1999-09-29T04:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:27:57.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9494 (GCVE-0-2019-9494)
Vulnerability from cvelistv5
Published
2019-04-17 13:31
Modified
2024-08-04 21:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Wi-Fi Alliance | hostapd with SAE support |
Version: 2.7 < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://w1.fi/security/2019-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
},
{
"name": "FEDORA-2019-d03bae77f5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
},
{
"name": "FEDORA-2019-f409af9fbe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
},
{
"name": "FEDORA-2019-eba1109acd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
},
{
"name": "FreeBSD-SA-19:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
},
{
"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/40"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"
},
{
"name": "openSUSE-SU-2020:0222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "hostapd with SAE support",
"vendor": "Wi-Fi Alliance",
"versions": [
{
"lessThanOrEqual": "2.7",
"status": "affected",
"version": "2.7",
"versionType": "custom"
}
]
},
{
"product": "wpa_supplicant with SAE support",
"vendor": "Wi-Fi Alliance",
"versions": [
{
"lessThanOrEqual": "2.7",
"status": "affected",
"version": "2.7",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208 Information Exposure Through Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-524",
"description": "CWE-524 Information Exposure Through Caching",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-16T00:06:09",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://w1.fi/security/2019-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
},
{
"name": "FEDORA-2019-d03bae77f5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
},
{
"name": "FEDORA-2019-f409af9fbe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
},
{
"name": "FEDORA-2019-eba1109acd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
},
{
"name": "FreeBSD-SA-19:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
},
{
"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/40"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"
},
{
"name": "openSUSE-SU-2020:0222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side-channel attacks",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Dragonblood",
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9494",
"STATE": "PUBLIC",
"TITLE": "The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side-channel attacks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "hostapd with SAE support",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.7",
"version_value": "2.7"
}
]
}
},
{
"product_name": "wpa_supplicant with SAE support",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.7",
"version_value": "2.7"
}
]
}
}
]
},
"vendor_name": "Wi-Fi Alliance"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-208 Information Exposure Through Timing Discrepancy"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-524 Information Exposure Through Caching"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://w1.fi/security/2019-1/",
"refsource": "CONFIRM",
"url": "https://w1.fi/security/2019-1/"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_19_16",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
},
{
"name": "FEDORA-2019-d03bae77f5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
},
{
"name": "FEDORA-2019-f409af9fbe",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
},
{
"name": "FEDORA-2019-eba1109acd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
},
{
"name": "FreeBSD-SA-19:03",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
},
{
"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/40"
},
{
"name": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"
},
{
"name": "openSUSE-SU-2020:0222",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9494",
"datePublished": "2019-04-17T13:31:08",
"dateReserved": "2019-03-01T00:00:00",
"dateUpdated": "2024-08-04T21:54:44.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1082 (GCVE-0-2017-1082)
Vulnerability from cvelistv5
Published
2018-09-12 14:00
Modified
2024-09-17 00:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Userspace stack overflow
Summary
In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if the input follows the pathological pattern.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"status": "affected",
"version": "11.x before 11.1-RELEASE, 10.x before 10.4-RELEASE"
}
]
}
],
"datePublic": "2017-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if the input follows the pathological pattern."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Userspace stack overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-12T13:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"DATE_PUBLIC": "2017-06-19T00:00:00",
"ID": "CVE-2017-1082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "11.x before 11.1-RELEASE, 10.x before 10.4-RELEASE"
}
]
}
}
]
},
"vendor_name": "FreeBSD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if the input follows the pathological pattern."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Userspace stack overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt",
"refsource": "MISC",
"url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2017-1082",
"datePublished": "2018-09-12T14:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T00:02:10.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2020 (GCVE-0-2010-2020)
Vulnerability from cvelistv5
Published
2010-05-28 18:00
Modified
2024-08-07 02:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allows local users to gain privileges via a crafted mount request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.FreeBSD.org/advisories/FreeBSD-SA-10:06.nfsclient.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.exploit-db.com/exploits/14003 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.exploit-db.com/exploits/14002 | exploit, x_refsource_EXPLOIT-DB | |
| http://securitytracker.com/id?1024039 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:14.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-10:06",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:06.nfsclient.asc"
},
{
"name": "14003",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14003"
},
{
"name": "14002",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14002"
},
{
"name": "1024039",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allows local users to gain privileges via a crafted mount request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-11-06T10:00:00",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "FreeBSD-SA-10:06",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:06.nfsclient.asc"
},
{
"name": "14003",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14003"
},
{
"name": "14002",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14002"
},
{
"name": "1024039",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024039"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2010-2020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allows local users to gain privileges via a crafted mount request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-10:06",
"refsource": "FREEBSD",
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:06.nfsclient.asc"
},
{
"name": "14003",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14003"
},
{
"name": "14002",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14002"
},
{
"name": "1024039",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024039"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2010-2020",
"datePublished": "2010-05-28T18:00:00",
"dateReserved": "2010-05-24T00:00:00",
"dateUpdated": "2024-08-07T02:17:14.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25579 (GCVE-0-2020-25579)
Vulnerability from cvelistv5
Published
2021-03-26 20:44
Modified
2024-08-04 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper initialization
Summary
In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-21:01.fsdisclosure.asc | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210423-0002/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:33:05.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:01.fsdisclosure.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210423-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FreeBSD 12.2-RELEASE before p3, 12.1-RELEASE before p13, 11.4-RELEASE before p7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper initialization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-23T05:06:24",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:01.fsdisclosure.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210423-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2020-25579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 12.2-RELEASE before p3, 12.1-RELEASE before p13, 11.4-RELEASE before p7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper initialization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:01.fsdisclosure.asc",
"refsource": "MISC",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:01.fsdisclosure.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210423-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210423-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2020-25579",
"datePublished": "2021-03-26T20:44:53",
"dateReserved": "2020-09-14T00:00:00",
"dateUpdated": "2024-08-04T15:33:05.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0618 (GCVE-0-2004-0618)
Vulnerability from cvelistv5
Published
2004-06-30 04:00
Modified
2024-08-08 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service (crash) via an execve system call with an unaligned memory address as an argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/10596 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16499 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=108816603102865&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10596",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10596"
},
{
"name": "freebsd-execve-dos(16499)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16499"
},
{
"name": "20040623 Security Advisory : FreeBSD local DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108816603102865\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service (crash) via an execve system call with an unaligned memory address as an argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10596",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10596"
},
{
"name": "freebsd-execve-dos(16499)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16499"
},
{
"name": "20040623 Security Advisory : FreeBSD local DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108816603102865\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service (crash) via an execve system call with an unaligned memory address as an argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10596",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10596"
},
{
"name": "freebsd-execve-dos(16499)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16499"
},
{
"name": "20040623 Security Advisory : FreeBSD local DoS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108816603102865\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0618",
"datePublished": "2004-06-30T04:00:00",
"dateReserved": "2004-06-29T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51563 (GCVE-0-2024-51563)
Vulnerability from cvelistv5
Published
2024-11-12 14:47
Modified
2024-11-26 20:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Summary
The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freebsd",
"vendor": "freebsd",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-51563",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T20:22:49.810681Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T20:24:23.581Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"bhyve"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p6",
"status": "affected",
"version": "14.1-RELEASE",
"versionType": "release"
},
{
"lessThan": "p2",
"status": "affected",
"version": "13.4-RELEASE",
"versionType": "release"
},
{
"lessThan": "p8",
"status": "affected",
"version": "13.3-RELEASE",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Synacktiv"
},
{
"lang": "en",
"type": "sponsor",
"value": "The FreeBSD Foundation"
},
{
"lang": "en",
"type": "sponsor",
"value": "The Alpha-Omega Project"
}
],
"datePublic": "2024-10-29T21:32:53.000Z",
"descriptions": [
{
"lang": "en",
"value": "The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T14:47:28.189Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc"
}
],
"title": "bhyve(8) virtio_vq_recordon time-of-check to time-of-use race"
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2024-51563",
"datePublished": "2024-11-12T14:47:28.189Z",
"dateReserved": "2024-10-29T17:16:43.254Z",
"dateUpdated": "2024-11-26T20:24:23.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0439 (GCVE-0-2001-0439)
Vulnerability from cvelistv5
Published
2001-09-18 04:00
Modified
2024-08-08 04:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/freebsd/2001-04/0607.html | vendor-advisory, x_refsource_FREEBSD | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6261 | vdb-entry, x_refsource_XF | |
| http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-032.php3 | vendor-advisory, x_refsource_MANDRAKE | |
| http://www.redhat.com/support/errata/RHSA-2001-023.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.osvdb.org/5641 | vdb-entry, x_refsource_OSVDB | |
| http://www.redhat.com/support/errata/RHSA-2001-022.html | vendor-advisory, x_refsource_REDHAT | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000389 | vendor-advisory, x_refsource_CONECTIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-01:35",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2001-04/0607.html"
},
{
"name": "licq-url-execute-commands(6261)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6261"
},
{
"name": "MDKSA-2001:032",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-032.php3"
},
{
"name": "RHSA-2001:023",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-023.html"
},
{
"name": "5641",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5641"
},
{
"name": "RHSA-2001:022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-022.html"
},
{
"name": "CLA-2001:389",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000389"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-01:35",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2001-04/0607.html"
},
{
"name": "licq-url-execute-commands(6261)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6261"
},
{
"name": "MDKSA-2001:032",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-032.php3"
},
{
"name": "RHSA-2001:023",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-023.html"
},
{
"name": "5641",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5641"
},
{
"name": "RHSA-2001:022",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-022.html"
},
{
"name": "CLA-2001:389",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000389"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-01:35",
"refsource": "FREEBSD",
"url": "http://archives.neohapsis.com/archives/freebsd/2001-04/0607.html"
},
{
"name": "licq-url-execute-commands(6261)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6261"
},
{
"name": "MDKSA-2001:032",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-032.php3"
},
{
"name": "RHSA-2001:023",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-023.html"
},
{
"name": "5641",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5641"
},
{
"name": "RHSA-2001:022",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-022.html"
},
{
"name": "CLA-2001:389",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000389"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0439",
"datePublished": "2001-09-18T04:00:00",
"dateReserved": "2001-05-24T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7183 (GCVE-0-2018-7183)
Vulnerability from cvelistv5
Published
2018-03-08 20:00
Modified
2024-08-05 06:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201805-12 | vendor-advisory, x_refsource_GENTOO | |
| https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc | vendor-advisory, x_refsource_FREEBSD | |
| https://usn.ubuntu.com/3707-2/ | vendor-advisory, x_refsource_UBUNTU | |
| https://usn.ubuntu.com/3707-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/bid/103351 | vdb-entry, x_refsource_BID | |
| https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20180626-0001/ | x_refsource_CONFIRM | |
| http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S | x_refsource_CONFIRM | |
| https://www.synology.com/support/security/Synology_SA_18_13 | x_refsource_CONFIRM | |
| http://support.ntp.org/bin/view/Main/NtpBug3414 | x_refsource_CONFIRM | |
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201805-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"name": "FreeBSD-SA-18:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"name": "USN-3707-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "USN-3707-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3707-1/"
},
{
"name": "103351",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103351"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3414"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T22:53:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201805-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"name": "FreeBSD-SA-18:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"name": "USN-3707-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "USN-3707-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3707-1/"
},
{
"name": "103351",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103351"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3414"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201805-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"name": "FreeBSD-SA-18:02",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"name": "USN-3707-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "USN-3707-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3707-1/"
},
{
"name": "103351",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103351"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180626-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_13",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3414",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3414"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7183",
"datePublished": "2018-03-08T20:00:00",
"dateReserved": "2018-02-16T00:00:00",
"dateUpdated": "2024-08-05T06:24:11.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0001 (GCVE-0-1999-0001)
Vulnerability from cvelistv5
Published
2000-02-04 05:00
Modified
2024-08-01 16:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openbsd.org/errata23.html#tcpfix | x_refsource_CONFIRM | |
| http://www.osvdb.org/5707 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:03:04.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openbsd.org/errata23.html#tcpfix"
},
{
"name": "5707",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5707"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-17T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openbsd.org/errata23.html#tcpfix"
},
{
"name": "5707",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5707"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openbsd.org/errata23.html#tcpfix",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/errata23.html#tcpfix"
},
{
"name": "5707",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5707"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0001",
"datePublished": "2000-02-04T05:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:03:04.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0096 (GCVE-0-1999-0096)
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Sendmail decode alias can be used to overwrite sensitive files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba | vendor-advisory, x_refsource_SUN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:27:57.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "00122",
"tags": [
"vendor-advisory",
"x_refsource_SUN",
"x_transferred"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll\u0026doc=secbull/122\u0026type=0\u0026nav=sec.sba"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sendmail decode alias can be used to overwrite sensitive files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "00122",
"tags": [
"vendor-advisory",
"x_refsource_SUN"
],
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll\u0026doc=secbull/122\u0026type=0\u0026nav=sec.sba"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sendmail decode alias can be used to overwrite sensitive files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "00122",
"refsource": "SUN",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll\u0026doc=secbull/122\u0026type=0\u0026nav=sec.sba"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0096",
"datePublished": "1999-09-29T04:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:27:57.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0122 (GCVE-0-2008-0122)
Vulnerability from cvelistv5
Published
2008-01-16 01:00
Modified
2024-08-07 07:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:24.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28579"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429149"
},
{
"name": "RHSA-2008:0300",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0300.html"
},
{
"name": "27283",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27283"
},
{
"name": "30538",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30538"
},
{
"name": "20080124 rPSA-2008-0029-1 bind bind-utils",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487000/100/0/threaded"
},
{
"name": "VU#203611",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/203611"
},
{
"name": "FreeBSD-SA-08:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:02.libc.asc"
},
{
"name": "ADV-2008-0703",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0703"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-244.htm"
},
{
"name": "ADV-2008-1743",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1743/references"
},
{
"name": "oval:org.mitre.oval:def:10190",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10190"
},
{
"name": "FEDORA-2008-0904",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00782.html"
},
{
"name": "28429",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28429"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2169"
},
{
"name": "1019189",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019189"
},
{
"name": "SUSE-SR:2008:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7\u0026heading=AIX61\u0026path=/200802/SECURITY/20080227/datafile123640\u0026label=AIX%20libc%20inet_network%20buffer%20overflow"
},
{
"name": "28487",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28487"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php"
},
{
"name": "freebsd-inetnetwork-bo(39670)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39670"
},
{
"name": "30313",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30313"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4167"
},
{
"name": "30718",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30718"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488"
},
{
"name": "29323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29323"
},
{
"name": "238493",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238493-1"
},
{
"name": "29161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29161"
},
{
"name": "ADV-2008-0193",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0193"
},
{
"name": "28367",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28367"
},
{
"name": "FEDORA-2008-0903",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00781.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "28579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28579"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429149"
},
{
"name": "RHSA-2008:0300",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0300.html"
},
{
"name": "27283",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27283"
},
{
"name": "30538",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30538"
},
{
"name": "20080124 rPSA-2008-0029-1 bind bind-utils",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487000/100/0/threaded"
},
{
"name": "VU#203611",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/203611"
},
{
"name": "FreeBSD-SA-08:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:02.libc.asc"
},
{
"name": "ADV-2008-0703",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0703"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-244.htm"
},
{
"name": "ADV-2008-1743",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1743/references"
},
{
"name": "oval:org.mitre.oval:def:10190",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10190"
},
{
"name": "FEDORA-2008-0904",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00782.html"
},
{
"name": "28429",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28429"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2169"
},
{
"name": "1019189",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019189"
},
{
"name": "SUSE-SR:2008:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7\u0026heading=AIX61\u0026path=/200802/SECURITY/20080227/datafile123640\u0026label=AIX%20libc%20inet_network%20buffer%20overflow"
},
{
"name": "28487",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28487"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php"
},
{
"name": "freebsd-inetnetwork-bo(39670)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39670"
},
{
"name": "30313",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30313"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4167"
},
{
"name": "30718",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30718"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488"
},
{
"name": "29323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29323"
},
{
"name": "238493",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238493-1"
},
{
"name": "29161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29161"
},
{
"name": "ADV-2008-0193",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0193"
},
{
"name": "28367",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28367"
},
{
"name": "FEDORA-2008-0903",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00781.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2008-0122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28579",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28579"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=429149",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429149"
},
{
"name": "RHSA-2008:0300",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0300.html"
},
{
"name": "27283",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27283"
},
{
"name": "30538",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30538"
},
{
"name": "20080124 rPSA-2008-0029-1 bind bind-utils",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487000/100/0/threaded"
},
{
"name": "VU#203611",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/203611"
},
{
"name": "FreeBSD-SA-08:02",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:02.libc.asc"
},
{
"name": "ADV-2008-0703",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0703"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-244.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-244.htm"
},
{
"name": "ADV-2008-1743",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1743/references"
},
{
"name": "oval:org.mitre.oval:def:10190",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10190"
},
{
"name": "FEDORA-2008-0904",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00782.html"
},
{
"name": "28429",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28429"
},
{
"name": "https://issues.rpath.com/browse/RPL-2169",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2169"
},
{
"name": "1019189",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019189"
},
{
"name": "SUSE-SR:2008:006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"
},
{
"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7\u0026heading=AIX61\u0026path=/200802/SECURITY/20080227/datafile123640\u0026label=AIX%20libc%20inet_network%20buffer%20overflow",
"refsource": "CONFIRM",
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7\u0026heading=AIX61\u0026path=/200802/SECURITY/20080227/datafile123640\u0026label=AIX%20libc%20inet_network%20buffer%20overflow"
},
{
"name": "28487",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28487"
},
{
"name": "http://www.isc.org/index.pl?/sw/bind/bind-security.php",
"refsource": "CONFIRM",
"url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php"
},
{
"name": "freebsd-inetnetwork-bo(39670)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39670"
},
{
"name": "30313",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30313"
},
{
"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4167",
"refsource": "CONFIRM",
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4167"
},
{
"name": "30718",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30718"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488"
},
{
"name": "29323",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29323"
},
{
"name": "238493",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238493-1"
},
{
"name": "29161",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29161"
},
{
"name": "ADV-2008-0193",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0193"
},
{
"name": "28367",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28367"
},
{
"name": "FEDORA-2008-0903",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00781.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2008-0122",
"datePublished": "2008-01-16T01:00:00",
"dateReserved": "2008-01-07T00:00:00",
"dateUpdated": "2024-08-07T07:32:24.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9495 (GCVE-0-2019-9495)
Vulnerability from cvelistv5
Published
2019-04-17 13:31
Modified
2024-08-04 21:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-524 - Information Exposure Through Caching
Summary
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Wi-Fi Alliance | hostapd with EAP-pwd support |
Version: 2.7 < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://w1.fi/security/2019-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
},
{
"name": "FEDORA-2019-d03bae77f5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
},
{
"name": "FEDORA-2019-f409af9fbe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
},
{
"name": "FEDORA-2019-eba1109acd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
},
{
"name": "FreeBSD-SA-19:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
},
{
"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/40"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"
},
{
"name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
},
{
"name": "openSUSE-SU-2020:0222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "hostapd with EAP-pwd support",
"vendor": "Wi-Fi Alliance",
"versions": [
{
"lessThanOrEqual": "2.7",
"status": "affected",
"version": "2.7",
"versionType": "custom"
}
]
},
{
"product": "wpa_supplicant with EAP-pwd support",
"vendor": "Wi-Fi Alliance",
"versions": [
{
"lessThanOrEqual": "2.7",
"status": "affected",
"version": "2.7",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-524",
"description": "CWE-524 Information Exposure Through Caching",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-16T00:06:10",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://w1.fi/security/2019-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
},
{
"name": "FEDORA-2019-d03bae77f5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
},
{
"name": "FEDORA-2019-f409af9fbe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
},
{
"name": "FEDORA-2019-eba1109acd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
},
{
"name": "FreeBSD-SA-19:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
},
{
"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/40"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"
},
{
"name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
},
{
"name": "openSUSE-SU-2020:0222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Dragonblood",
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9495",
"STATE": "PUBLIC",
"TITLE": "The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "hostapd with EAP-pwd support",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.7",
"version_value": "2.7"
}
]
}
},
{
"product_name": "wpa_supplicant with EAP-pwd support",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.7",
"version_value": "2.7"
}
]
}
}
]
},
"vendor_name": "Wi-Fi Alliance"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-524 Information Exposure Through Caching"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://w1.fi/security/2019-2/",
"refsource": "CONFIRM",
"url": "https://w1.fi/security/2019-2/"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_19_16",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
},
{
"name": "FEDORA-2019-d03bae77f5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
},
{
"name": "FEDORA-2019-f409af9fbe",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
},
{
"name": "FEDORA-2019-eba1109acd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
},
{
"name": "FreeBSD-SA-19:03",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
},
{
"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/40"
},
{
"name": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"
},
{
"name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
},
{
"name": "openSUSE-SU-2020:0222",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9495",
"datePublished": "2019-04-17T13:31:08",
"dateReserved": "2019-03-01T00:00:00",
"dateUpdated": "2024-08-04T21:54:44.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48795 (GCVE-0-2023-48795)
Vulnerability from cvelistv5
Published
2023-12-18 00:00
Modified
2025-05-14 19:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-05-14T19:34:00.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://matt.ucc.asn.au/dropbear/CHANGES"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.netsarang.com/en/xshell-update-history/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.paramiko.org/changelog.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/openbsd.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/commits/master"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bitvise.com/ssh-server-version-history"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ronf/asyncssh/tags"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/libssh/libssh-mirror/-/tags"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.terrapin-attack.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"
},
{
"tags": [
"x_transferred"
],
"url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://twitter.com/TrueSkrillor/status/1736774389725565005"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/paramiko/paramiko/issues/2337"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=38684904"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=38685286"
},
{
"name": "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/18/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mwiede/jsch/issues/457"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-45x7-px36-x8w8"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/source-package/libssh2"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2023-48795"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.gentoo.org/920280"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2023-48795"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2023-48795"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mwiede/jsch/pull/461"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libssh2/libssh2/pull/1291"
},
{
"tags": [
"x_transferred"
],
"url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rapier1/hpn-ssh/releases"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/issues/456"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://oryx-embedded.com/download/#changelog"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"
},
{
"tags": [
"x_transferred"
],
"url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"
},
{
"tags": [
"x_transferred"
],
"url": "https://crates.io/crates/thrussh/versions"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/NixOS/nixpkgs/pull/275249"
},
{
"name": "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/19/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"
},
{
"name": "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/mina-sshd/issues/445"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/hierynomus/sshj/issues/916"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/janmojzis/tinyssh/issues/81"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"
},
{
"name": "FEDORA-2023-0733306be9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
},
{
"name": "DSA-5586",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh"
},
{
"tags": [
"x_transferred"
],
"url": "https://filezilla-project.org/versions.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://nova.app/releases/#v11.8"
},
{
"tags": [
"x_transferred"
],
"url": "https://roumenpetrov.info/secsh/#news20231220"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.vandyke.com/products/securecrt/history.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://help.panic.com/releasenotes/transmit5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189"
},
{
"tags": [
"x_transferred"
],
"url": "https://winscp.net/eng/docs/history#6.2.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bitvise.com/ssh-client-version-history#933"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cyd01/KiTTY/issues/520"
},
{
"name": "DSA-5588",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5588"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ssh-mitm/ssh-mitm/issues/165"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=38732005"
},
{
"name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"name": "GLSA-202312-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-16"
},
{
"name": "GLSA-202312-17",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-17"
},
{
"name": "FEDORA-2023-20feb865d8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
},
{
"name": "FEDORA-2023-cb8c606fbb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"
},
{
"name": "FEDORA-2023-e77300e4b5",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
},
{
"name": "FEDORA-2023-b87ec6cf47",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"
},
{
"name": "FEDORA-2023-153404713b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240105-0004/"
},
{
"name": "FEDORA-2024-3bb23c77f3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"
},
{
"name": "FEDORA-2023-55800423a8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
},
{
"name": "FEDORA-2024-d946b9ad25",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
},
{
"name": "FEDORA-2024-71c2c6526c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"
},
{
"name": "FEDORA-2024-39a8c72ea9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"
},
{
"name": "FEDORA-2024-ae653fb07b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"name": "FEDORA-2024-2705241461",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
},
{
"name": "FEDORA-2024-fb32950d11",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"name": "FEDORA-2024-7b08207cdb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
},
{
"name": "FEDORA-2024-06ebb70bdd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"
},
{
"name": "FEDORA-2024-a53b24023d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
},
{
"name": "FEDORA-2024-3fd1bc9276",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214084"
},
{
"name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"name": "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"
},
{
"name": "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/17/8"
},
{
"name": "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": ""
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T03:55:20.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T18:06:23.972Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
},
{
"url": "https://matt.ucc.asn.au/dropbear/CHANGES"
},
{
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"url": "https://www.netsarang.com/en/xshell-update-history/"
},
{
"url": "https://www.paramiko.org/changelog.html"
},
{
"url": "https://www.openssh.com/openbsd.html"
},
{
"url": "https://github.com/openssh/openssh-portable/commits/master"
},
{
"url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"
},
{
"url": "https://www.bitvise.com/ssh-server-version-history"
},
{
"url": "https://github.com/ronf/asyncssh/tags"
},
{
"url": "https://gitlab.com/libssh/libssh-mirror/-/tags"
},
{
"url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"
},
{
"url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"
},
{
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"
},
{
"url": "https://www.terrapin-attack.com"
},
{
"url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"
},
{
"url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"
},
{
"url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/"
},
{
"url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2"
},
{
"url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
},
{
"url": "https://twitter.com/TrueSkrillor/status/1736774389725565005"
},
{
"url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"
},
{
"url": "https://github.com/paramiko/paramiko/issues/2337"
},
{
"url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
},
{
"url": "https://news.ycombinator.com/item?id=38684904"
},
{
"url": "https://news.ycombinator.com/item?id=38685286"
},
{
"name": "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/18/3"
},
{
"url": "https://github.com/mwiede/jsch/issues/457"
},
{
"url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
},
{
"url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1"
},
{
"url": "https://github.com/advisories/GHSA-45x7-px36-x8w8"
},
{
"url": "https://security-tracker.debian.org/tracker/source-package/libssh2"
},
{
"url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2023-48795"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"url": "https://bugs.gentoo.org/920280"
},
{
"url": "https://ubuntu.com/security/CVE-2023-48795"
},
{
"url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"
},
{
"url": "https://access.redhat.com/security/cve/cve-2023-48795"
},
{
"url": "https://github.com/mwiede/jsch/pull/461"
},
{
"url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"
},
{
"url": "https://github.com/libssh2/libssh2/pull/1291"
},
{
"url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack"
},
{
"url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"
},
{
"url": "https://github.com/rapier1/hpn-ssh/releases"
},
{
"url": "https://github.com/proftpd/proftpd/issues/456"
},
{
"url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"
},
{
"url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"
},
{
"url": "https://oryx-embedded.com/download/#changelog"
},
{
"url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"
},
{
"url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"
},
{
"url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"
},
{
"url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"
},
{
"url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"
},
{
"url": "https://crates.io/crates/thrussh/versions"
},
{
"url": "https://github.com/NixOS/nixpkgs/pull/275249"
},
{
"name": "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/19/5"
},
{
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"
},
{
"url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"
},
{
"name": "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"
},
{
"url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"
},
{
"url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"
},
{
"url": "https://github.com/apache/mina-sshd/issues/445"
},
{
"url": "https://github.com/hierynomus/sshj/issues/916"
},
{
"url": "https://github.com/janmojzis/tinyssh/issues/81"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"
},
{
"url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"
},
{
"name": "FEDORA-2023-0733306be9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
},
{
"name": "DSA-5586",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"
},
{
"url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh"
},
{
"url": "https://filezilla-project.org/versions.php"
},
{
"url": "https://nova.app/releases/#v11.8"
},
{
"url": "https://roumenpetrov.info/secsh/#news20231220"
},
{
"url": "https://www.vandyke.com/products/securecrt/history.txt"
},
{
"url": "https://help.panic.com/releasenotes/transmit5/"
},
{
"url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"
},
{
"url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189"
},
{
"url": "https://winscp.net/eng/docs/history#6.2.2"
},
{
"url": "https://www.bitvise.com/ssh-client-version-history#933"
},
{
"url": "https://github.com/cyd01/KiTTY/issues/520"
},
{
"name": "DSA-5588",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5588"
},
{
"url": "https://github.com/ssh-mitm/ssh-mitm/issues/165"
},
{
"url": "https://news.ycombinator.com/item?id=38732005"
},
{
"name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"name": "GLSA-202312-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-16"
},
{
"name": "GLSA-202312-17",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-17"
},
{
"name": "FEDORA-2023-20feb865d8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
},
{
"name": "FEDORA-2023-cb8c606fbb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"
},
{
"name": "FEDORA-2023-e77300e4b5",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
},
{
"name": "FEDORA-2023-b87ec6cf47",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"
},
{
"name": "FEDORA-2023-153404713b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240105-0004/"
},
{
"name": "FEDORA-2024-3bb23c77f3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"
},
{
"name": "FEDORA-2023-55800423a8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
},
{
"name": "FEDORA-2024-d946b9ad25",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
},
{
"name": "FEDORA-2024-71c2c6526c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"
},
{
"name": "FEDORA-2024-39a8c72ea9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"
},
{
"name": "FEDORA-2024-ae653fb07b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"name": "FEDORA-2024-2705241461",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
},
{
"name": "FEDORA-2024-fb32950d11",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"name": "FEDORA-2024-7b08207cdb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
},
{
"name": "FEDORA-2024-06ebb70bdd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"
},
{
"name": "FEDORA-2024-a53b24023d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
},
{
"name": "FEDORA-2024-3fd1bc9276",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
},
{
"url": "https://support.apple.com/kb/HT214084"
},
{
"name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"name": "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"
},
{
"name": "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/17/8"
},
{
"name": "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-48795",
"datePublished": "2023-12-18T00:00:00.000Z",
"dateReserved": "2023-11-20T00:00:00.000Z",
"dateUpdated": "2025-05-14T19:34:00.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6640 (GCVE-0-2024-6640)
Vulnerability from cvelistv5
Published
2024-08-11 02:33
Modified
2024-11-26 15:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In ICMPv6 Neighbor Discovery (ND), the ID is always 0. When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor Solicitation (NS) can trigger an Echo Reply. The packet has to come from the same host as the NS and have a zero as identifier to match the state created by the Neighbor Discovery and allow replies to be generated.
ICMPv6 packets with identifier value of zero bypass firewall rules written on the assumption that the incoming packets are going to create a state in the state table.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.freebsd.org/advisories/FreeBSD-SA-24:05.pf.asc | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-6640",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T18:58:37.288194Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T15:05:41.535Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-16T17:02:44.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240816-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"pf"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p3",
"status": "affected",
"version": "14.1-RELEASE",
"versionType": "release"
},
{
"lessThan": "p9",
"status": "affected",
"version": "14.0-RELEASE",
"versionType": "release"
},
{
"lessThan": "p5",
"status": "affected",
"version": "13.3-RELEASE",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Enrico Bassetti e.bassetti@tudelft.nl (Cybersecurity @ TU Delft, SPRITZ Group @ UniPD)"
}
],
"datePublic": "2024-08-07T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In ICMPv6 Neighbor Discovery (ND), the ID is always 0. When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor Solicitation (NS) can trigger an Echo Reply. The packet has to come from the same host as the NS and have a zero as identifier to match the state created by the Neighbor Discovery and allow replies to be generated.\n\nICMPv6 packets with identifier value of zero bypass firewall rules written on the assumption that the incoming packets are going to create a state in the state table."
}
],
"providerMetadata": {
"dateUpdated": "2024-08-11T02:33:42.590Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:05.pf.asc"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "pf incorrectly matches different ICMPv6 states in the state table",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2024-6640",
"datePublished": "2024-08-11T02:33:42.590Z",
"dateReserved": "2024-07-10T00:40:14.138Z",
"dateUpdated": "2024-11-26T15:05:41.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6249 (GCVE-0-2018-6249)
Vulnerability from cvelistv5
Published
2018-04-02 16:00
Modified
2024-09-17 01:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service, Escalation of Privileges
Summary
NVIDIA GPU Display Driver contains a vulnerability in kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://nvidia.custhelp.com/app/answers/detail/a_id/4649 | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/3662-1/ | vendor-advisory, x_refsource_UBUNTU |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nvidia Corporation | GPU Display Driver |
Version: All |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:47.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4649"
},
{
"name": "USN-3662-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3662-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GPU Display Driver",
"vendor": "Nvidia Corporation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2018-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA GPU Display Driver contains a vulnerability in kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service, Escalation of Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-30T09:57:01",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4649"
},
{
"name": "USN-3662-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3662-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"DATE_PUBLIC": "2018-03-28T00:00:00",
"ID": "CVE-2018-6249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPU Display Driver",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GPU Display Driver contains a vulnerability in kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service, Escalation of Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4649",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4649"
},
{
"name": "USN-3662-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3662-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2018-6249",
"datePublished": "2018-04-02T16:00:00Z",
"dateReserved": "2018-01-25T00:00:00",
"dateUpdated": "2024-09-17T01:17:00.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0216 (GCVE-0-2008-0216)
Vulnerability from cvelistv5
Published
2008-01-16 01:00
Modified
2024-08-07 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/28498 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1019191 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39667 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/27284 | vdb-entry, x_refsource_BID | |
| http://security.FreeBSD.org/advisories/FreeBSD-SA-08:01.pty.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28498",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28498"
},
{
"name": "1019191",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019191"
},
{
"name": "freebsd-ptsname-information-disclosure(39667)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39667"
},
{
"name": "27284",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27284"
},
{
"name": "FreeBSD-SA-08:01",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:01.pty.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "28498",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28498"
},
{
"name": "1019191",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019191"
},
{
"name": "freebsd-ptsname-information-disclosure(39667)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39667"
},
{
"name": "27284",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27284"
},
{
"name": "FreeBSD-SA-08:01",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:01.pty.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2008-0216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28498",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28498"
},
{
"name": "1019191",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019191"
},
{
"name": "freebsd-ptsname-information-disclosure(39667)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39667"
},
{
"name": "27284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27284"
},
{
"name": "FreeBSD-SA-08:01",
"refsource": "FREEBSD",
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:01.pty.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2008-0216",
"datePublished": "2008-01-16T01:00:00",
"dateReserved": "2008-01-10T00:00:00",
"dateUpdated": "2024-08-07T07:39:34.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0461 (GCVE-0-2000-0461)
Vulnerability from cvelistv5
Published
2000-07-12 04:00
Modified
2024-08-08 05:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openbsd.org/errata26.html#semconfig | vendor-advisory, x_refsource_OPENBSD | |
| ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-004.txt.asc | vendor-advisory, x_refsource_NETBSD | |
| http://www.securityfocus.com/bid/1270 | vdb-entry, x_refsource_BID | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:19.semconfig.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:21:30.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000526",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://www.openbsd.org/errata26.html#semconfig"
},
{
"name": "NetBSD-SA2000-004",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-004.txt.asc"
},
{
"name": "1270",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1270"
},
{
"name": "FreeBSD-SA-00:19",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:19.semconfig.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000526",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://www.openbsd.org/errata26.html#semconfig"
},
{
"name": "NetBSD-SA2000-004",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-004.txt.asc"
},
{
"name": "1270",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1270"
},
{
"name": "FreeBSD-SA-00:19",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:19.semconfig.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000526",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata26.html#semconfig"
},
{
"name": "NetBSD-SA2000-004",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-004.txt.asc"
},
{
"name": "1270",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1270"
},
{
"name": "FreeBSD-SA-00:19",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:19.semconfig.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0461",
"datePublished": "2000-07-12T04:00:00",
"dateReserved": "2000-06-14T00:00:00",
"dateUpdated": "2024-08-08T05:21:30.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5691 (GCVE-0-2013-5691)
Vulnerability from cvelistv5
Published
2013-09-23 10:00
Modified
2024-08-06 17:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeBSD 8.3 through 9.2-STABLE do not validate SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR, and SIOCSIFNETMASK requests, which allows local users to perform link-layer actions, cause a denial of service (panic), or possibly gain privileges via a crafted application.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/54861 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.freebsd.org/security/advisories/FreeBSD-SA-13:12.ifioctl.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.debian.org/security/2013/dsa-2769 | vendor-advisory, x_refsource_DEBIAN | |
| http://svnweb.freebsd.org/base?view=revision&revision=255442 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:22:29.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54861",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54861"
},
{
"name": "FreeBSD-SA-13:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:12.ifioctl.asc"
},
{
"name": "DSA-2769",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2769"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=255442"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeBSD 8.3 through 9.2-STABLE do not validate SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR, and SIOCSIFNETMASK requests, which allows local users to perform link-layer actions, cause a denial of service (panic), or possibly gain privileges via a crafted application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-24T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "54861",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54861"
},
{
"name": "FreeBSD-SA-13:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:12.ifioctl.asc"
},
{
"name": "DSA-2769",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2769"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=255442"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeBSD 8.3 through 9.2-STABLE do not validate SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR, and SIOCSIFNETMASK requests, which allows local users to perform link-layer actions, cause a denial of service (panic), or possibly gain privileges via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54861",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54861"
},
{
"name": "FreeBSD-SA-13:12",
"refsource": "FREEBSD",
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:12.ifioctl.asc"
},
{
"name": "DSA-2769",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2769"
},
{
"name": "http://svnweb.freebsd.org/base?view=revision\u0026revision=255442",
"refsource": "CONFIRM",
"url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=255442"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5691",
"datePublished": "2013-09-23T10:00:00",
"dateReserved": "2013-09-03T00:00:00",
"dateUpdated": "2024-08-06T17:22:29.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13082 (GCVE-0-2017-13082)
Vulnerability from cvelistv5
Published
2017-10-17 13:00
Modified
2024-08-05 18:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-323 - Reusing a Nonce, Key Pair in Encryption
Summary
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wi-Fi Alliance | Wi-Fi Protected Access (WPA and WPA2) |
Version: WPA Version: WPA2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:58:12.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039581",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039581"
},
{
"name": "101274",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101274"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1066697"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "DSA-3999",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3999"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/kracks"
},
{
"name": "20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt"
},
{
"name": "1039571",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039571"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-299-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-11-01"
},
{
"name": "GLSA-201711-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201711-03"
},
{
"name": "RHSA-2017:2907",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2907"
},
{
"name": "1039570",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039570"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-17420"
},
{
"name": "FreeBSD-SA-17:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.krackattacks.com/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "1039573",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039573"
},
{
"name": "VU#228519",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/228519"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vanhoefm/krackattacks-test-ap-ft"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2017-005"
},
{
"name": "USN-3455-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3455-1"
},
{
"name": "openSUSE-SU-2020:0222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wi-Fi Protected Access (WPA and WPA2)",
"vendor": "Wi-Fi Alliance",
"versions": [
{
"status": "affected",
"version": "WPA"
},
{
"status": "affected",
"version": "WPA2"
}
]
}
],
"datePublic": "2017-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-323",
"description": "CWE-323: Reusing a Nonce, Key Pair in Encryption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-16T00:06:11",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "1039581",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039581"
},
{
"name": "101274",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101274"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1066697"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "DSA-3999",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3999"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/security/vulnerabilities/kracks"
},
{
"name": "20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt"
},
{
"name": "1039571",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039571"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-299-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-11-01"
},
{
"name": "GLSA-201711-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201711-03"
},
{
"name": "RHSA-2017:2907",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2907"
},
{
"name": "1039570",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039570"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-17420"
},
{
"name": "FreeBSD-SA-17:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.krackattacks.com/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "1039573",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039573"
},
{
"name": "VU#228519",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/228519"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vanhoefm/krackattacks-test-ap-ft"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2017-005"
},
{
"name": "USN-3455-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3455-1"
},
{
"name": "openSUSE-SU-2020:0222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-13082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wi-Fi Protected Access (WPA and WPA2)",
"version": {
"version_data": [
{
"version_value": "WPA"
},
{
"version_value": "WPA2"
}
]
}
}
]
},
"vendor_name": "Wi-Fi Alliance"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-323: Reusing a Nonce, Key Pair in Encryption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039581",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039581"
},
{
"name": "101274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101274"
},
{
"name": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1066697",
"refsource": "CONFIRM",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1066697"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "DSA-3999",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3999"
},
{
"name": "https://access.redhat.com/security/vulnerabilities/kracks",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/vulnerabilities/kracks"
},
{
"name": "20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"
},
{
"name": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt",
"refsource": "MISC",
"url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt"
},
{
"name": "1039571",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039571"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-299-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-299-02"
},
{
"name": "https://source.android.com/security/bulletin/2017-11-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-11-01"
},
{
"name": "GLSA-201711-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-03"
},
{
"name": "RHSA-2017:2907",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2907"
},
{
"name": "1039570",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039570"
},
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-17420",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-17420"
},
{
"name": "FreeBSD-SA-17:07",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc"
},
{
"name": "https://www.krackattacks.com/",
"refsource": "MISC",
"url": "https://www.krackattacks.com/"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "1039573",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039573"
},
{
"name": "VU#228519",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/228519"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
},
{
"name": "https://github.com/vanhoefm/krackattacks-test-ap-ft",
"refsource": "MISC",
"url": "https://github.com/vanhoefm/krackattacks-test-ap-ft"
},
{
"name": "https://cert.vde.com/en-us/advisories/vde-2017-005",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2017-005"
},
{
"name": "USN-3455-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3455-1"
},
{
"name": "openSUSE-SU-2020:0222",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-13082",
"datePublished": "2017-10-17T13:00:00",
"dateReserved": "2017-08-22T00:00:00",
"dateUpdated": "2024-08-05T18:58:12.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5601 (GCVE-0-2019-5601)
Vulnerability from cvelistv5
Published
2019-07-03 18:51
Modified
2024-08-04 20:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Kernel information leakage
Summary
In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEASE-p7, 11.2-STABLE before r347475, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the FFS implementation causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-19:10.ufs.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://packetstormsecurity.com/files/153523/FreeBSD-Security-Advisory-FreeBSD-SA-19-10.ufs.html | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-19:10",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:10.ufs.asc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153523/FreeBSD-Security-Advisory-FreeBSD-SA-19-10.ufs.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"status": "affected",
"version": "FreeBSD 12.0 before 12.0-RELEASE-p7 and 11.2 before 11.2-RELEASE-p11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEASE-p7, 11.2-STABLE before r347475, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the FFS implementation causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Kernel information leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-03T19:06:05",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "FreeBSD-SA-19:10",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:10.ufs.asc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153523/FreeBSD-Security-Advisory-FreeBSD-SA-19-10.ufs.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2019-5601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 12.0 before 12.0-RELEASE-p7 and 11.2 before 11.2-RELEASE-p11"
}
]
}
}
]
},
"vendor_name": "FreeBSD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEASE-p7, 11.2-STABLE before r347475, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the FFS implementation causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Kernel information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-19:10",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:10.ufs.asc"
},
{
"name": "http://packetstormsecurity.com/files/153523/FreeBSD-Security-Advisory-FreeBSD-SA-19-10.ufs.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153523/FreeBSD-Security-Advisory-FreeBSD-SA-19-10.ufs.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2019-5601",
"datePublished": "2019-07-03T18:51:47",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:52.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0905 (GCVE-0-2006-0905)
Vulnerability from cvelistv5
Published
2006-03-23 11:00
Modified
2024-08-07 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/24068 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1015809 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/17191 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/19366 | third-party-advisory, x_refsource_SECUNIA | |
| ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-011.txt.asc | vendor-advisory, x_refsource_NETBSD | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:11.ipsec.asc | vendor-advisory, x_refsource_FREEBSD | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25398 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24068",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24068"
},
{
"name": "1015809",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015809"
},
{
"name": "17191",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17191"
},
{
"name": "19366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19366"
},
{
"name": "NetBSD-SA2006-011",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-011.txt.asc"
},
{
"name": "FreeBSD-SA-06:11",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:11.ipsec.asc"
},
{
"name": "bsd-ipsec-replay(25398)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25398"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A \"programming error\" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "24068",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24068"
},
{
"name": "1015809",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015809"
},
{
"name": "17191",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17191"
},
{
"name": "19366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19366"
},
{
"name": "NetBSD-SA2006-011",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-011.txt.asc"
},
{
"name": "FreeBSD-SA-06:11",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:11.ipsec.asc"
},
{
"name": "bsd-ipsec-replay(25398)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25398"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2006-0905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A \"programming error\" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24068",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24068"
},
{
"name": "1015809",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015809"
},
{
"name": "17191",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17191"
},
{
"name": "19366",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19366"
},
{
"name": "NetBSD-SA2006-011",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-011.txt.asc"
},
{
"name": "FreeBSD-SA-06:11",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:11.ipsec.asc"
},
{
"name": "bsd-ipsec-replay(25398)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25398"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2006-0905",
"datePublished": "2006-03-23T11:00:00",
"dateReserved": "2006-02-28T00:00:00",
"dateUpdated": "2024-08-07T16:48:56.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0798 (GCVE-0-1999-0798)
Vulnerability from cvelistv5
Published
2000-02-04 05:00
Modified
2024-08-01 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=91278867118128&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:48:38.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19981204 bootpd remote vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=91278867118128\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19981204 bootpd remote vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=91278867118128\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19981204 bootpd remote vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=91278867118128\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0798",
"datePublished": "2000-02-04T05:00:00",
"dateReserved": "1999-11-25T00:00:00",
"dateUpdated": "2024-08-01T16:48:38.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1234 (GCVE-0-2003-1234)
Vulnerability from cvelistv5
Published
2005-11-16 07:37
Modified
2024-08-08 02:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.pine.nl/press/pine-cert-20030101.txt | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/305308/30/26420/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0006.html | mailing-list, x_refsource_VULNWATCH | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:44.filedesc.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://archives.neohapsis.com/archives/bugtraq/2003-01/0057.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/6524 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1005898 | vdb-entry, x_refsource_SECTRACK | |
| http://www.iss.net/security_center/static/10993.php | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/7821 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:45.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pine.nl/press/pine-cert-20030101.txt"
},
{
"name": "20030106 PDS: Integer overflow in FreeBSD kernel",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/305308/30/26420/threaded"
},
{
"name": "20030106 PDS: Integer overflow in FreeBSD kernel",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0006.html"
},
{
"name": "FreeBSD-SA-02:44",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:44.filedesc.asc"
},
{
"name": "20030107 FreeBSD Security Advisory FreeBSD-SA-02:44.filedesc",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0057.html"
},
{
"name": "6524",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6524"
},
{
"name": "1005898",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1005898"
},
{
"name": "freebsd-kernel-integer-overflow(10993)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10993.php"
},
{
"name": "7821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/7821"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pine.nl/press/pine-cert-20030101.txt"
},
{
"name": "20030106 PDS: Integer overflow in FreeBSD kernel",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/305308/30/26420/threaded"
},
{
"name": "20030106 PDS: Integer overflow in FreeBSD kernel",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0006.html"
},
{
"name": "FreeBSD-SA-02:44",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:44.filedesc.asc"
},
{
"name": "20030107 FreeBSD Security Advisory FreeBSD-SA-02:44.filedesc",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0057.html"
},
{
"name": "6524",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6524"
},
{
"name": "1005898",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1005898"
},
{
"name": "freebsd-kernel-integer-overflow(10993)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10993.php"
},
{
"name": "7821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/7821"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pine.nl/press/pine-cert-20030101.txt",
"refsource": "MISC",
"url": "http://www.pine.nl/press/pine-cert-20030101.txt"
},
{
"name": "20030106 PDS: Integer overflow in FreeBSD kernel",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/305308/30/26420/threaded"
},
{
"name": "20030106 PDS: Integer overflow in FreeBSD kernel",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0006.html"
},
{
"name": "FreeBSD-SA-02:44",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:44.filedesc.asc"
},
{
"name": "20030107 FreeBSD Security Advisory FreeBSD-SA-02:44.filedesc",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0057.html"
},
{
"name": "6524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6524"
},
{
"name": "1005898",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1005898"
},
{
"name": "freebsd-kernel-integer-overflow(10993)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10993.php"
},
{
"name": "7821",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/7821"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1234",
"datePublished": "2005-11-16T07:37:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-08T02:19:45.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1313 (GCVE-0-1999-1313)
Vulnerability from cvelistv5
Published
2001-09-12 04:00
Modified
2024-08-01 17:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Manual page reader (man) in FreeBSD 2.2 and earlier allows local users to gain privileges via a sequence of commands.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:11.man.asc | vendor-advisory, x_refsource_FREEBSD | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7348 | vdb-entry, x_refsource_XF | |
| http://ciac.llnl.gov/ciac/bulletins/g-24.shtml | third-party-advisory, government-resource, x_refsource_CIAC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:11:02.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-96:11",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:11.man.asc"
},
{
"name": "bsd-man-command-sequence(7348)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7348"
},
{
"name": "G-24",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://ciac.llnl.gov/ciac/bulletins/g-24.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1996-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Manual page reader (man) in FreeBSD 2.2 and earlier allows local users to gain privileges via a sequence of commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-96:11",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:11.man.asc"
},
{
"name": "bsd-man-command-sequence(7348)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7348"
},
{
"name": "G-24",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://ciac.llnl.gov/ciac/bulletins/g-24.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Manual page reader (man) in FreeBSD 2.2 and earlier allows local users to gain privileges via a sequence of commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-96:11",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:11.man.asc"
},
{
"name": "bsd-man-command-sequence(7348)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7348"
},
{
"name": "G-24",
"refsource": "CIAC",
"url": "http://ciac.llnl.gov/ciac/bulletins/g-24.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1313",
"datePublished": "2001-09-12T04:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:11:02.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1074 (GCVE-0-2011-1074)
Vulnerability from cvelistv5
Published
2011-03-04 22:00
Modified
2024-08-06 22:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
crontab.c in crontab in FreeBSD allows local users to determine the existence of arbitrary directories via a command-line argument composed of a directory name concatenated with a directory traversal sequence that leads to the /etc/crontab pathname.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openwall.com/lists/oss-security/2011/02/28/14 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/46604 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/8117 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/516716/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/65900 | vdb-entry, x_refsource_XF | |
| http://openwall.com/lists/oss-security/2011/02/28/6 | mailing-list, x_refsource_MLIST | |
| http://marc.info/?l=full-disclosure&m=129891323028897&w=2 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110228 Re: CVE request: FreeBSD/OS X crontab information leakage",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/14"
},
{
"name": "46604",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46604"
},
{
"name": "8117",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8117"
},
{
"name": "20110228 FreeBSD crontab information leakage",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516716/100/0/threaded"
},
{
"name": "freebsd-statcalls-info-disc(65900)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65900"
},
{
"name": "[oss-security] 20110228 CVE request: FreeBSD/OS X crontab information leakage",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/6"
},
{
"name": "20110228 FreeBSD crontab information leakage",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=129891323028897\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "crontab.c in crontab in FreeBSD allows local users to determine the existence of arbitrary directories via a command-line argument composed of a directory name concatenated with a directory traversal sequence that leads to the /etc/crontab pathname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110228 Re: CVE request: FreeBSD/OS X crontab information leakage",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/14"
},
{
"name": "46604",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46604"
},
{
"name": "8117",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8117"
},
{
"name": "20110228 FreeBSD crontab information leakage",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516716/100/0/threaded"
},
{
"name": "freebsd-statcalls-info-disc(65900)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65900"
},
{
"name": "[oss-security] 20110228 CVE request: FreeBSD/OS X crontab information leakage",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/28/6"
},
{
"name": "20110228 FreeBSD crontab information leakage",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=129891323028897\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "crontab.c in crontab in FreeBSD allows local users to determine the existence of arbitrary directories via a command-line argument composed of a directory name concatenated with a directory traversal sequence that leads to the /etc/crontab pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110228 Re: CVE request: FreeBSD/OS X crontab information leakage",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/28/14"
},
{
"name": "46604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46604"
},
{
"name": "8117",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8117"
},
{
"name": "20110228 FreeBSD crontab information leakage",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516716/100/0/threaded"
},
{
"name": "freebsd-statcalls-info-disc(65900)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65900"
},
{
"name": "[oss-security] 20110228 CVE request: FreeBSD/OS X crontab information leakage",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/28/6"
},
{
"name": "20110228 FreeBSD crontab information leakage",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=129891323028897\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1074",
"datePublished": "2011-03-04T22:00:00",
"dateReserved": "2011-02-24T00:00:00",
"dateUpdated": "2024-08-06T22:14:27.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0310 (GCVE-0-2017-0310)
Vulnerability from cvelistv5
Published
2017-02-15 23:00
Modified
2024-08-05 13:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service
Summary
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper access controls allowing unprivileged user to cause a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://nvidia.custhelp.com/app/answers/detail/a_id/4398 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nvidia Corporation | GPU Display Driver |
Version: All |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:03:56.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GPU Display Driver",
"vendor": "Nvidia Corporation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2017-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper access controls allowing unprivileged user to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-15T22:57:01",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2017-0310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPU Display Driver",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper access controls allowing unprivileged user to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2017-0310",
"datePublished": "2017-02-15T23:00:00",
"dateReserved": "2016-11-23T00:00:00",
"dateUpdated": "2024-08-05T13:03:56.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0226 (GCVE-0-2006-0226)
Vulnerability from cvelistv5
Published
2006-01-19 01:00
Modified
2024-08-07 16:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or (2) probe response frames.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1015518 | vdb-entry, x_refsource_SECTRACK | |
| http://kernelwars.blogspot.com/2007/01/alive.html | x_refsource_MISC | |
| http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Eriksson | x_refsource_MISC | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:05.80211.asc | vendor-advisory, x_refsource_FREEBSD | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24192 | vdb-entry, x_refsource_XF | |
| http://www.signedness.org/advisories/sps-0x1.txt | x_refsource_MISC | |
| http://www.osvdb.org/22537 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/16296 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/18353 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:34.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015518",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015518"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kernelwars.blogspot.com/2007/01/alive.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Eriksson"
},
{
"name": "FreeBSD-SA-06:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:05.80211.asc"
},
{
"name": "bsd-ieee80211-bo(24192)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24192"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.signedness.org/advisories/sps-0x1.txt"
},
{
"name": "22537",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22537"
},
{
"name": "16296",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16296"
},
{
"name": "18353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18353"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or (2) probe response frames."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "1015518",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015518"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kernelwars.blogspot.com/2007/01/alive.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Eriksson"
},
{
"name": "FreeBSD-SA-06:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:05.80211.asc"
},
{
"name": "bsd-ieee80211-bo(24192)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24192"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.signedness.org/advisories/sps-0x1.txt"
},
{
"name": "22537",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22537"
},
{
"name": "16296",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16296"
},
{
"name": "18353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18353"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2006-0226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or (2) probe response frames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015518",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015518"
},
{
"name": "http://kernelwars.blogspot.com/2007/01/alive.html",
"refsource": "MISC",
"url": "http://kernelwars.blogspot.com/2007/01/alive.html"
},
{
"name": "http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Eriksson",
"refsource": "MISC",
"url": "http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Eriksson"
},
{
"name": "FreeBSD-SA-06:05",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:05.80211.asc"
},
{
"name": "bsd-ieee80211-bo(24192)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24192"
},
{
"name": "http://www.signedness.org/advisories/sps-0x1.txt",
"refsource": "MISC",
"url": "http://www.signedness.org/advisories/sps-0x1.txt"
},
{
"name": "22537",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22537"
},
{
"name": "16296",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16296"
},
{
"name": "18353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18353"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2006-0226",
"datePublished": "2006-01-19T01:00:00",
"dateReserved": "2006-01-17T00:00:00",
"dateUpdated": "2024-08-07T16:25:34.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3956 (GCVE-0-2014-3956)
Vulnerability from cvelistv5
Published
2014-06-04 10:00
Modified
2024-08-06 10:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05216368"
},
{
"name": "58628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58628"
},
{
"name": "FreeBSD-SA-14:11",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A11.sendmail.asc"
},
{
"name": "MDVSA-2015:128",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:128"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/126975/Slackware-Security-Advisory-sendmail-Updates.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.sendmail.org/pub/sendmail/RELEASE_NOTES"
},
{
"name": "GLSA-201412-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-32.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sendmail.com/sm/open_source/download/8.14.9/"
},
{
"name": "openSUSE-SU-2014:0804",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00032.html"
},
{
"name": "MDVSA-2014:147",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:147"
},
{
"name": "FEDORA-2014-7093",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134349.html"
},
{
"name": "openSUSE-SU-2014:0805",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00033.html"
},
{
"name": "57455",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57455"
},
{
"name": "67791",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67791"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0270.html"
},
{
"name": "SSA:2014-156-04",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2014\u0026m=slackware-security.728644"
},
{
"name": "1030331",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030331"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05216368"
},
{
"name": "58628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58628"
},
{
"name": "FreeBSD-SA-14:11",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A11.sendmail.asc"
},
{
"name": "MDVSA-2015:128",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:128"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/126975/Slackware-Security-Advisory-sendmail-Updates.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.sendmail.org/pub/sendmail/RELEASE_NOTES"
},
{
"name": "GLSA-201412-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-32.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sendmail.com/sm/open_source/download/8.14.9/"
},
{
"name": "openSUSE-SU-2014:0804",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00032.html"
},
{
"name": "MDVSA-2014:147",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:147"
},
{
"name": "FEDORA-2014-7093",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134349.html"
},
{
"name": "openSUSE-SU-2014:0805",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00033.html"
},
{
"name": "57455",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57455"
},
{
"name": "67791",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67791"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0270.html"
},
{
"name": "SSA:2014-156-04",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2014\u0026m=slackware-security.728644"
},
{
"name": "1030331",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030331"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05216368",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05216368"
},
{
"name": "58628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58628"
},
{
"name": "FreeBSD-SA-14:11",
"refsource": "FREEBSD",
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A11.sendmail.asc"
},
{
"name": "MDVSA-2015:128",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:128"
},
{
"name": "http://packetstormsecurity.com/files/126975/Slackware-Security-Advisory-sendmail-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126975/Slackware-Security-Advisory-sendmail-Updates.html"
},
{
"name": "ftp://ftp.sendmail.org/pub/sendmail/RELEASE_NOTES",
"refsource": "CONFIRM",
"url": "ftp://ftp.sendmail.org/pub/sendmail/RELEASE_NOTES"
},
{
"name": "GLSA-201412-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201412-32.xml"
},
{
"name": "http://www.sendmail.com/sm/open_source/download/8.14.9/",
"refsource": "CONFIRM",
"url": "http://www.sendmail.com/sm/open_source/download/8.14.9/"
},
{
"name": "openSUSE-SU-2014:0804",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00032.html"
},
{
"name": "MDVSA-2014:147",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:147"
},
{
"name": "FEDORA-2014-7093",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134349.html"
},
{
"name": "openSUSE-SU-2014:0805",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00033.html"
},
{
"name": "57455",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57455"
},
{
"name": "67791",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67791"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0270.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0270.html"
},
{
"name": "SSA:2014-156-04",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2014\u0026m=slackware-security.728644"
},
{
"name": "1030331",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030331"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3956",
"datePublished": "2014-06-04T10:00:00",
"dateReserved": "2014-06-03T00:00:00",
"dateUpdated": "2024-08-06T10:57:18.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9499 (GCVE-0-2019-9499)
Vulnerability from cvelistv5
Published
2019-04-17 13:31
Modified
2024-08-04 21:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-346 - Origin Validation Error
Summary
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Wi-Fi Alliance | hostapd with EAP-pwd support |
Version: 2.7 < |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://w1.fi/security/2019-4/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
},
{
"name": "FEDORA-2019-d03bae77f5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
},
{
"name": "FEDORA-2019-f409af9fbe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
},
{
"name": "FEDORA-2019-eba1109acd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
},
{
"name": "FreeBSD-SA-19:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
},
{
"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/40"
},
{
"name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
},
{
"name": "openSUSE-SU-2020:0222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "hostapd with EAP-pwd support",
"vendor": "Wi-Fi Alliance",
"versions": [
{
"lessThanOrEqual": "2.7",
"status": "affected",
"version": "2.7",
"versionType": "custom"
}
]
},
{
"product": "wpa_supplicant with EAP-pwd support",
"vendor": "Wi-Fi Alliance",
"versions": [
{
"lessThanOrEqual": "2.7",
"status": "affected",
"version": "2.7",
"versionType": "custom"
}
]
},
{
"product": "hostapd with SAE support",
"vendor": "Wi-Fi Alliance",
"versions": [
{
"lessThanOrEqual": "2.4",
"status": "affected",
"version": "2.4",
"versionType": "custom"
}
]
},
{
"product": "wpa_supplicant with SAE support",
"vendor": "Wi-Fi Alliance",
"versions": [
{
"lessThanOrEqual": "2.4",
"status": "affected",
"version": "2.4",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-16T00:06:08",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://w1.fi/security/2019-4/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
},
{
"name": "FEDORA-2019-d03bae77f5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
},
{
"name": "FEDORA-2019-f409af9fbe",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
},
{
"name": "FEDORA-2019-eba1109acd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
},
{
"name": "FreeBSD-SA-19:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
},
{
"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/40"
},
{
"name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
},
{
"name": "openSUSE-SU-2020:0222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The implementations of EAP-PWD in wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Dragonblood",
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9499",
"STATE": "PUBLIC",
"TITLE": "The implementations of EAP-PWD in wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "hostapd with EAP-pwd support",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.7",
"version_value": "2.7"
}
]
}
},
{
"product_name": "wpa_supplicant with EAP-pwd support",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.7",
"version_value": "2.7"
}
]
}
},
{
"product_name": "hostapd with SAE support",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.4",
"version_value": "2.4"
}
]
}
},
{
"product_name": "wpa_supplicant with SAE support",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.4",
"version_value": "2.4"
}
]
}
}
]
},
"vendor_name": "Wi-Fi Alliance"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-346 Origin Validation Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://w1.fi/security/2019-4/",
"refsource": "CONFIRM",
"url": "https://w1.fi/security/2019-4/"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_19_16",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_16"
},
{
"name": "FEDORA-2019-d03bae77f5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
},
{
"name": "FEDORA-2019-f409af9fbe",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
},
{
"name": "FEDORA-2019-eba1109acd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
},
{
"name": "FreeBSD-SA-19:03",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
},
{
"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/40"
},
{
"name": "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
},
{
"name": "openSUSE-SU-2020:0222",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9499",
"datePublished": "2019-04-17T13:31:08",
"dateReserved": "2019-03-01T00:00:00",
"dateUpdated": "2024-08-04T21:54:44.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0229 (GCVE-0-2007-0229)
Vulnerability from cvelistv5
Published
2007-01-13 02:00
Modified
2024-08-07 12:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:17.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://projects.info-pull.com/moab/MOAB-10-01-2007.html"
},
{
"name": "TA07-072A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name": "32684",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32684"
},
{
"name": "[freebsd-security] 20070114 MOAB advisories",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html"
},
{
"name": "ADV-2007-0141",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0141"
},
{
"name": "APPLE-SA-2007-03-13",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name": "1017751",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017751"
},
{
"name": "21993",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21993"
},
{
"name": "macos-ffsmountfs-bo(31409)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31409"
},
{
"name": "23703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23703"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://applefun.blogspot.com/2007/01/moab-10-01-2007-apple-dmg-ufs.html"
},
{
"name": "ADV-2007-0930",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name": "24479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24479"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes \"allocation of a negative size buffer\" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://projects.info-pull.com/moab/MOAB-10-01-2007.html"
},
{
"name": "TA07-072A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name": "32684",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32684"
},
{
"name": "[freebsd-security] 20070114 MOAB advisories",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html"
},
{
"name": "ADV-2007-0141",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0141"
},
{
"name": "APPLE-SA-2007-03-13",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name": "1017751",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017751"
},
{
"name": "21993",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21993"
},
{
"name": "macos-ffsmountfs-bo(31409)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31409"
},
{
"name": "23703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23703"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://applefun.blogspot.com/2007/01/moab-10-01-2007-apple-dmg-ufs.html"
},
{
"name": "ADV-2007-0930",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name": "24479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24479"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes \"allocation of a negative size buffer\" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://projects.info-pull.com/moab/MOAB-10-01-2007.html",
"refsource": "MISC",
"url": "http://projects.info-pull.com/moab/MOAB-10-01-2007.html"
},
{
"name": "TA07-072A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name": "32684",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32684"
},
{
"name": "[freebsd-security] 20070114 MOAB advisories",
"refsource": "MLIST",
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html"
},
{
"name": "ADV-2007-0141",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0141"
},
{
"name": "APPLE-SA-2007-03-13",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305214",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name": "1017751",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017751"
},
{
"name": "21993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21993"
},
{
"name": "macos-ffsmountfs-bo(31409)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31409"
},
{
"name": "23703",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23703"
},
{
"name": "http://applefun.blogspot.com/2007/01/moab-10-01-2007-apple-dmg-ufs.html",
"refsource": "MISC",
"url": "http://applefun.blogspot.com/2007/01/moab-10-01-2007-apple-dmg-ufs.html"
},
{
"name": "ADV-2007-0930",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name": "24479",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24479"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0229",
"datePublished": "2007-01-13T02:00:00",
"dateReserved": "2007-01-12T00:00:00",
"dateUpdated": "2024-08-07T12:12:17.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0370 (GCVE-0-2004-0370)
Vulnerability from cvelistv5
Published
2004-04-06 04:00
Modified
2024-08-08 00:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The setsockopt call in the KAME Project IPv6 implementation, as used in FreeBSD 5.2, does not properly handle certain IPv6 socket options, which could allow attackers to read kernel memory and cause a system panic.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/11233 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15662 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/9992 | vdb-entry, x_refsource_BID | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:06.ipv6.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11233"
},
{
"name": "freebsd-ipv6-dos(15662)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15662"
},
{
"name": "9992",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9992"
},
{
"name": "FreeBSD-SA-04:06",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:06.ipv6.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The setsockopt call in the KAME Project IPv6 implementation, as used in FreeBSD 5.2, does not properly handle certain IPv6 socket options, which could allow attackers to read kernel memory and cause a system panic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11233"
},
{
"name": "freebsd-ipv6-dos(15662)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15662"
},
{
"name": "9992",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9992"
},
{
"name": "FreeBSD-SA-04:06",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:06.ipv6.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The setsockopt call in the KAME Project IPv6 implementation, as used in FreeBSD 5.2, does not properly handle certain IPv6 socket options, which could allow attackers to read kernel memory and cause a system panic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11233"
},
{
"name": "freebsd-ipv6-dos(15662)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15662"
},
{
"name": "9992",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9992"
},
{
"name": "FreeBSD-SA-04:06",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:06.ipv6.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0370",
"datePublished": "2004-04-06T04:00:00",
"dateReserved": "2004-03-24T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1314 (GCVE-0-1999-1314)
Vulnerability from cvelistv5
Published
2001-09-12 04:00
Modified
2024-08-01 17:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Vulnerability in union file system in FreeBSD 2.2 and earlier, and possibly other operating systems, allows local users to cause a denial of service (system reload) via a series of certain mount_union commands.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:10.mount_union.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.iss.net/security_center/static/7429.php | vdb-entry, x_refsource_XF | |
| http://ciac.llnl.gov/ciac/bulletins/g-24.shtml | third-party-advisory, government-resource, x_refsource_CIAC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:11:02.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-96:10",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:10.mount_union.asc"
},
{
"name": "unionfs-mount-ordering(7429)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7429.php"
},
{
"name": "G-24",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://ciac.llnl.gov/ciac/bulletins/g-24.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1996-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in union file system in FreeBSD 2.2 and earlier, and possibly other operating systems, allows local users to cause a denial of service (system reload) via a series of certain mount_union commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-96:10",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:10.mount_union.asc"
},
{
"name": "unionfs-mount-ordering(7429)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7429.php"
},
{
"name": "G-24",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://ciac.llnl.gov/ciac/bulletins/g-24.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in union file system in FreeBSD 2.2 and earlier, and possibly other operating systems, allows local users to cause a denial of service (system reload) via a series of certain mount_union commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-96:10",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:10.mount_union.asc"
},
{
"name": "unionfs-mount-ordering(7429)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7429.php"
},
{
"name": "G-24",
"refsource": "CIAC",
"url": "http://ciac.llnl.gov/ciac/bulletins/g-24.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1314",
"datePublished": "2001-09-12T04:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:11:02.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8475 (GCVE-0-2014-8475)
Vulnerability from cvelistv5
Published
2014-11-18 15:00
Modified
2024-08-06 13:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and prevention of new connections) by ending multiple connections before authentication is completed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A24.sshd.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://packetstormsecurity.com/files/128972/FreeBSD-Security-Advisory-sshd-Denial-Of-Service.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98491 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/61440 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/70913 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1031168 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:48.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-14:24",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A24.sshd.asc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128972/FreeBSD-Security-Advisory-sshd-Denial-Of-Service.html"
},
{
"name": "freebsd-cve20148475-dos(98491)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98491"
},
{
"name": "61440",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61440"
},
{
"name": "70913",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70913"
},
{
"name": "1031168",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031168"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and prevention of new connections) by ending multiple connections before authentication is completed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-14:24",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A24.sshd.asc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128972/FreeBSD-Security-Advisory-sshd-Denial-Of-Service.html"
},
{
"name": "freebsd-cve20148475-dos(98491)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98491"
},
{
"name": "61440",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61440"
},
{
"name": "70913",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70913"
},
{
"name": "1031168",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031168"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and prevention of new connections) by ending multiple connections before authentication is completed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-14:24",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A24.sshd.asc"
},
{
"name": "http://packetstormsecurity.com/files/128972/FreeBSD-Security-Advisory-sshd-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128972/FreeBSD-Security-Advisory-sshd-Denial-Of-Service.html"
},
{
"name": "freebsd-cve20148475-dos(98491)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98491"
},
{
"name": "61440",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61440"
},
{
"name": "70913",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70913"
},
{
"name": "1031168",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031168"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8475",
"datePublished": "2014-11-18T15:00:00",
"dateReserved": "2014-10-24T00:00:00",
"dateUpdated": "2024-08-06T13:18:48.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0054 (GCVE-0-2006-0054)
Vulnerability from cvelistv5
Published
2006-01-11 21:00
Modified
2025-01-16 19:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragments that match a reset, reject or unreach action, which leads to an access of an uninitialized pointer.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/22319 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/16209 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/18378 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24073 | vdb-entry, x_refsource_XF | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:04.ipfw.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://securitytracker.com/id?1015477 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22319",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22319"
},
{
"name": "16209",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16209"
},
{
"name": "18378",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18378"
},
{
"name": "ipfw-icmp-fragment-dos(24073)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24073"
},
{
"name": "FreeBSD-SA-06:04",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:04.ipfw.asc"
},
{
"name": "1015477",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015477"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2006-0054",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-14T16:15:16.514845Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T19:53:05.979Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragments that match a reset, reject or unreach action, which leads to an access of an uninitialized pointer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "22319",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22319"
},
{
"name": "16209",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16209"
},
{
"name": "18378",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18378"
},
{
"name": "ipfw-icmp-fragment-dos(24073)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24073"
},
{
"name": "FreeBSD-SA-06:04",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:04.ipfw.asc"
},
{
"name": "1015477",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015477"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2006-0054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragments that match a reset, reject or unreach action, which leads to an access of an uninitialized pointer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22319",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22319"
},
{
"name": "16209",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16209"
},
{
"name": "18378",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18378"
},
{
"name": "ipfw-icmp-fragment-dos(24073)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24073"
},
{
"name": "FreeBSD-SA-06:04",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:04.ipfw.asc"
},
{
"name": "1015477",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015477"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2006-0054",
"datePublished": "2006-01-11T21:00:00",
"dateReserved": "2005-12-30T00:00:00",
"dateUpdated": "2025-01-16T19:53:05.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4578 (GCVE-0-2012-4578)
Vulnerability from cvelistv5
Published
2012-08-21 19:00
Modified
2024-08-06 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The geli encryption provider 7 before r239184 on FreeBSD 10 uses a weak Master Key, which makes it easier for local users to defeat a cryptographic protection mechanism via a brute-force attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78057 | vdb-entry, x_refsource_XF | |
| http://lists.freebsd.org/pipermail/freebsd-security/2012-August/006541.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:54.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "freebsd-geli-weak-security(78057)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78057"
},
{
"name": "[freebsd-security] 20120820 [HEADSUP] geli(4) weak master key generation on -CURRENT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2012-August/006541.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The geli encryption provider 7 before r239184 on FreeBSD 10 uses a weak Master Key, which makes it easier for local users to defeat a cryptographic protection mechanism via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "freebsd-geli-weak-security(78057)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78057"
},
{
"name": "[freebsd-security] 20120820 [HEADSUP] geli(4) weak master key generation on -CURRENT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2012-August/006541.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The geli encryption provider 7 before r239184 on FreeBSD 10 uses a weak Master Key, which makes it easier for local users to defeat a cryptographic protection mechanism via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "freebsd-geli-weak-security(78057)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78057"
},
{
"name": "[freebsd-security] 20120820 [HEADSUP] geli(4) weak master key generation on -CURRENT",
"refsource": "MLIST",
"url": "http://lists.freebsd.org/pipermail/freebsd-security/2012-August/006541.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4578",
"datePublished": "2012-08-21T19:00:00",
"dateReserved": "2012-08-21T00:00:00",
"dateUpdated": "2024-08-06T20:42:54.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1719 (GCVE-0-2007-1719)
Vulnerability from cvelistv5
Published
2007-03-28 00:00
Modified
2024-08-07 13:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD, and possibly other versions, allows local users to execute arbitrary code via a long command line argument, possibly involving the device name.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/3578 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.vupen.com/english/advisories/2007/1125 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33212 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/24641 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3578",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3578"
},
{
"name": "ADV-2007-1125",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1125"
},
{
"name": "bsd-mcweject-bo(33212)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33212"
},
{
"name": "24641",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24641"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD, and possibly other versions, allows local users to execute arbitrary code via a long command line argument, possibly involving the device name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3578",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3578"
},
{
"name": "ADV-2007-1125",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1125"
},
{
"name": "bsd-mcweject-bo(33212)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33212"
},
{
"name": "24641",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24641"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD, and possibly other versions, allows local users to execute arbitrary code via a long command line argument, possibly involving the device name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3578",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3578"
},
{
"name": "ADV-2007-1125",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1125"
},
{
"name": "bsd-mcweject-bo(33212)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33212"
},
{
"name": "24641",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24641"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1719",
"datePublished": "2007-03-28T00:00:00",
"dateReserved": "2007-03-27T00:00:00",
"dateUpdated": "2024-08-07T13:06:26.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0046 (GCVE-0-1999-0046)
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow of rlogin program using TERM environmental variable.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0046 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:27:57.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow of rlogin program using TERM environmental variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T06:31:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0046"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow of rlogin program using TERM environmental variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0046",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0046"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0046",
"datePublished": "1999-09-29T04:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:27:57.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29630 (GCVE-0-2021-29630)
Vulnerability from cvelistv5
Published
2021-08-30 18:01
Modified
2024-08-03 22:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Copy without Checking Size of Input
Summary
In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, the ggatec daemon does not validate the size of a response before writing it to a fixed-sized buffer allowing a malicious attacker in a privileged network position to overwrite the stack of ggatec and potentially execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-21:14.ggatec.asc | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210923-0005/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:06.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:14.ggatec.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210923-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FreeBSD 13.0-RELEASE before p4, 12.2-RELEASE before p10, 11.4-RELEASE before p13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, the ggatec daemon does not validate the size of a response before writing it to a fixed-sized buffer allowing a malicious attacker in a privileged network position to overwrite the stack of ggatec and potentially execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Copy without Checking Size of Input",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T12:06:58",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:14.ggatec.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210923-0005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2021-29630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 13.0-RELEASE before p4, 12.2-RELEASE before p10, 11.4-RELEASE before p13"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, the ggatec daemon does not validate the size of a response before writing it to a fixed-sized buffer allowing a malicious attacker in a privileged network position to overwrite the stack of ggatec and potentially execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy without Checking Size of Input"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:14.ggatec.asc",
"refsource": "MISC",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:14.ggatec.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210923-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210923-0005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2021-29630",
"datePublished": "2021-08-30T18:01:08",
"dateReserved": "2021-03-30T00:00:00",
"dateUpdated": "2024-08-03T22:11:06.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4502 (GCVE-0-2009-4502)
Vulnerability from cvelistv5
Published
2009-12-31 18:00
Modified
2024-09-17 00:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/508439 | mailing-list, x_refsource_BUGTRAQ | |
| https://support.zabbix.com/browse/ZBX-1032 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/37740 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2009/3514 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:37.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20091213 Zabbix Agent : Bypass of EnableRemoteCommands=0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508439"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.zabbix.com/browse/ZBX-1032"
},
{
"name": "37740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37740"
},
{
"name": "ADV-2009-3514",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-31T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20091213 Zabbix Agent : Bypass of EnableRemoteCommands=0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508439"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.zabbix.com/browse/ZBX-1032"
},
{
"name": "37740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37740"
},
{
"name": "ADV-2009-3514",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3514"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20091213 Zabbix Agent : Bypass of EnableRemoteCommands=0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508439"
},
{
"name": "https://support.zabbix.com/browse/ZBX-1032",
"refsource": "CONFIRM",
"url": "https://support.zabbix.com/browse/ZBX-1032"
},
{
"name": "37740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37740"
},
{
"name": "ADV-2009-3514",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3514"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4502",
"datePublished": "2009-12-31T18:00:00Z",
"dateReserved": "2009-12-30T00:00:00Z",
"dateUpdated": "2024-09-17T00:05:31.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7973 (GCVE-0-2015-7973)
Vulnerability from cvelistv5
Published
2017-01-30 21:00
Modified
2024-08-06 08:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2935"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "81963",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/81963"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU-2016:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-15T20:40:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2935"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "81963",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/81963"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU-2016:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"name": "SUSE-SU-2016:1912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2935",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2935"
},
{
"name": "1034782",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171031-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "SUSE-SU-2016:1311",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "81963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/81963"
},
{
"name": "SUSE-SU-2016:2094",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU-2016:1175",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "FreeBSD-SA-16:09",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa113",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7973",
"datePublished": "2017-01-30T21:00:00",
"dateReserved": "2015-10-23T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0704 (GCVE-0-1999-0704)
Vulnerability from cvelistv5
Published
2000-01-04 05:00
Modified
2024-08-01 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/614 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:48:37.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "614",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/614"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "614",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/614"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/614"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0704",
"datePublished": "2000-01-04T05:00:00",
"dateReserved": "1999-11-25T00:00:00",
"dateUpdated": "2024-08-01T16:48:37.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1399 (GCVE-0-2005-1399)
Vulnerability from cvelistv5
Published
2005-05-06 04:00
Modified
2024-09-17 02:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:06.iir.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-05:06",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:06.iir.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-05-06T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-05:06",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:06.iir.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-05:06",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:06.iir.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1399",
"datePublished": "2005-05-06T04:00:00Z",
"dateReserved": "2005-05-03T00:00:00Z",
"dateUpdated": "2024-09-17T02:21:56.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0641 (GCVE-0-2009-0641)
Vulnerability from cvelistv5
Published
2009-02-18 17:00
Modified
2024-08-07 04:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc | vendor-advisory, x_refsource_FREEBSD | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48780 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/33777 | vdb-entry, x_refsource_BID | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2009-February/067954.html | mailing-list, x_refsource_FULLDISC | |
| https://www.exploit-db.com/exploits/8055 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-09:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc"
},
{
"name": "freebsd-telnet-ldpreload-code-execution(48780)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48780"
},
{
"name": "33777",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33777"
},
{
"name": "20090214 FreeBSD zeroday",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2009-February/067954.html"
},
{
"name": "8055",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8055"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-09:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc"
},
{
"name": "freebsd-telnet-ldpreload-code-execution(48780)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48780"
},
{
"name": "33777",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33777"
},
{
"name": "20090214 FreeBSD zeroday",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2009-February/067954.html"
},
{
"name": "8055",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8055"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-09:05",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc"
},
{
"name": "freebsd-telnet-ldpreload-code-execution(48780)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48780"
},
{
"name": "33777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33777"
},
{
"name": "20090214 FreeBSD zeroday",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2009-February/067954.html"
},
{
"name": "8055",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8055"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0641",
"datePublished": "2009-02-18T17:00:00",
"dateReserved": "2009-02-18T00:00:00",
"dateUpdated": "2024-08-07T04:40:05.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51564 (GCVE-0-2024-51564)
Vulnerability from cvelistv5
Published
2024-11-12 14:51
Modified
2024-11-20 17:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input
Summary
A guest can trigger an infinite loop in the hda audio driver.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:freebsd:freebsd:13.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freebsd",
"vendor": "freebsd",
"versions": [
{
"lessThan": "13.3_p8",
"status": "affected",
"version": "13.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:freebsd:freebsd:13.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freebsd",
"vendor": "freebsd",
"versions": [
{
"lessThan": "13.4_p2",
"status": "affected",
"version": "13.4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:freebsd:freebsd:14.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freebsd",
"vendor": "freebsd",
"versions": [
{
"lessThan": "14.1_p6",
"status": "affected",
"version": "14.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-51564",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T17:13:07.789111Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T17:13:11.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"bhyve"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p6",
"status": "affected",
"version": "14.1-RELEASE",
"versionType": "release"
},
{
"lessThan": "p2",
"status": "affected",
"version": "13.4-RELEASE",
"versionType": "release"
},
{
"lessThan": "p8",
"status": "affected",
"version": "13.3-RELEASE",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Synacktiv"
},
{
"lang": "en",
"type": "sponsor",
"value": "The FreeBSD Foundation"
},
{
"lang": "en",
"type": "sponsor",
"value": "The Alpha-Omega Project"
}
],
"datePublic": "2024-10-29T21:32:53.000Z",
"descriptions": [
{
"lang": "en",
"value": "A guest can trigger an infinite loop in the hda audio driver."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1285",
"description": "CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T14:51:51.757Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc"
}
],
"title": "bhyve(8) infinite loop in the hda audio driver"
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2024-51564",
"datePublished": "2024-11-12T14:51:51.757Z",
"dateReserved": "2024-10-29T17:16:43.254Z",
"dateUpdated": "2024-11-20T17:13:11.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1669 (GCVE-0-2002-1669)
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 03:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/3819 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7852 | vdb-entry, x_refsource_XF | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:01.pkg_add.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:34:55.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3819",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3819"
},
{
"name": "freebsd-pkgadd-insecure-directory(7852)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7852"
},
{
"name": "FreeBSD-SA-02:01",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:01.pkg_add.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3819",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3819"
},
{
"name": "freebsd-pkgadd-insecure-directory(7852)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7852"
},
{
"name": "FreeBSD-SA-02:01",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:01.pkg_add.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3819",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3819"
},
{
"name": "freebsd-pkgadd-insecure-directory(7852)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7852"
},
{
"name": "FreeBSD-SA-02:01",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:01.pkg_add.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1669",
"datePublished": "2005-06-21T04:00:00",
"dateReserved": "2005-06-21T00:00:00",
"dateUpdated": "2024-08-08T03:34:55.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4247 (GCVE-0-2008-4247)
Vulnerability from cvelistv5
Published
2008-09-25 19:00
Modified
2024-08-07 10:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:34.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1021112",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021112"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y.diff?r1=1.51\u0026r2=1.52\u0026f=h"
},
{
"name": "1020946",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020946"
},
{
"name": "20080926 multiple vendor ftpd - Cross-site request forgery",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/56"
},
{
"name": "33341",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33341"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3115"
},
{
"name": "NetBSD-SA2008-014",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-014.txt.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y"
},
{
"name": "32068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32068"
},
{
"name": "FreeBSD-SA-08:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:12.ftpd.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "32070",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32070"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c.diff?r1=1.183\u0026r2=1.184\u0026f=h"
},
{
"name": "4313",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4313"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-10-07T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1021112",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021112"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y.diff?r1=1.51\u0026r2=1.52\u0026f=h"
},
{
"name": "1020946",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020946"
},
{
"name": "20080926 multiple vendor ftpd - Cross-site request forgery",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/56"
},
{
"name": "33341",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33341"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3115"
},
{
"name": "NetBSD-SA2008-014",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-014.txt.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y"
},
{
"name": "32068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32068"
},
{
"name": "FreeBSD-SA-08:12",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:12.ftpd.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "32070",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32070"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c.diff?r1=1.183\u0026r2=1.184\u0026f=h"
},
{
"name": "4313",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4313"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1021112",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021112"
},
{
"name": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y.diff?r1=1.51\u0026r2=1.52\u0026f=h",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y.diff?r1=1.51\u0026r2=1.52\u0026f=h"
},
{
"name": "1020946",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020946"
},
{
"name": "20080926 multiple vendor ftpd - Cross-site request forgery",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/56"
},
{
"name": "33341",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33341"
},
{
"name": "http://bugs.proftpd.org/show_bug.cgi?id=3115",
"refsource": "MISC",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3115"
},
{
"name": "NetBSD-SA2008-014",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-014.txt.asc"
},
{
"name": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y"
},
{
"name": "32068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32068"
},
{
"name": "FreeBSD-SA-08:12",
"refsource": "FREEBSD",
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:12.ftpd.asc"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "32070",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32070"
},
{
"name": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c.diff?r1=1.183\u0026r2=1.184\u0026f=h",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c.diff?r1=1.183\u0026r2=1.184\u0026f=h"
},
{
"name": "4313",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4313"
},
{
"name": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4247",
"datePublished": "2008-09-25T19:00:00",
"dateReserved": "2008-09-25T00:00:00",
"dateUpdated": "2024-08-07T10:08:34.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4609 (GCVE-0-2008-4609)
Vulnerability from cvelistv5
Published
2008-10-20 17:00
Modified
2024-08-07 10:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.robertlee.name/2008/10/conjecture-speculation.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html"
},
{
"name": "HPSBMI02473",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125856010926699\u0026w=2"
},
{
"name": "[dailydave] 20081002 TCP Resource Exhaustion DoS Attack Speculation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://insecure.org/stf/tcp-dos-attack-explained.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.outpost24.com/news/news-2008-10-02.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf"
},
{
"name": "20090908 TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml"
},
{
"name": "TA09-251A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name": "20081017 Cisco Response to Outpost24 TCP State Table Manipulation Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html"
},
{
"name": "MS09-048",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked"
},
{
"name": "oval:org.mitre.oval:def:6340",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6340"
},
{
"name": "MDVSA-2013:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "SSRT080138",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125856010926699\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.robertlee.name/2008/10/conjecture-speculation.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html"
},
{
"name": "HPSBMI02473",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125856010926699\u0026w=2"
},
{
"name": "[dailydave] 20081002 TCP Resource Exhaustion DoS Attack Speculation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://insecure.org/stf/tcp-dos-attack-explained.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.outpost24.com/news/news-2008-10-02.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf"
},
{
"name": "20090908 TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml"
},
{
"name": "TA09-251A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name": "20081017 Cisco Response to Outpost24 TCP State Table Manipulation Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html"
},
{
"name": "MS09-048",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked"
},
{
"name": "oval:org.mitre.oval:def:6340",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6340"
},
{
"name": "MDVSA-2013:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "SSRT080138",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125856010926699\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.robertlee.name/2008/10/conjecture-speculation.html",
"refsource": "MISC",
"url": "http://blog.robertlee.name/2008/10/conjecture-speculation.html"
},
{
"name": "https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html",
"refsource": "MISC",
"url": "https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html"
},
{
"name": "HPSBMI02473",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=125856010926699\u0026w=2"
},
{
"name": "[dailydave] 20081002 TCP Resource Exhaustion DoS Attack Speculation",
"refsource": "MLIST",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html"
},
{
"name": "http://insecure.org/stf/tcp-dos-attack-explained.html",
"refsource": "MISC",
"url": "http://insecure.org/stf/tcp-dos-attack-explained.html"
},
{
"name": "http://www.outpost24.com/news/news-2008-10-02.html",
"refsource": "MISC",
"url": "http://www.outpost24.com/news/news-2008-10-02.html"
},
{
"name": "http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf",
"refsource": "MISC",
"url": "http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf"
},
{
"name": "20090908 TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml"
},
{
"name": "TA09-251A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name": "20081017 Cisco Response to Outpost24 TCP State Table Manipulation Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html"
},
{
"name": "MS09-048",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048"
},
{
"name": "http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked",
"refsource": "MISC",
"url": "http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked"
},
{
"name": "oval:org.mitre.oval:def:6340",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6340"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "SSRT080138",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=125856010926699\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4609",
"datePublished": "2008-10-20T17:00:00",
"dateReserved": "2008-10-20T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4854 (GCVE-0-2013-4854)
Vulnerability from cvelistv5
Published
2013-07-26 23:00
Modified
2024-08-06 16:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:39.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2013-13863",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html"
},
{
"name": "HPSBUX02926",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-01015"
},
{
"name": "APPLE-SA-2014-10-16-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
},
{
"name": "54134",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54134"
},
{
"name": "MDVSA-2013:202",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:202"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-1244"
},
{
"name": "54185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54185"
},
{
"name": "FreeBSD-SA-13:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-01016"
},
{
"name": "oval:org.mitre.oval:def:19561",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10052"
},
{
"name": "FEDORA-2013-13831",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html"
},
{
"name": "54207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54207"
},
{
"name": "openSUSE-SU-2013:1354",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT6536"
},
{
"name": "isc-bind-cve20134854-dos(86004)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86004"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-13-210/"
},
{
"name": "20130806 [slackware-security] bind (SSA:2013-218-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html"
},
{
"name": "RHSA-2013:1114",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1114.html"
},
{
"name": "61479",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61479"
},
{
"name": "54323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54323"
},
{
"name": "SUSE-SU-2013:1310",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html"
},
{
"name": "54211",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54211"
},
{
"name": "USN-1910-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1910-1"
},
{
"name": "DSA-2728",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2728"
},
{
"name": "1028838",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028838"
},
{
"name": "RHSA-2013:1115",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1115.html"
},
{
"name": "SSRT101281",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
},
{
"name": "54432",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54432"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2013-13863",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html"
},
{
"name": "HPSBUX02926",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-01015"
},
{
"name": "APPLE-SA-2014-10-16-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
},
{
"name": "54134",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54134"
},
{
"name": "MDVSA-2013:202",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:202"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-1244"
},
{
"name": "54185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54185"
},
{
"name": "FreeBSD-SA-13:07",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-01016"
},
{
"name": "oval:org.mitre.oval:def:19561",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10052"
},
{
"name": "FEDORA-2013-13831",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html"
},
{
"name": "54207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54207"
},
{
"name": "openSUSE-SU-2013:1354",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT6536"
},
{
"name": "isc-bind-cve20134854-dos(86004)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86004"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-13-210/"
},
{
"name": "20130806 [slackware-security] bind (SSA:2013-218-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html"
},
{
"name": "RHSA-2013:1114",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1114.html"
},
{
"name": "61479",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61479"
},
{
"name": "54323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54323"
},
{
"name": "SUSE-SU-2013:1310",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html"
},
{
"name": "54211",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54211"
},
{
"name": "USN-1910-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1910-1"
},
{
"name": "DSA-2728",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2728"
},
{
"name": "1028838",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028838"
},
{
"name": "RHSA-2013:1115",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1115.html"
},
{
"name": "SSRT101281",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
},
{
"name": "54432",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54432"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2013-13863",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html"
},
{
"name": "HPSBUX02926",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
},
{
"name": "https://kb.isc.org/article/AA-01015",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-01015"
},
{
"name": "APPLE-SA-2014-10-16-3",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
},
{
"name": "54134",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54134"
},
{
"name": "MDVSA-2013:202",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:202"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1244",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1244"
},
{
"name": "54185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54185"
},
{
"name": "FreeBSD-SA-13:07",
"refsource": "FREEBSD",
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc"
},
{
"name": "https://kb.isc.org/article/AA-01016",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-01016"
},
{
"name": "oval:org.mitre.oval:def:19561",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10052",
"refsource": "MISC",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10052"
},
{
"name": "FEDORA-2013-13831",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html"
},
{
"name": "54207",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54207"
},
{
"name": "openSUSE-SU-2013:1354",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html"
},
{
"name": "https://support.apple.com/kb/HT6536",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6536"
},
{
"name": "isc-bind-cve20134854-dos(86004)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86004"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-13-210/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-13-210/"
},
{
"name": "20130806 [slackware-security] bind (SSA:2013-218-01)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html"
},
{
"name": "RHSA-2013:1114",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1114.html"
},
{
"name": "61479",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61479"
},
{
"name": "54323",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54323"
},
{
"name": "SUSE-SU-2013:1310",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html"
},
{
"name": "54211",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54211"
},
{
"name": "USN-1910-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1910-1"
},
{
"name": "DSA-2728",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2728"
},
{
"name": "1028838",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028838"
},
{
"name": "RHSA-2013:1115",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1115.html"
},
{
"name": "SSRT101281",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
},
{
"name": "54432",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54432"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4854",
"datePublished": "2013-07-26T23:00:00",
"dateReserved": "2013-07-16T00:00:00",
"dateUpdated": "2024-08-06T16:59:39.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7457 (GCVE-0-2020-7457)
Vulnerability from cvelistv5
Published
2020-07-09 13:46
Modified
2024-08-04 09:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Race Condition
Summary
In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socket option set handler contained a race condition allowing a malicious application to modify memory after being freed, possibly resulting in code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-20:20.ipv6.asc | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200724-0002/ | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/158695/FreeBSD-ip6_setpktopt-Use-After-Free-Privilege-Escalation.html | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:20.ipv6.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200724-0002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158695/FreeBSD-ip6_setpktopt-Use-After-Free-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FreeBSD 12.1-RELEASE before p7, 11.4-RELEASE before p1, 11.3-RELEASE before p11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socket option set handler contained a race condition allowing a malicious application to modify memory after being freed, possibly resulting in code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Race Condition",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-31T21:06:09",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:20.ipv6.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200724-0002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158695/FreeBSD-ip6_setpktopt-Use-After-Free-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2020-7457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 12.1-RELEASE before p7, 11.4-RELEASE before p1, 11.3-RELEASE before p11"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socket option set handler contained a race condition allowing a malicious application to modify memory after being freed, possibly resulting in code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Race Condition"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:20.ipv6.asc",
"refsource": "MISC",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:20.ipv6.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200724-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200724-0002/"
},
{
"name": "http://packetstormsecurity.com/files/158695/FreeBSD-ip6_setpktopt-Use-After-Free-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158695/FreeBSD-ip6_setpktopt-Use-After-Free-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2020-7457",
"datePublished": "2020-07-09T13:46:41",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:25:49.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24716 (GCVE-0-2020-24716)
Vulnerability from cvelistv5
Published
2020-08-27 18:03
Modified
2024-08-04 15:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jira.ixsystems.com/browse/NAS-107270 | x_refsource_MISC | |
| https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f | x_refsource_MISC | |
| https://reviews.freebsd.org/D26107 | x_refsource_MISC | |
| https://github.com/openzfs/zfs/compare/zfs-0.8.4...zfs-2.0.0-rc1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.ixsystems.com/browse/NAS-107270"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://reviews.freebsd.org/D26107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openzfs/zfs/compare/zfs-0.8.4...zfs-2.0.0-rc1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-27T18:03:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.ixsystems.com/browse/NAS-107270"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://reviews.freebsd.org/D26107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openzfs/zfs/compare/zfs-0.8.4...zfs-2.0.0-rc1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.ixsystems.com/browse/NAS-107270",
"refsource": "MISC",
"url": "https://jira.ixsystems.com/browse/NAS-107270"
},
{
"name": "https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f",
"refsource": "MISC",
"url": "https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f"
},
{
"name": "https://reviews.freebsd.org/D26107",
"refsource": "MISC",
"url": "https://reviews.freebsd.org/D26107"
},
{
"name": "https://github.com/openzfs/zfs/compare/zfs-0.8.4...zfs-2.0.0-rc1",
"refsource": "MISC",
"url": "https://github.com/openzfs/zfs/compare/zfs-0.8.4...zfs-2.0.0-rc1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24716",
"datePublished": "2020-08-27T18:03:32",
"dateReserved": "2020-08-27T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25582 (GCVE-0-2020-25582)
Vulnerability from cvelistv5
Published
2021-03-26 20:41
Modified
2024-08-04 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper check for unusual conditions
Summary
In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-21:05.jail_chdir.asc | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210423-0003/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:33:05.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:05.jail_chdir.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210423-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FreeBSD 12.2-RELEASE before p4, 11.4-RELEASE before p8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper check for unusual conditions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-23T05:06:25",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:05.jail_chdir.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210423-0003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2020-25582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 12.2-RELEASE before p4, 11.4-RELEASE before p8"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper check for unusual conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:05.jail_chdir.asc",
"refsource": "MISC",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:05.jail_chdir.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210423-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210423-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2020-25582",
"datePublished": "2021-03-26T20:41:04",
"dateReserved": "2020-09-14T00:00:00",
"dateUpdated": "2024-08-04T15:33:05.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5611 (GCVE-0-2019-5611)
Vulnerability from cvelistv5
Published
2019-08-29 21:37
Modified
2024-08-04 20:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper check for unusual conditions
Summary
In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc | vendor-advisory, x_refsource_FREEBSD | |
| https://seclists.org/bugtraq/2019/Aug/33 | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/154170/FreeBSD-Security-Advisory-FreeBSD-SA-19-22.mbuf.html | x_refsource_MISC | |
| https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20190910-0002/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-19:22",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc"
},
{
"name": "20190821 FreeBSD Security Advisory FreeBSD-SA-19:22.mbuf",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/33"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154170/FreeBSD-Security-Advisory-FreeBSD-SA-19-22.mbuf.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190910-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.0-RELEASE before 12.0-RELEASE-p10"
},
{
"status": "affected",
"version": "11.3-RELEASE before 11.3-RELEASE-p3"
},
{
"status": "affected",
"version": "11.2-RELEASE before 11.2-RELEASE-p14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper check for unusual conditions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-10T14:06:15",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "FreeBSD-SA-19:22",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc"
},
{
"name": "20190821 FreeBSD Security Advisory FreeBSD-SA-19:22.mbuf",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/33"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154170/FreeBSD-Security-Advisory-FreeBSD-SA-19-22.mbuf.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190910-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2019-5611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "12.0-RELEASE before 12.0-RELEASE-p10"
},
{
"version_value": "11.3-RELEASE before 11.3-RELEASE-p3"
},
{
"version_value": "11.2-RELEASE before 11.2-RELEASE-p14"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper check for unusual conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-19:22",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc"
},
{
"name": "20190821 FreeBSD Security Advisory FreeBSD-SA-19:22.mbuf",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/33"
},
{
"name": "http://packetstormsecurity.com/files/154170/FreeBSD-Security-Advisory-FreeBSD-SA-19-22.mbuf.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154170/FreeBSD-Security-Advisory-FreeBSD-SA-19-22.mbuf.html"
},
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc",
"refsource": "CONFIRM",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190910-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190910-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2019-5611",
"datePublished": "2019-08-29T21:37:31",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:51.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4304 (GCVE-0-2007-4304)
Vulnerability from cvelistv5
Published
2007-08-13 21:00
Modified
2024-09-16 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CerbNG for FreeBSD 4.8 does not properly implement VM protection when attempting to prevent system call wrapper races, which allows local users to have an unknown impact related to an "incorrect write protection of pages".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.watson.org/~robert/2007woot/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.watson.org/~robert/2007woot/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CerbNG for FreeBSD 4.8 does not properly implement VM protection when attempting to prevent system call wrapper races, which allows local users to have an unknown impact related to an \"incorrect write protection of pages\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-08-13T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.watson.org/~robert/2007woot/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CerbNG for FreeBSD 4.8 does not properly implement VM protection when attempting to prevent system call wrapper races, which allows local users to have an unknown impact related to an \"incorrect write protection of pages\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.watson.org/~robert/2007woot/",
"refsource": "MISC",
"url": "http://www.watson.org/~robert/2007woot/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4304",
"datePublished": "2007-08-13T21:00:00Z",
"dateReserved": "2007-08-13T00:00:00Z",
"dateUpdated": "2024-09-16T23:25:53.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6759 (GCVE-0-2024-6759)
Vulnerability from cvelistv5
Published
2024-08-11 02:45
Modified
2024-08-16 17:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". This allows readdir(3) and related functions to return filesystem entries with names containing additional path components.
The lack of validation described above gives rise to a confused deputy problem. For example, a program copying files from an NFS mount could be tricked into copying from outside the intended source directory, and/or to a location outside the intended destination directory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.freebsd.org/advisories/FreeBSD-SA-24:07.nfsclient.asc | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:freebsd:freebsd:14.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freebsd",
"vendor": "freebsd",
"versions": [
{
"lessThan": "14.1p3",
"status": "affected",
"version": "14.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:freebsd:freebsd:13.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freebsd",
"vendor": "freebsd",
"versions": [
{
"lessThan": "14.0p9",
"status": "affected",
"version": "14.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:freebsd:freebsd:13.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freebsd",
"vendor": "freebsd",
"versions": [
{
"lessThan": "13.3p5",
"status": "affected",
"version": "13.3",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-6759",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-12T14:14:46.215475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T14:24:35.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-16T17:02:45.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240816-0009/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"nfsclient"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p3",
"status": "affected",
"version": "14.1-RELEASE",
"versionType": "release"
},
{
"lessThan": "p9",
"status": "affected",
"version": "14.0-RELEASE",
"versionType": "release"
},
{
"lessThan": "p5",
"status": "affected",
"version": "13.3-RELEASE",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Apple Security Engineering and Architecture (SEAR)"
}
],
"datePublic": "2024-08-07T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, \"/\". This allows readdir(3) and related functions to return filesystem entries with names containing additional path components.\n\nThe lack of validation described above gives rise to a confused deputy problem. For example, a program copying files from an NFS mount could be tricked into copying from outside the intended source directory, and/or to a location outside the intended destination directory."
}
],
"providerMetadata": {
"dateUpdated": "2024-08-11T02:45:15.024Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:07.nfsclient.asc"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NFS client accepts file names containing path separators",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2024-6759",
"datePublished": "2024-08-11T02:45:15.024Z",
"dateReserved": "2024-07-15T14:18:19.971Z",
"dateUpdated": "2024-08-16T17:02:45.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4062 (GCVE-0-2011-4062)
Vulnerability from cvelistv5
Published
2011-10-18 01:00
Modified
2024-08-06 23:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly gain privileges via a bind system call with a long pathname for a UNIX socket.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.freebsd.org/patches/SA-11:05/unix2.patch | x_refsource_MISC | |
| http://secunia.com/advisories/46202 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.exploit-db.com/exploits/17908 | exploit, x_refsource_EXPLOIT-DB | |
| http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://secunia.com/advisories/46564 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1026106 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/75788 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/49862 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2011/dsa-2325 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.freebsd.org/patches/SA-11:05/unix2.patch"
},
{
"name": "46202",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46202"
},
{
"name": "17908",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17908"
},
{
"name": "FreeBSD-SA-11:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc"
},
{
"name": "46564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46564"
},
{
"name": "1026106",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026106"
},
{
"name": "75788",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/75788"
},
{
"name": "49862",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49862"
},
{
"name": "DSA-2325",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2325"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly gain privileges via a bind system call with a long pathname for a UNIX socket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-29T09:00:00",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.freebsd.org/patches/SA-11:05/unix2.patch"
},
{
"name": "46202",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46202"
},
{
"name": "17908",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17908"
},
{
"name": "FreeBSD-SA-11:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc"
},
{
"name": "46564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46564"
},
{
"name": "1026106",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026106"
},
{
"name": "75788",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/75788"
},
{
"name": "49862",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49862"
},
{
"name": "DSA-2325",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2325"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2011-4062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly gain privileges via a bind system call with a long pathname for a UNIX socket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.freebsd.org/patches/SA-11:05/unix2.patch",
"refsource": "MISC",
"url": "http://security.freebsd.org/patches/SA-11:05/unix2.patch"
},
{
"name": "46202",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46202"
},
{
"name": "17908",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17908"
},
{
"name": "FreeBSD-SA-11:05",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc"
},
{
"name": "46564",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46564"
},
{
"name": "1026106",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026106"
},
{
"name": "75788",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/75788"
},
{
"name": "49862",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49862"
},
{
"name": "DSA-2325",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2325"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2011-4062",
"datePublished": "2011-10-18T01:00:00",
"dateReserved": "2011-10-15T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6923 (GCVE-0-2018-6923)
Vulnerability from cvelistv5
Published
2018-09-04 18:00
Modified
2024-09-16 23:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of service
Summary
In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume excessive resources.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105336 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1041505 | vdb-entry, x_refsource_SECTRACK | |
| https://www.freebsd.org/security/advisories/FreeBSD-SA-18:10.ip.asc | vendor-advisory, x_refsource_FREEBSD |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105336",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105336"
},
{
"name": "1041505",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041505"
},
{
"name": "FreeBSD-SA-18:10",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:10.ip.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"status": "affected",
"version": "All supported versions of FreeBSD."
}
]
}
],
"datePublic": "2018-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume excessive resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-14T09:57:02",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "105336",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105336"
},
{
"name": "1041505",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041505"
},
{
"name": "FreeBSD-SA-18:10",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:10.ip.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"DATE_PUBLIC": "2018-08-14T00:00:00",
"ID": "CVE-2018-6923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "All supported versions of FreeBSD."
}
]
}
}
]
},
"vendor_name": "FreeBSD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume excessive resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105336",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105336"
},
{
"name": "1041505",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041505"
},
{
"name": "FreeBSD-SA-18:10",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:10.ip.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2018-6923",
"datePublished": "2018-09-04T18:00:00Z",
"dateReserved": "2018-02-12T00:00:00",
"dateUpdated": "2024-09-16T23:16:08.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7458 (GCVE-0-2020-7458)
Vulnerability from cvelistv5
Published
2020-07-09 13:47
Modified
2024-08-04 09:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Overflow
Summary
In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end of the heap allocated stack possibly leading to arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-20:18.posix_spawnp.asc | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200724-0002/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:48.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:18.posix_spawnp.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200724-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FreeBSD 11.4-RELEASE before p1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end of the heap allocated stack possibly leading to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-24T13:06:14",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:18.posix_spawnp.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200724-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2020-7458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 11.4-RELEASE before p1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end of the heap allocated stack possibly leading to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:18.posix_spawnp.asc",
"refsource": "MISC",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:18.posix_spawnp.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200724-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200724-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2020-7458",
"datePublished": "2020-07-09T13:47:03",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:25:48.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10565 (GCVE-0-2020-10565)
Vulnerability from cvelistv5
Published
2020-03-14 00:53
Modified
2024-08-04 11:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhyve process, resulting in code execution as root on the host OS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://svnweb.freebsd.org/ports?view=revision&revision=525916 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:09.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://svnweb.freebsd.org/ports?view=revision\u0026revision=525916"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhyve process, resulting in code execution as root on the host OS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-14T00:53:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://svnweb.freebsd.org/ports?view=revision\u0026revision=525916"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhyve process, resulting in code execution as root on the host OS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://svnweb.freebsd.org/ports?view=revision\u0026revision=525916",
"refsource": "MISC",
"url": "https://svnweb.freebsd.org/ports?view=revision\u0026revision=525916"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10565",
"datePublished": "2020-03-14T00:53:02",
"dateReserved": "2020-03-14T00:00:00",
"dateUpdated": "2024-08-04T11:06:09.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1185 (GCVE-0-2001-1185)
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 04:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Some AIO operations in FreeBSD 4.4 may be delayed until after a call to execve, which could allow a local user to overwrite memory of the new process and gain privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/7693.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/244583 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/3661 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/2001 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:08.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bsd-aio-overwrite-memory(7693)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7693.php"
},
{
"name": "20011210 AIO vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/244583"
},
{
"name": "3661",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3661"
},
{
"name": "2001",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/2001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Some AIO operations in FreeBSD 4.4 may be delayed until after a call to execve, which could allow a local user to overwrite memory of the new process and gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-22T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bsd-aio-overwrite-memory(7693)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7693.php"
},
{
"name": "20011210 AIO vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/244583"
},
{
"name": "3661",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3661"
},
{
"name": "2001",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/2001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some AIO operations in FreeBSD 4.4 may be delayed until after a call to execve, which could allow a local user to overwrite memory of the new process and gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bsd-aio-overwrite-memory(7693)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7693.php"
},
{
"name": "20011210 AIO vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/244583"
},
{
"name": "3661",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3661"
},
{
"name": "2001",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1185",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-03-15T00:00:00",
"dateUpdated": "2024-08-08T04:44:08.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29627 (GCVE-0-2021-29627)
Vulnerability from cvelistv5
Published
2021-04-07 14:45
Modified
2024-08-03 22:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Double free or use after free
Summary
In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional operations on the socket can lead to a double free or use after free.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-21:09.accept_filter.asc | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210423-0007/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:06.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:09.accept_filter.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210423-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FreeBSD 12.2-RELEASE before p6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional operations on the socket can lead to a double free or use after free."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Double free or use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-23T05:06:21",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:09.accept_filter.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210423-0007/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2021-29627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 12.2-RELEASE before p6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional operations on the socket can lead to a double free or use after free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Double free or use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:09.accept_filter.asc",
"refsource": "MISC",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:09.accept_filter.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210423-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210423-0007/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2021-29627",
"datePublished": "2021-04-07T14:45:52",
"dateReserved": "2021-03-30T00:00:00",
"dateUpdated": "2024-08-03T22:11:06.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2022 (GCVE-0-2010-2022)
Vulnerability from cvelistv5
Published
2010-05-28 18:00
Modified
2024-09-17 01:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U root" options are omitted, does not properly restrict access to the current working directory, which might allow local users to read, modify, or create arbitrary files via standard filesystem operations.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2010/1247 | vdb-entry, x_refsource_VUPEN | |
| http://security.FreeBSD.org/advisories/FreeBSD-SA-10:04.jail.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.securityfocus.com/bid/40399 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1024038 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:14.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-1247",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1247"
},
{
"name": "FreeBSD-SA-10:04",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:04.jail.asc"
},
{
"name": "40399",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40399"
},
{
"name": "1024038",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024038"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the \"-l -U root\" options are omitted, does not properly restrict access to the current working directory, which might allow local users to read, modify, or create arbitrary files via standard filesystem operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-28T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2010-1247",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1247"
},
{
"name": "FreeBSD-SA-10:04",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:04.jail.asc"
},
{
"name": "40399",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40399"
},
{
"name": "1024038",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024038"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the \"-l -U root\" options are omitted, does not properly restrict access to the current working directory, which might allow local users to read, modify, or create arbitrary files via standard filesystem operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1247",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1247"
},
{
"name": "FreeBSD-SA-10:04",
"refsource": "FREEBSD",
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:04.jail.asc"
},
{
"name": "40399",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40399"
},
{
"name": "1024038",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024038"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2022",
"datePublished": "2010-05-28T18:00:00Z",
"dateReserved": "2010-05-24T00:00:00Z",
"dateUpdated": "2024-09-17T01:05:51.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-0085 (GCVE-0-1999-0085)
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/119 | vdb-entry, x_refsource_XF | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/118 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:27:57.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "rwhod(119)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119"
},
{
"name": "rwhod-vuln(118)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "rwhod(119)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119"
},
{
"name": "rwhod-vuln(118)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "rwhod(119)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119"
},
{
"name": "rwhod-vuln(118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0085",
"datePublished": "1999-09-29T04:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:27:57.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0388 (GCVE-0-2000-0388)
Vulnerability from cvelistv5
Published
2000-07-12 04:00
Modified
2024-08-08 05:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/1185 | vdb-entry, x_refsource_BID | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A17.libmytinfo.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:14:21.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1185",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1185"
},
{
"name": "FreeBSD-SA-00:17",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A17.libmytinfo.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1185",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1185"
},
{
"name": "FreeBSD-SA-00:17",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A17.libmytinfo.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1185",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1185"
},
{
"name": "FreeBSD-SA-00:17",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A17.libmytinfo.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0388",
"datePublished": "2000-07-12T04:00:00",
"dateReserved": "2000-06-14T00:00:00",
"dateUpdated": "2024-08-08T05:14:21.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3721 (GCVE-0-2007-3721)
Vulnerability from cvelistv5
Published
2007-07-12 16:00
Modified
2024-08-07 14:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ULE process scheduler in the FreeBSD kernel gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cs.huji.ac.il/~dants/papers/Cheat07Security.pdf | x_refsource_MISC | |
| http://osvdb.org/39598 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:51.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.huji.ac.il/~dants/papers/Cheat07Security.pdf"
},
{
"name": "39598",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39598"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ULE process scheduler in the FreeBSD kernel gives preference to \"interactive\" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in \"Secretly Monopolizing the CPU Without Superuser Privileges.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-15T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.huji.ac.il/~dants/papers/Cheat07Security.pdf"
},
{
"name": "39598",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39598"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ULE process scheduler in the FreeBSD kernel gives preference to \"interactive\" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in \"Secretly Monopolizing the CPU Without Superuser Privileges.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cs.huji.ac.il/~dants/papers/Cheat07Security.pdf",
"refsource": "MISC",
"url": "http://www.cs.huji.ac.il/~dants/papers/Cheat07Security.pdf"
},
{
"name": "39598",
"refsource": "OSVDB",
"url": "http://osvdb.org/39598"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3721",
"datePublished": "2007-07-12T16:00:00",
"dateReserved": "2007-07-11T00:00:00",
"dateUpdated": "2024-08-07T14:28:51.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0852 (GCVE-0-2000-0852)
Vulnerability from cvelistv5
Published
2001-01-22 05:00
Modified
2024-08-08 05:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/1559 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/1686 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5248 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/freebsd/2000-09/0110.html | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:30.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1559",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1559"
},
{
"name": "1686",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1686"
},
{
"name": "freebsd-eject-port(5248)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5248"
},
{
"name": "FreeBSD-SA-00:49",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2000-09/0110.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1559",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1559"
},
{
"name": "1686",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1686"
},
{
"name": "freebsd-eject-port(5248)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5248"
},
{
"name": "FreeBSD-SA-00:49",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2000-09/0110.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1559",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1559"
},
{
"name": "1686",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1686"
},
{
"name": "freebsd-eject-port(5248)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5248"
},
{
"name": "FreeBSD-SA-00:49",
"refsource": "FREEBSD",
"url": "http://archives.neohapsis.com/archives/freebsd/2000-09/0110.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0852",
"datePublished": "2001-01-22T05:00:00",
"dateReserved": "2000-10-18T00:00:00",
"dateUpdated": "2024-08-08T05:37:30.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6833 (GCVE-0-2013-6833)
Vulnerability from cvelistv5
Published
2013-11-21 02:00
Modified
2024-08-06 17:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The qls_eioctl function in sys/dev/qlxge/qls_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0107.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:23.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131115 XADV-2013006 FreeBSD \u003c= 10 kernel qlxge/qlxgbe Driver IOCTL Multiple Kernel Memory Leak Bugs",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0107.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The qls_eioctl function in sys/dev/qlxge/qls_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-23T18:10:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20131115 XADV-2013006 FreeBSD \u003c= 10 kernel qlxge/qlxgbe Driver IOCTL Multiple Kernel Memory Leak Bugs",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0107.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The qls_eioctl function in sys/dev/qlxge/qls_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131115 XADV-2013006 FreeBSD \u003c= 10 kernel qlxge/qlxgbe Driver IOCTL Multiple Kernel Memory Leak Bugs",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0107.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6833",
"datePublished": "2013-11-21T02:00:00",
"dateReserved": "2013-11-20T00:00:00",
"dateUpdated": "2024-08-06T17:46:23.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3953 (GCVE-0-2014-3953)
Vulnerability from cvelistv5
Published
2014-07-15 14:00
Modified
2024-08-06 10:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a (1) SCTP_SNDRCV, (2) SCTP_EXTRCV, or (3) SCTP_RCVINFO SCTP cmsg or a (4) SCTP_PEER_ADDR_CHANGE, (5) SCTP_REMOTE_ERROR, or (6) SCTP_AUTHENTICATION_EVENT notification.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2014/dsa-3070 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securitytracker.com/id/1030539 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/62218 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.freebsd.org/security/advisories/FreeBSD-SA-14:17.kmem.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3070",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3070"
},
{
"name": "1030539",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030539"
},
{
"name": "62218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62218"
},
{
"name": "FreeBSD-SA-14:17",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-14:17.kmem.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a (1) SCTP_SNDRCV, (2) SCTP_EXTRCV, or (3) SCTP_RCVINFO SCTP cmsg or a (4) SCTP_PEER_ADDR_CHANGE, (5) SCTP_REMOTE_ERROR, or (6) SCTP_AUTHENTICATION_EVENT notification."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-13T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3070",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3070"
},
{
"name": "1030539",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030539"
},
{
"name": "62218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62218"
},
{
"name": "FreeBSD-SA-14:17",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-14:17.kmem.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a (1) SCTP_SNDRCV, (2) SCTP_EXTRCV, or (3) SCTP_RCVINFO SCTP cmsg or a (4) SCTP_PEER_ADDR_CHANGE, (5) SCTP_REMOTE_ERROR, or (6) SCTP_AUTHENTICATION_EVENT notification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3070",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3070"
},
{
"name": "1030539",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030539"
},
{
"name": "62218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62218"
},
{
"name": "FreeBSD-SA-14:17",
"refsource": "FREEBSD",
"url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-14:17.kmem.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3953",
"datePublished": "2014-07-15T14:00:00",
"dateReserved": "2014-06-03T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1088 (GCVE-0-2017-1088)
Vulnerability from cvelistv5
Published
2017-11-16 20:00
Modified
2024-09-16 22:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Kernel information leak
Summary
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/101857 | vdb-entry, x_refsource_BID | |
| https://www.freebsd.org/security/advisories/FreeBSD-SA-17:10.kldstat.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.securitytracker.com/id/1039811 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:16.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101857",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101857"
},
{
"name": "FreeBSD-SA-17:10",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:10.kldstat.asc"
},
{
"name": "1039811",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039811"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"status": "affected",
"version": "All supported versions of FreeBSD"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Kernel information leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-17T10:57:01",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"name": "101857",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101857"
},
{
"name": "FreeBSD-SA-17:10",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:10.kldstat.asc"
},
{
"name": "1039811",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039811"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-1088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "All supported versions of FreeBSD"
}
]
}
}
]
},
"vendor_name": "FreeBSD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Kernel information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101857",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101857"
},
{
"name": "FreeBSD-SA-17:10",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:10.kldstat.asc"
},
{
"name": "1039811",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039811"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2017-1088",
"datePublished": "2017-11-16T20:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T22:15:13.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0963 (GCVE-0-2000-0963)
Vulnerability from cvelistv5
Published
2000-11-29 05:00
Modified
2024-08-08 05:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44487 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/138550 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/1142 | vdb-entry, x_refsource_BID | |
| http://www.calderasystems.com/support/security/advisories/CSSA-2000-036.0.txt | vendor-advisory, x_refsource_CALDERA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:31.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "gnu-ncurses-term-terminfodirs-bo(44487)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44487"
},
{
"name": "20001009 ncurses buffer overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/138550"
},
{
"name": "1142",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1142"
},
{
"name": "CSSA-2000-036.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-036.0.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "gnu-ncurses-term-terminfodirs-bo(44487)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44487"
},
{
"name": "20001009 ncurses buffer overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/138550"
},
{
"name": "1142",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1142"
},
{
"name": "CSSA-2000-036.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-036.0.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gnu-ncurses-term-terminfodirs-bo(44487)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44487"
},
{
"name": "20001009 ncurses buffer overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/138550"
},
{
"name": "1142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1142"
},
{
"name": "CSSA-2000-036.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-036.0.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0963",
"datePublished": "2000-11-29T05:00:00",
"dateReserved": "2000-11-24T00:00:00",
"dateUpdated": "2024-08-08T05:37:31.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1125 (GCVE-0-2002-1125)
Vulnerability from cvelistv5
Published
2002-09-17 04:00
Modified
2024-08-08 03:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=103228135413310&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/5719 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/bid/5718 | vdb-entry, x_refsource_BID | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:39.libkvm.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.securityfocus.com/bid/5714 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/10109.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/5720 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0115.html | mailing-list, x_refsource_VULNWATCH | |
| http://www.securityfocus.com/bid/5716 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020916 iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103228135413310\u0026w=2"
},
{
"name": "5719",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5719"
},
{
"name": "5718",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5718"
},
{
"name": "FreeBSD-SA-02:39",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:39.libkvm.asc"
},
{
"name": "5714",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5714"
},
{
"name": "bsd-libkvm-descriptor-leak(10109)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10109.php"
},
{
"name": "5720",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5720"
},
{
"name": "20020916 iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0115.html"
},
{
"name": "5716",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5716"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020916 iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103228135413310\u0026w=2"
},
{
"name": "5719",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5719"
},
{
"name": "5718",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5718"
},
{
"name": "FreeBSD-SA-02:39",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:39.libkvm.asc"
},
{
"name": "5714",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5714"
},
{
"name": "bsd-libkvm-descriptor-leak(10109)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10109.php"
},
{
"name": "5720",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5720"
},
{
"name": "20020916 iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0115.html"
},
{
"name": "5716",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5716"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020916 iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103228135413310\u0026w=2"
},
{
"name": "5719",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5719"
},
{
"name": "5718",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5718"
},
{
"name": "FreeBSD-SA-02:39",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:39.libkvm.asc"
},
{
"name": "5714",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5714"
},
{
"name": "bsd-libkvm-descriptor-leak(10109)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10109.php"
},
{
"name": "5720",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5720"
},
{
"name": "20020916 iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0115.html"
},
{
"name": "5716",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5716"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1125",
"datePublished": "2002-09-17T04:00:00",
"dateReserved": "2002-09-16T00:00:00",
"dateUpdated": "2024-08-08T03:12:16.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0371 (GCVE-0-2001-0371)
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-08 04:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6268 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/5682 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/freebsd/2001-03/0403.html | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:14:07.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ufs-ext2fs-data-disclosure(6268)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6268"
},
{
"name": "5682",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5682"
},
{
"name": "FreeBSD-SA-01:30",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2001-03/0403.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ufs-ext2fs-data-disclosure(6268)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6268"
},
{
"name": "5682",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5682"
},
{
"name": "FreeBSD-SA-01:30",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2001-03/0403.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ufs-ext2fs-data-disclosure(6268)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6268"
},
{
"name": "5682",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5682"
},
{
"name": "FreeBSD-SA-01:30",
"refsource": "FREEBSD",
"url": "http://archives.neohapsis.com/archives/freebsd/2001-03/0403.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0371",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-05-24T00:00:00",
"dateUpdated": "2024-08-08T04:14:07.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1289 (GCVE-0-2003-1289)
Vulnerability from cvelistv5
Published
2005-12-17 21:00
Modified
2024-08-08 02:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/2406 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/12892 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/9504 | third-party-advisory, x_refsource_SECUNIA | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:10.ibcs2.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://securitytracker.com/id?1007460 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:46.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2406",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/2406"
},
{
"name": "freebsd-ibcs2-kernel-memory(12892)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12892"
},
{
"name": "9504",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/9504"
},
{
"name": "FreeBSD-SA-03:10",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:10.ibcs2.asc"
},
{
"name": "1007460",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1007460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2406",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/2406"
},
{
"name": "freebsd-ibcs2-kernel-memory(12892)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12892"
},
{
"name": "9504",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/9504"
},
{
"name": "FreeBSD-SA-03:10",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:10.ibcs2.asc"
},
{
"name": "1007460",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1007460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2406",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2406"
},
{
"name": "freebsd-ibcs2-kernel-memory(12892)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12892"
},
{
"name": "9504",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9504"
},
{
"name": "FreeBSD-SA-03:10",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:10.ibcs2.asc"
},
{
"name": "1007460",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1007460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1289",
"datePublished": "2005-12-17T21:00:00",
"dateReserved": "2005-12-17T00:00:00",
"dateUpdated": "2024-08-08T02:19:46.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25577 (GCVE-0-2020-25577)
Vulnerability from cvelistv5
Published
2021-03-29 19:53
Modified
2024-08-04 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper validation
Summary
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currently ignores such malformed packets, it passes them to userspace programs. Any programs expecting the kernel to do validation may be vulnerable to an overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-20:32.rtsold.asc | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210423-0001/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:33:05.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:32.rtsold.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210423-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FreeBSD 12.2-RELEASE before p1, 12.1-RELEASE before p11, 11.4-RELEASE before p5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currently ignores such malformed packets, it passes them to userspace programs. Any programs expecting the kernel to do validation may be vulnerable to an overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-23T05:06:22",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:32.rtsold.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210423-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2020-25577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 12.2-RELEASE before p1, 12.1-RELEASE before p11, 11.4-RELEASE before p5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currently ignores such malformed packets, it passes them to userspace programs. Any programs expecting the kernel to do validation may be vulnerable to an overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:32.rtsold.asc",
"refsource": "MISC",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:32.rtsold.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210423-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210423-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2020-25577",
"datePublished": "2021-03-29T19:53:50",
"dateReserved": "2020-09-14T00:00:00",
"dateUpdated": "2024-08-04T15:33:05.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0004 (GCVE-0-2002-0004)
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 02:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7909 | vdb-entry, x_refsource_XF | |
| http://online.securityfocus.com/advisories/3969 | vendor-advisory, x_refsource_HP | |
| http://www.debian.org/security/2002/dsa-102 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.redhat.com/support/errata/RHSA-2002-015.html | vendor-advisory, x_refsource_REDHAT | |
| http://online.securityfocus.com/advisories/3833 | vendor-advisory, x_refsource_HP | |
| http://marc.info/?l=bugtraq&m=101128661602088&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/3886 | vdb-entry, x_refsource_BID | |
| http://www.novell.com/linux/security/advisories/2002_003_at_txt.html | vendor-advisory, x_refsource_SUSE | |
| http://marc.info/?l=bugtraq&m=101147632721031&w=2 | vendor-advisory, x_refsource_MANDRAKE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "linux-at-exetime-heap-corruption(7909)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7909"
},
{
"name": "HPSBTL0302-034",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://online.securityfocus.com/advisories/3969"
},
{
"name": "DSA-102",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-102"
},
{
"name": "RHSA-2002:015",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-015.html"
},
{
"name": "HPSBTL0201-021",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://online.securityfocus.com/advisories/3833"
},
{
"name": "20020117 \u0027/usr/bin/at 31337 + vuln\u0027 problem + exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101128661602088\u0026w=2"
},
{
"name": "3886",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3886"
},
{
"name": "SuSE-SA:2002:003",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2002_003_at_txt.html"
},
{
"name": "MDKSA-2002:007",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101147632721031\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap corruption vulnerability in the \"at\" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-16T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "linux-at-exetime-heap-corruption(7909)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7909"
},
{
"name": "HPSBTL0302-034",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://online.securityfocus.com/advisories/3969"
},
{
"name": "DSA-102",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-102"
},
{
"name": "RHSA-2002:015",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-015.html"
},
{
"name": "HPSBTL0201-021",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://online.securityfocus.com/advisories/3833"
},
{
"name": "20020117 \u0027/usr/bin/at 31337 + vuln\u0027 problem + exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101128661602088\u0026w=2"
},
{
"name": "3886",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3886"
},
{
"name": "SuSE-SA:2002:003",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2002_003_at_txt.html"
},
{
"name": "MDKSA-2002:007",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101147632721031\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap corruption vulnerability in the \"at\" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "linux-at-exetime-heap-corruption(7909)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7909"
},
{
"name": "HPSBTL0302-034",
"refsource": "HP",
"url": "http://online.securityfocus.com/advisories/3969"
},
{
"name": "DSA-102",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-102"
},
{
"name": "RHSA-2002:015",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-015.html"
},
{
"name": "HPSBTL0201-021",
"refsource": "HP",
"url": "http://online.securityfocus.com/advisories/3833"
},
{
"name": "20020117 \u0027/usr/bin/at 31337 + vuln\u0027 problem + exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101128661602088\u0026w=2"
},
{
"name": "3886",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3886"
},
{
"name": "SuSE-SA:2002:003",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2002_003_at_txt.html"
},
{
"name": "MDKSA-2002:007",
"refsource": "MANDRAKE",
"url": "http://marc.info/?l=bugtraq\u0026m=101147632721031\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0004",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-01-02T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0144 (GCVE-0-2003-0144)
Vulnerability from cvelistv5
Published
2003-03-14 05:00
Modified
2024-08-08 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://patches.sgi.com/support/free/security/advisories/20030406-02-P | vendor-advisory, x_refsource_SGI | |
| http://www.debian.org/security/2003/dsa-275 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/7025 | vdb-entry, x_refsource_BID | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2003:059 | vendor-advisory, x_refsource_MANDRAKE | |
| http://secunia.com/advisories/8293 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.novell.com/linux/security/advisories/2003_014_lprold.html | vendor-advisory, x_refsource_SUSE | |
| http://www.debian.org/security/2003/dsa-267 | vendor-advisory, x_refsource_DEBIAN | |
| http://marc.info/?l=bugtraq&m=104690434504429&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=bugtraq&m=104714441925019&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11473 | vdb-entry, x_refsource_XF | |
| ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:36.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030406-02-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030406-02-P"
},
{
"name": "DSA-275",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-275"
},
{
"name": "7025",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7025"
},
{
"name": "MDKSA-2003:059",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:059"
},
{
"name": "8293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/8293"
},
{
"name": "SuSE-SA:2003:0014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2003_014_lprold.html"
},
{
"name": "DSA-267",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-267"
},
{
"name": "20030305 potential buffer overflow in lprm (fwd)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104690434504429\u0026w=2"
},
{
"name": "20030308 OpenBSD lprm(1) exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104714441925019\u0026w=2"
},
{
"name": "lprm-bo(11473)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11473"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030406-02-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030406-02-P"
},
{
"name": "DSA-275",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-275"
},
{
"name": "7025",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7025"
},
{
"name": "MDKSA-2003:059",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:059"
},
{
"name": "8293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/8293"
},
{
"name": "SuSE-SA:2003:0014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2003_014_lprold.html"
},
{
"name": "DSA-267",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-267"
},
{
"name": "20030305 potential buffer overflow in lprm (fwd)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104690434504429\u0026w=2"
},
{
"name": "20030308 OpenBSD lprm(1) exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104714441925019\u0026w=2"
},
{
"name": "lprm-bo(11473)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11473"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030406-02-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030406-02-P"
},
{
"name": "DSA-275",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-275"
},
{
"name": "7025",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7025"
},
{
"name": "MDKSA-2003:059",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:059"
},
{
"name": "8293",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8293"
},
{
"name": "SuSE-SA:2003:0014",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_014_lprold.html"
},
{
"name": "DSA-267",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-267"
},
{
"name": "20030305 potential buffer overflow in lprm (fwd)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104690434504429\u0026w=2"
},
{
"name": "20030308 OpenBSD lprm(1) exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104714441925019\u0026w=2"
},
{
"name": "lprm-bo(11473)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11473"
},
{
"name": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch",
"refsource": "CONFIRM",
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0144",
"datePublished": "2003-03-14T05:00:00",
"dateReserved": "2003-03-13T00:00:00",
"dateUpdated": "2024-08-08T01:43:36.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45288 (GCVE-0-2024-45288)
Vulnerability from cvelistv5
Published
2024-09-05 03:18
Modified
2024-09-20 16:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A missing null-termination character in the last element of an nvlist array string can lead to writing outside the allocated buffer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.freebsd.org/advisories/FreeBSD-SA-24:09.libnv.asc | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freebsd",
"vendor": "freebsd",
"versions": [
{
"lessThan": "14.1_p4",
"status": "affected",
"version": "14.1",
"versionType": "custom"
},
{
"lessThan": "14.0_p10",
"status": "affected",
"version": "14.0",
"versionType": "custom"
},
{
"lessThan": "13.3_p6",
"status": "affected",
"version": "13.3",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45288",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T13:15:16.471753Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T13:15:32.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-20T16:03:13.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240920-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"libnv"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p4",
"status": "affected",
"version": "14.1-RELEASE",
"versionType": "release"
},
{
"lessThan": "p10",
"status": "affected",
"version": "14.0-RELEASE",
"versionType": "release"
},
{
"lessThan": "p6",
"status": "affected",
"version": "13.3-RELEASE",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Synacktiv"
}
],
"datePublic": "2024-09-04T23:37:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A missing null-termination character in the last element of an nvlist array string can lead to writing outside the allocated buffer."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-170",
"description": "CWE-170: Improper Null Termination",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T03:18:26.407Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:09.libnv.asc"
}
],
"title": "Multiple vulnerabilities in libnv"
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2024-45288",
"datePublished": "2024-09-05T03:18:26.407Z",
"dateReserved": "2024-08-26T14:20:00.870Z",
"dateUpdated": "2024-09-20T16:03:13.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15037 (GCVE-0-2017-15037)
Vulnerability from cvelistv5
Published
2017-10-05 07:00
Modified
2024-08-05 19:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' character.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/101191 | vdb-entry, x_refsource_BID | |
| https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222687 | x_refsource_CONFIRM | |
| https://svnweb.freebsd.org/base?view=revision&revision=324102 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101191",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101191"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222687"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=324102"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p-\u003et_name strings to lack a final \u0027\\0\u0027 character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-07T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "101191",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101191"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222687"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=324102"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p-\u003et_name strings to lack a final \u0027\\0\u0027 character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101191",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101191"
},
{
"name": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222687",
"refsource": "CONFIRM",
"url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222687"
},
{
"name": "https://svnweb.freebsd.org/base?view=revision\u0026revision=324102",
"refsource": "CONFIRM",
"url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=324102"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15037",
"datePublished": "2017-10-05T07:00:00",
"dateReserved": "2017-10-05T00:00:00",
"dateUpdated": "2024-08-05T19:42:22.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1564 (GCVE-0-1999-1564)
Vulnerability from cvelistv5
Published
2001-09-12 04:00
Modified
2024-08-01 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/26166 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:18:07.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19990902 [ Kernel panic with FreeBSD-3.2-19990830-STABLE ]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/26166"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-09T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19990902 [ Kernel panic with FreeBSD-3.2-19990830-STABLE ]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/26166"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19990902 [ Kernel panic with FreeBSD-3.2-19990830-STABLE ]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/26166"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1564",
"datePublished": "2001-09-12T04:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:18:07.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3000 (GCVE-0-2014-3000)
Vulnerability from cvelistv5
Published
2014-05-02 14:00
Modified
2024-08-06 10:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service (undefined memory access and system crash) or possibly read system memory via multiple crafted packets, related to moving a reassemble queue entry to the segment list when the queue is full.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/67153 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/58293 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2014/dsa-2952 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/59034 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id/1030172 | vdb-entry, x_refsource_SECTRACK | |
| http://www.freebsd.org/security/advisories/FreeBSD-SA-14:08.tcp.asc | vendor-advisory, x_refsource_FREEBSD |
Impacted products
| Vendor | Product | Version |
|---|