CVE-2005-0708 – FreeBSD-SA-05:02.sendfile Exploit
https://notcve.org/view.php?id=CVE-2005-0708
The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information. • https://www.freebsd.org/security/advisories/FreeBSD-SA-05:02.sendfile.asc •
CVE-2005-0109
https://notcve.org/view.php?id=CVE-2005-0109
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.24/SCOSA-2005.24.txt http://marc.info/?l=freebsd-hackers&m=110994026421858&w=2 http://marc.info/?l=freebsd-security&m=110994370429609&w=2 http://marc.info/?l=openbsd-misc&m=110995101417256&w=2 http://secunia.com/advisories/15348 http://secunia.com/advisories/18165 http://securitytracker.com/id?1013967 http://sunsolve.sun.com/search/document.do? •
CVE-2004-1471 – CVS 1.11.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1471
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line. • https://www.exploit-db.com/exploits/24182 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:14.cvs.asc http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html http://security.e-matters.de/advisories/092004.html http://www.securityfocus.com/bid/10499 https://exchange.xforce.ibmcloud.com/vulnerabilities/16365 •
CVE-2004-1066
https://notcve.org/view.php?id=CVE-2004-1066
The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly validate a process argument vector, which allows local users to cause a denial of service (panic) or read portions of kernel memory. NOTE: this candidate might be SPLIT into 2 separate items in the future. Los pseudoficheros cmdline en procfs en FreeBSD 4.8 a 5.3, y linprocfs en FreeBSD 5.x a 5.3 no validan adecuadamente un vector de argumento de proceso, lo que permite a usuarios locales causar una denegación de servicio (pánico) o leer porciones de memoria del kernle. NOTA: Esta candidata puede ser separada en dos vulnerabilidades en el futuro. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:17.procfs.asc https://exchange.xforce.ibmcloud.com/vulnerabilities/18321 •
CVE-2004-0602
https://notcve.org/view.php?id=CVE-2004-0602
The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local users to access kernel memory to gain privileges or cause a system panic. El modo de compatibilidad binaria de FreeBSD 4.x y 5.x no maneja adecuadamente ciertas llamadas al sistema de Linux, lo que podría permitir a usuarios locales acceder a memoria del kernel para ganar privilegios o causar un pánico de sistema. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:13.linux.asc http://www.securityfocus.com/bid/10643 https://exchange.xforce.ibmcloud.com/vulnerabilities/16558 •