CVE-2006-4516 – FreeBSD 5.4/6.0 - 'ptrace PT_LWPINFO' Local Denial of Service
https://notcve.org/view.php?id=CVE-2006-4516
Integer signedness error in FreeBSD 6.0-RELEASE allows local users to cause a denial of service (memory corruption and kernel panic) via a PT_LWPINFO ptrace command with a large negative data value that satisfies a signed maximum value check but is used in an unsigned copyout function call. Error de signo de entero en FreeBSD 6.0-RELEASE permite a usuarios locales propiciar una denegación de servicio (corrupción de memoria y pánico kernel) mediante una órden PT_LWPINFO ptrace con un valor de dato grande y negativo que concuerda con una validación de máximo valor con signo, pero que es usado en la devolución sin signo de una función. • https://www.exploit-db.com/exploits/2524 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=419 http://secunia.com/advisories/22367 http://www.securityfocus.com/bid/20440 https://exchange.xforce.ibmcloud.com/vulnerabilities/29476 •
CVE-2006-4304
https://notcve.org/view.php?id=CVE-2006-4304
Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver. Desbordamiento de búfer en el controlador sppp en FreeBSD 4.11 hasta 6.1, NetBSD 2.0 hasta 4.0 beta anterior al 23/08/2006, y OpenBSD 3.8 y 3.9 anterior al 02/09/2006 permite a atacanets remotos provocar una denegación de servicio (panic), obtener información sensible, y posiblemente ejecutar código de su elección mediante paquetes LCP (Link Control Protocol) modificados con una longitud de opciones que excede la longitud total, lo que provoca un desbordamiento en (1) pppoe y (2) ippp. NOTA: este problema fue inicial e incorrectamente reportado para el controlador ppp. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-019.txt.asc http://secunia.com/advisories/21587 http://secunia.com/advisories/21731 http://security.FreeBSD.org/advisories/FreeBSD-SA-06:18.ppp.asc http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch http://securitytracker.com/id?1016745 http://www.openbsd.org/errata.html#sppp http://www.openbsd.org/errata38.html#sppp http://www.securityfocus.com/bid/19684 https://exchange.xforce.ibmcloud.com/vulnerabilities •
CVE-2006-2655
https://notcve.org/view.php?id=CVE-2006-2655
The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally disables access restrictions when using the /var/yp/securenets file, which allows remote attackers to bypass intended access restrictions. • http://secunia.com/advisories/20389 http://security.freebsd.org/advisories/FreeBSD-SA-06:15.ypserv.asc http://securitytracker.com/id?1016193 http://www.osvdb.org/25852 http://www.securityfocus.com/bid/18204 https://exchange.xforce.ibmcloud.com/vulnerabilities/26792 •
CVE-2006-2654
https://notcve.org/view.php?id=CVE-2006-2654
Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to 6.1 allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences. NOTE: this is similar to CVE-2006-1864, but this is a different implementation of smbfs, so it has a different CVE identifier. • http://secunia.com/advisories/20390 http://security.freebsd.org/advisories/FreeBSD-SA-06:16.smbfs.asc http://securitytracker.com/id?1016194 http://www.osvdb.org/25851 http://www.securityfocus.com/bid/18202 https://exchange.xforce.ibmcloud.com/vulnerabilities/26860 •
CVE-2006-1283
https://notcve.org/view.php?id=CVE-2006-1283
opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd. 'opiepasswd' en One-Time Passwords en Everything (OPIE) en FreeBSDE 4.10-RELEASE-p22 a 6.1-STABLE anteriores a 20060322 usa la función "getlogin" para determinar la cuenta de usuario invocante, lo que podría permitir a usuarios locales para configurar acceso de OPIE a la cuenta 'root' y posiblemente ganar privilegios de root si un intérprete de comandos de root es permitido por la configuración del grupo 'wheel' o sshd. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:12.opie.asc http://secunia.com/advisories/19347 http://securitytracker.com/id?1015817 http://www.osvdb.org/24067 http://www.securityfocus.com/bid/17194 http://www.vupen.com/english/advisories/2006/1074 https://exchange.xforce.ibmcloud.com/vulnerabilities/25397 •