CVSS: 3.3EPSS: 0%CPEs: 13EXPL: 1CVE-2003-1366 – OpenBSD 2.x/3.x - CHPass Temporary File Link File Content Revealing
https://notcve.org/view.php?id=CVE-2003-1366
chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information. • https://www.exploit-db.com/exploits/22210 http://securityreason.com/securityalert/3238 http://www.epita.fr/~bevand_m/asa/asa-0001 http://www.securityfocus.com/archive/1/309962 http://www.securityfocus.com/bid/6748 http://www.securitytracker.com/id?1006035 https://exchange.xforce.ibmcloud.com/vulnerabilities/11233 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 3CVE-2003-0955 – OpenBSD - 'ibcs2_exec' Kernel Code Execution
https://notcve.org/view.php?id=CVE-2003-0955
OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by (1) ibcs2_exec.c in the iBCS2 emulation (compat_ibcs2) or (2) exec_elf.c, which leads to a stack-based buffer overflow. El Kernel OpenBSD 3.3 y 3.4 permite que usuarios locales causen una denegación de servicio (kernel panic) y posiblemente ejecuten código arbitrario en 3.4 mediante un programa con una cabecera inválida. Esto no lo maneja adecuadamente en (1) bcs2_exec.c o (2) exec_elf.c, que lleva a un desbordamiento de búfer. • https://www.exploit-db.com/exploits/118 https://www.exploit-db.com/exploits/125 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/005_exec.patch http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013315.html http://marc.info/?l=openbsd-security-announce&m=106808820119679&w=2 http://marc.info/?l=openbsd-security-announce&m=106917441524978&w=2 http://www.guninski.com/msuxobsd2.html http://www.openbsd.org/errata33.html http://www.securityfocus.com/bid/ •
CVSS: 5.0EPSS: 1%CPEs: 33EXPL: 0CVE-2003-0804
https://notcve.org/view.php?id=CVE-2003-0804
The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests. La función asplookup en FreeBSD 5.1 y anteriores, Max OS X anteriores a 10.2.8, y posiblemente otros sistemas basados en BSD, permite a atacantes remotos en una subred local causar una denegación de servicio (agotamiento de recursos y pánico) mediante una inundación de peticiones ARP suplantadas. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:14.arp.asc ftp://patches.sgi.com/support/free/security/advisories/20040502-01-P.asc http://docs.info.apple.com/article.html?artnum=61798 •
CVSS: 7.5EPSS: 0%CPEs: 105EXPL: 1CVE-2003-0681 – Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun
https://notcve.org/view.php?id=CVE-2003-0681
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. Un "desbordamiento de búfer potencial en el análisis de reglas" (ruleset parsing) en Sendmail 8.12.9 cuando se usan los conjuntos de reglas no estándar: (1) receptor, (2) final, o (3) receptores de envoltorio específicos del enviador de correo, tienen consecuencias desconocidas. • https://www.exploit-db.com/exploits/23154 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742 http://marc.info/?l=bugtraq&m=106383437615742&w=2 http://marc.info/?l=bugtraq&m=106398718909274&w=2 http://www.debian.org/security/2003/dsa-384 http://www.kb.cert.org/vuls/id/108964 http://www.mandriva.com/security/advisories?name=MDKSA-2003:092 http://www.redhat.com/support/errata/RHSA-2003-283.html http://www.securityfocus.com/bid/8649 http://www •
CVSS: 5.0EPSS: 12%CPEs: 26EXPL: 0CVE-2003-0688
https://notcve.org/view.php?id=CVE-2003-0688
The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data. • ftp://patches.sgi.com/support/free/security/advisories/20030803-01-P http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000727 http://www.kb.cert.org/vuls/id/993452 http://www.mandriva.com/security/advisories?name=MDKSA-2003:086 http://www.novell.com/linux/security/advisories/2003_035_sendmail.html http://www.redhat.com/support/errata/RHSA-2003-265.html http://www.sendmail.org/dnsmap1.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef •