CVSS: 9.3EPSS: 2%CPEs: 3EXPL: 0CVE-2008-3584
https://notcve.org/view.php?id=CVE-2008-3584
NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not properly check the length of a PPPoE packet tag, which allows remote attackers to cause a denial of service (system crash) via a crafted PPPoE packet. NetBSD 3.0, 3.1, y 4.0, cuando una instancia pppoe existe, no chequea correctamente la etiqueta de la longitud del paquete PPPoE, el cual permite a los atacantes remotos causar una denegación de servicio (caída del sistema) a través de un paquete PPPoE manipulado. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-010.txt.asc http://secunia.com/advisories/31597 http://support.apple.com/kb/HT3467 http://www.securityfocus.com/bid/30838 http://www.securitytracker.com/id?1020749 http://www.vupen.com/english/advisories/2009/0633 https://exchange.xforce.ibmcloud.com/vulnerabilities/44679 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 2%CPEs: 3EXPL: 1CVE-2008-2464
https://notcve.org/view.php?id=CVE-2008-2464
The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD 4.0, FreeBSD, and KAME, when INET6 is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ICMPv6 Multicast Listener Discovery (MLD) query with a certain Maximum Response Delay value. La Función mld_input en sys/netinet6/mld6.c in the kernel en NetBSD 4.0, FreeBSD, y KAME, cuando INET6 está habilitado, permite a atacantes remotos provocar una denegación de servicio (Error de división entre 0 y caída) a través de una petición ICMPv6 Multicast Listener Discovery (MLD) mal formada con un determinado valor de "Maximum Response Delay". • http://cert.fi/haavoittuvuudet/2008/advisory-netbsd.html http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/mld6.c http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/mld6.c.diff?r1=1.46&r2=1.47&f=h http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-011.txt.asc http://securitytracker.com/id?1020822 http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet6/mld6.c http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet6/mld6.c.diff?r1=1.34%3Br • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 2%CPEs: 9EXPL: 3CVE-2008-1391 – BSD (Multiple Distributions) - 'strfmon()' Integer Overflow
https://notcve.org/view.php?id=CVE-2008-1391
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec. Múltiples desbordamientos de entero en libc de NetBSD 4.x, FreeBSD 6.x y 7.x, y posiblemente otras plataformas BSD y Apple Mac OS permiten a atacantes dependientes del contexto ejecutar código de su elección a través de valores de ciertos campos de enteros en el argumento de formato de (1) la función strfmon en lib/libc/stdlib/strfmon.c, en relación a la macro GET_NUMBER; y (2) la función printf, en relación a left_prec y right_prec. • https://www.exploit-db.com/exploits/31550 http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdlib/strfmon.c http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/29574 http://secunia.com/advisories/33179 http://securityreason.com/achievement_securityalert/53 http://securityreason.com/securityalert/3770 http://support.apple.com/kb/HT3338 http://www.debian.org/security/2010/dsa-2058 http://www.securityfocus.com/archive/1/490 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 0%CPEs: 14EXPL: 0CVE-2008-1335
https://notcve.org/view.php?id=CVE-2008-1335
The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 and NetBSD-current before 20071028, when the fast_ipsec subsystem is enabled, allows remote attackers to bypass the IPsec policy by sending packets from a source machine with a different endianness than the destination machine, a different vulnerability than CVE-2006-0905. La función ipsec4_get_ulp del kernel en las versiones 2.0 a 3.1 de NetBSD y NetBSD-current anterior a 20071028, cuando está habilitado el subsistema fast_ipsec, permite a atacantes remotos saltarse las restricciones de IPsec al enviar paquetes desde una máquina origen con diferente longitud de carácter que la máquina destino, siendo un vulnerabilidad diferente a CVE-2006-0905. • ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2008-002.txt.asc http://secunia.com/advisories/29180 http://securitytracker.com/id?1019533 http://www.securityfocus.com/bid/28045 •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 4CVE-2008-1215 – BSD PPP 'pppx.conf' - Local Denial of Service
https://notcve.org/view.php?id=CVE-2008-1215
Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via long commands containing "~" characters. Desbordamiento de búfer basado en pila en la función command_Expand_Interpret de command.c en ppp (aka user-ppp), como se distribuyó en FreeBSD 6.3 y 7.0, OpenBSD 4.1 y 4.2, y el paquete net/userppp para NetBSD, permite a usuarios locales obtener privilegios a través de comandos largos que contienen los caracteres "~". • https://www.exploit-db.com/exploits/31333 http://secunia.com/advisories/29234 http://secunia.com/advisories/29238 http://secunia.com/advisories/29240 http://www.openbsd.org/errata41.html#014_ppp http://www.openbsd.org/errata42.html#009_ppp http://www.securityfocus.com/archive/82/488980/30/0/threaded http://www.securityfocus.com/archive/82/489031/30/0/threaded http://www.securityfocus.com/bid/28090 https://exchange.xforce.ibmcloud.com/vulnerabilities/41034 • CWE-264: Permissions, Privileges, and Access Controls •