CVE-2008-2476
https://notcve.org/view.php?id=CVE-2008-2476
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB). La implementación IPv6 Neighbor Discovery Protocol (NDP) en (1) FreeBSD v6.3 hasta v7.1, (2) OpenBSD v4.2 y v4.3, (3) NetBSD, (4) Force10 FTOS versiones anteriores a vE7.7.1.1, (5) Juniper JUNOS, y (6) Wind River VxWorks 5.x hasta v6.4 no valida los mensaje originales de Neighbor Discovery, lo cual permite a atacantes remotos provocar una denegación de servicio (pérdida de conectividad) o leer tráfico de red privado a través de mensajes falsos que modifica la Forward Information Base (FIB). • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc http://secunia.com/advisories/32112 http://secunia.com/advisories/32116 http://secunia.com/advisories/32117 http://secunia.com/advisories/32133 http://secunia.com/advisories/32406 http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc http://securitytracker.com/id?1020968 http://support.apple.com/kb/HT3467 http://www.kb.cert.org/vuls/id/472363 http://www.kb.cert.org/vuls/id/ • CWE-20: Improper Input Validation •
CVE-2008-3530
https://notcve.org/view.php?id=CVE-2008-3530
sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD 3.0 through 4.0, and possibly other operating systems does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message, which allows remote attackers to cause a denial of service (panic) via a crafted Packet Too Big Message. sys/netinet6/icmp6.c del kernel en FreeBSD 6.3 hasta la 7.1 no comprueba correctamente la nueva MTU propuesta en un paquete ICMPv6 de mensaje demasiado grande, lo cual permite a los atacantes remotos provocar una denegación de servicio (panic) a través de un Paquete manipulado Gran Mensaje. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-015.txt.asc http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/31745 http://secunia.com/advisories/32401 http://secunia.com/advisories/35074 http://security.freebsd.org/advisories/FreeBSD-SA-08:09.icmp6.asc http://support.apple.com/kb/HT3467 http://support.apple.com/kb/HT3549 http://www.securityfocus.com/bid/31004 http://www.securitytracker.com/id?1020820 htt • CWE-20: Improper Input Validation •
CVE-2008-3890
https://notcve.org/view.php?id=CVE-2008-3890
The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an extra swapgs call after a General Protection Fault (GPF), which allows local users to gain privileges by triggering a GPF during the kernel's return from (1) an interrupt, (2) a trap, or (3) a system call. El kernel de FreeBSD 6.3 hasta 7.0 en las plataformas de amd64 , puede hacer excesivas llamadas swapgs después de un Fallo General de Protección -General Protection Fault (GPF)-; esto permite a usuarios locales obtener privilegios provocando un Fallo General de Protección durante el regreso del kernel desde (1) una interrupción, (2) un paso del proceso de modo de usuario a modo kernel, o (3) una llamada al sistema. • http://secunia.com/advisories/31743 http://security.freebsd.org/advisories/FreeBSD-SA-08:07.amd64.asc http://www.securityfocus.com/bid/31003 http://www.securitytracker.com/id?1020815 https://exchange.xforce.ibmcloud.com/vulnerabilities/44905 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-1391 – BSD (Multiple Distributions) - 'strfmon()' Integer Overflow
https://notcve.org/view.php?id=CVE-2008-1391
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec. Múltiples desbordamientos de entero en libc de NetBSD 4.x, FreeBSD 6.x y 7.x, y posiblemente otras plataformas BSD y Apple Mac OS permiten a atacantes dependientes del contexto ejecutar código de su elección a través de valores de ciertos campos de enteros en el argumento de formato de (1) la función strfmon en lib/libc/stdlib/strfmon.c, en relación a la macro GET_NUMBER; y (2) la función printf, en relación a left_prec y right_prec. • https://www.exploit-db.com/exploits/31550 http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdlib/strfmon.c http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/29574 http://secunia.com/advisories/33179 http://securityreason.com/achievement_securityalert/53 http://securityreason.com/securityalert/3770 http://support.apple.com/kb/HT3338 http://www.debian.org/security/2010/dsa-2058 http://www.securityfocus.com/archive/1/490 • CWE-189: Numeric Errors •
CVE-2008-1215 – BSD PPP 'pppx.conf' - Local Denial of Service
https://notcve.org/view.php?id=CVE-2008-1215
Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via long commands containing "~" characters. Desbordamiento de búfer basado en pila en la función command_Expand_Interpret de command.c en ppp (aka user-ppp), como se distribuyó en FreeBSD 6.3 y 7.0, OpenBSD 4.1 y 4.2, y el paquete net/userppp para NetBSD, permite a usuarios locales obtener privilegios a través de comandos largos que contienen los caracteres "~". • https://www.exploit-db.com/exploits/31333 http://secunia.com/advisories/29234 http://secunia.com/advisories/29238 http://secunia.com/advisories/29240 http://www.openbsd.org/errata41.html#014_ppp http://www.openbsd.org/errata42.html#009_ppp http://www.securityfocus.com/archive/82/488980/30/0/threaded http://www.securityfocus.com/archive/82/489031/30/0/threaded http://www.securityfocus.com/bid/28090 https://exchange.xforce.ibmcloud.com/vulnerabilities/41034 • CWE-264: Permissions, Privileges, and Access Controls •