CVE-2009-1436 – FreeBSD 7.1 - libc Berkley DB Interface Uninitialized Memory Local Information Disclosure
https://notcve.org/view.php?id=CVE-2009-1436
The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file. La interfaz de base de datos en libc en FreeBSD 6.3, 6.4, 7.0, 7.1, y 7.2-PRERELEASE no inicializa correctamente la memoria para las estructuras de la base de datos Berkeley DB v1.85, lo cual permite a usuarios locales obtener información sensible mediante la lectura de un archivo de base de datos. • https://www.exploit-db.com/exploits/32946 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10756 http://osvdb.org/53918 http://secunia.com/advisories/34810 http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc http://www.securityfocus.com/bid/34666 http://www.securitytracker.com/id?1022113 • CWE-20: Improper Input Validation •
CVE-2009-1041 – FreeBSD 7.0/7.1 - 'ktimer' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-1041
The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 allows local users to overwrite arbitrary kernel memory via an out-of-bounds timer value. La funcionalidad ktimer (sys/kern/kern_time.c) de FreeBSD v7.0, v7.1 y v7.2, permite a usuarios locales sobrescribir a su elección la memoria del kernel a través de un valor timer fuera de rango. • https://www.exploit-db.com/exploits/8261 http://security.freebsd.org/advisories/FreeBSD-SA-09:06.ktimer.asc http://www.securityfocus.com/bid/34196 http://www.securitytracker.com/id?1021882 https://exchange.xforce.ibmcloud.com/vulnerabilities/49362 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-0641 – FreeBSD 7.0-RELEASE - Telnet Daemon Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-0641
sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library. sys_term.c en telnetd en FreeBSD v7.0-RELEASE y otras v7.x borra variables de entorno peligrosas con un método que solo fue valido en distribuciones antiguas de FreeBSD, lo que permite a atacantes remotos ejecutar código de su elección a través de un cliente de telnet de una variable de entorno manipulada, como se demuestra mediante el valor LD_PRELOAD que hace referencia a una librería maliciosa. • https://www.exploit-db.com/exploits/8055 http://lists.grok.org.uk/pipermail/full-disclosure/2009-February/067954.html http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc http://www.securityfocus.com/bid/33777 https://exchange.xforce.ibmcloud.com/vulnerabilities/48780 • CWE-16: Configuration CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-5736 – FreeBSD 6.4 - Netgraph Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-5736
Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, 6.3 before 6.3-RELEASE-p7, 6.4 before 6.4-RELEASE-p1, 7.0 before 7.0-RELEASE-p7, 7.1 before 7.1-RC2, and 7 before 7.1-PRERELEASE allow local users to gain privileges via unknown attack vectors related to function pointers that are "not properly initialized" for (1) netgraph sockets and (2) bluetooth sockets. Múltiples vulnerabilidades sin especificar en FreeBSD 6 antes de 6.4-STABLE, 6.3 antes de 6.3-RELEASE-p7, 6.4 antes de 6.4-RELEASE-p1, 7.0 antes de 7.0-RELEASE-p7, 7.1 antes de 7.1-RC2 y 7 antes de 7.1-PRERELEASE permite a usuarios locales obtener privilegios mediante vectores de ataque desconocidos relacionados con punteros de funciones que "no están correctamente inicializados" para sockets(1) netgraph y (2) bluetooth. • https://www.exploit-db.com/exploits/16951 http://osvdb.org/50936 http://secunia.com/advisories/33209 http://security.freebsd.org/advisories/FreeBSD-SA-08:13.protosw.asc http://securityreason.com/securityalert/8124 http://www.exploit-db.com/exploits/16951 http://www.securityfocus.com/bid/32976 http://www.securitytracker.com/id?1021491 https://exchange.xforce.ibmcloud.com/vulnerabilities/47570 https://www.exploit-db.com/exploits/7581 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-4609
https://notcve.org/view.php?id=CVE-2008-4609
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. La implementación del protocolo TCP en (1) Linux, (2) plataformas basadas en BSD Unix, (3) Microsoft Windows, (4) productos Cisco, y probablemente otros sistemas operativos, permite a atacantes remotos provocar una denegación de servicio (agotamiento de cola de conexión) a través de múltiples vectores que manipulan información en la tabla de estados del TCP, como lo demuestra sockstress. • http://blog.robertlee.name/2008/10/conjecture-speculation.html http://insecure.org/stf/tcp-dos-attack-explained.html http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html http://marc.info/?l=bugtraq&m=125856010926699&w=2 http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html http://www.cpni • CWE-16: Configuration •