CVSS: 7.2EPSS: 0%CPEs: 17EXPL: 3CVE-2008-5736 – FreeBSD 6.4 - Netgraph Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-5736
Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, 6.3 before 6.3-RELEASE-p7, 6.4 before 6.4-RELEASE-p1, 7.0 before 7.0-RELEASE-p7, 7.1 before 7.1-RC2, and 7 before 7.1-PRERELEASE allow local users to gain privileges via unknown attack vectors related to function pointers that are "not properly initialized" for (1) netgraph sockets and (2) bluetooth sockets. Múltiples vulnerabilidades sin especificar en FreeBSD 6 antes de 6.4-STABLE, 6.3 antes de 6.3-RELEASE-p7, 6.4 antes de 6.4-RELEASE-p1, 7.0 antes de 7.0-RELEASE-p7, 7.1 antes de 7.1-RC2 y 7 antes de 7.1-PRERELEASE permite a usuarios locales obtener privilegios mediante vectores de ataque desconocidos relacionados con punteros de funciones que "no están correctamente inicializados" para sockets(1) netgraph y (2) bluetooth. • https://www.exploit-db.com/exploits/16951 http://osvdb.org/50936 http://secunia.com/advisories/33209 http://security.freebsd.org/advisories/FreeBSD-SA-08:13.protosw.asc http://securityreason.com/securityalert/8124 http://www.exploit-db.com/exploits/16951 http://www.securityfocus.com/bid/32976 http://www.securitytracker.com/id?1021491 https://exchange.xforce.ibmcloud.com/vulnerabilities/47570 https://www.exploit-db.com/exploits/7581 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 2%CPEs: 2049EXPL: 0CVE-2008-4609
https://notcve.org/view.php?id=CVE-2008-4609
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. La implementación del protocolo TCP en (1) Linux, (2) plataformas basadas en BSD Unix, (3) Microsoft Windows, (4) productos Cisco, y probablemente otros sistemas operativos, permite a atacantes remotos provocar una denegación de servicio (agotamiento de cola de conexión) a través de múltiples vectores que manipulan información en la tabla de estados del TCP, como lo demuestra sockstress. • http://blog.robertlee.name/2008/10/conjecture-speculation.html http://insecure.org/stf/tcp-dos-attack-explained.html http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html http://marc.info/?l=bugtraq&m=125856010926699&w=2 http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html http://www.cpni • CWE-16: Configuration •
CVSS: 9.3EPSS: 2%CPEs: 10EXPL: 0CVE-2008-2476
https://notcve.org/view.php?id=CVE-2008-2476
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB). La implementación IPv6 Neighbor Discovery Protocol (NDP) en (1) FreeBSD v6.3 hasta v7.1, (2) OpenBSD v4.2 y v4.3, (3) NetBSD, (4) Force10 FTOS versiones anteriores a vE7.7.1.1, (5) Juniper JUNOS, y (6) Wind River VxWorks 5.x hasta v6.4 no valida los mensaje originales de Neighbor Discovery, lo cual permite a atacantes remotos provocar una denegación de servicio (pérdida de conectividad) o leer tráfico de red privado a través de mensajes falsos que modifica la Forward Information Base (FIB). • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc http://secunia.com/advisories/32112 http://secunia.com/advisories/32116 http://secunia.com/advisories/32117 http://secunia.com/advisories/32133 http://secunia.com/advisories/32406 http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc http://securitytracker.com/id?1020968 http://support.apple.com/kb/HT3467 http://www.kb.cert.org/vuls/id/472363 http://www.kb.cert.org/vuls/id/ • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 1%CPEs: 3EXPL: 0CVE-2008-3530
https://notcve.org/view.php?id=CVE-2008-3530
sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD 3.0 through 4.0, and possibly other operating systems does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message, which allows remote attackers to cause a denial of service (panic) via a crafted Packet Too Big Message. sys/netinet6/icmp6.c del kernel en FreeBSD 6.3 hasta la 7.1 no comprueba correctamente la nueva MTU propuesta en un paquete ICMPv6 de mensaje demasiado grande, lo cual permite a los atacantes remotos provocar una denegación de servicio (panic) a través de un Paquete manipulado Gran Mensaje. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-015.txt.asc http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/31745 http://secunia.com/advisories/32401 http://secunia.com/advisories/35074 http://security.freebsd.org/advisories/FreeBSD-SA-08:09.icmp6.asc http://support.apple.com/kb/HT3467 http://support.apple.com/kb/HT3549 http://www.securityfocus.com/bid/31004 http://www.securitytracker.com/id?1020820 htt • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 1CVE-2008-3531 – FreeBSD 7.0/7.1 - 'vfs.usermount' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-3531
Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in FreeBSD 7.0 and 7.1, when vfs.usermount is enabled, allows local users to gain privileges via a crafted (1) mount or (2) nmount system call, related to copying of "user defined data" in "certain error conditions." Desbordamiento de búfer basado en pila en sys/kern/vfs_mount.c del núcleo de FreeBSD 7.0 y 7.1, cuando vfs.usermount está habilitado; permite a usuarios locales obtener privilegios a través de una llamada al sistema manipulada a (1) mount o (2) nmount. Está relacionado con la copia de "datos definidos por el usuario" en "determinadas condiciones de error". • https://www.exploit-db.com/exploits/9082 http://security.FreeBSD.org/advisories/FreeBSD-SA-08:08.nmount.asc http://www.securityfocus.com/bid/31002 http://www.securitytracker.com/id?1020816 https://exchange.xforce.ibmcloud.com/vulnerabilities/45143 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •