CVE-2004-0602
https://notcve.org/view.php?id=CVE-2004-0602
The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local users to access kernel memory to gain privileges or cause a system panic. El modo de compatibilidad binaria de FreeBSD 4.x y 5.x no maneja adecuadamente ciertas llamadas al sistema de Linux, lo que podría permitir a usuarios locales acceder a memoria del kernel para ganar privilegios o causar un pánico de sistema. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:13.linux.asc http://www.securityfocus.com/bid/10643 https://exchange.xforce.ibmcloud.com/vulnerabilities/16558 •
CVE-2004-0125
https://notcve.org/view.php?id=CVE-2004-0125
The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verify that an attempt to manipulate routing tables originated from a non-jailed process, which could allow local users to modify the routing table. La llamada de sistema jail en FreeBSD 4.x anterior a 4.10-RELEASE no verifica que un intento de manipular tablas de encaminamiento provenga de un proceso no enjaulado, lo que podría permitir a usuarios locales modificar la tabla de encaminamiento. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:12.jailroute.asc http://www.securityfocus.com/bid/10485 https://exchange.xforce.ibmcloud.com/vulnerabilities/16342 •
CVE-2004-0435
https://notcve.org/view.php?id=CVE-2004-0435
Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk. Ciertos "errores de programacíón" en la llamada al sistema msync de FreeBSD 5.2.1 y anteriores y 4.10 y anteriores, no maneja adecuadamente la operación MS_INVALIDATE, lo que lleva a problemas de consistencia de caché que permiten al usuario local impedir que ciertos cambios en ficheros se lleven a cabo en el disco. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:11.msync.asc http://secunia.com/advisories/11714 http://www.securityfocus.com/bid/10416 https://exchange.xforce.ibmcloud.com/vulnerabilities/16254 •
CVE-2004-0081
https://notcve.org/view.php?id=CVE-2004-0081
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. OpenSSL 0.9.6 anteriores a la 0.9.6d no manejan adecuadamente los tipos de mensajes desconocidos, lo que permite a atacantes remotos causar una denegación de servicios (por bucle infinito), como se demuestra utilizando la herramienta de testeo Codenomicon TLS. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 http://fedoranews.org/updates/FEDORA-2004-095.shtml http://marc.info/?l=bugtraq&m=107955049331965&w=2 http://marc.info/?l=bugtraq&m=108403850228012&w=2 http://rhn.redhat.com/errata/RHSA-2004-119.html http://secunia.com/advisories/11139 http://security.gen •
CVE-2004-0112
https://notcve.org/view.php?id=CVE-2004-0112
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. El código que une SSL/TLS en OpenSSL 0.9.7a, 0.9.7b y 0.9.7c, usando Kerberos, no comprueba adecuadamente la longitud de los tickets de Kerberos, lo que permite que atacantes remotos provoquen una denegación de servicio. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 http://docs.info.apple.com/article.html?artnum=61798 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.apple.com/mhonarc/security-announce/msg00045.html http: • CWE-125: Out-of-bounds Read •