CVE-2016-1885 – FreeBSD 10.2 (x64) - 'amd64_set_ldt' Heap Overflow
https://notcve.org/view.php?id=CVE-2016-1885
Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service (kernel panic) via an i386_set_ldt system call, which triggers a heap-based buffer overflow. Error de entero sin signo en la función amd64_set_ldt en sys/amd64/amd64/sys_machdep.c en FreeBSD 9.3 en versiones anteriores a p39, 10.1 en versiones anteriores a p31 y 10.2 en versiones anteriores a p14 permite a usuarios locales provocar una denegación de servicio (pánico en el kernel) a través de una llamada i386_set_ldt system, lo que desencadena un desbordamiento de buffer basado en memoria dinámica. • https://www.exploit-db.com/exploits/39570 http://packetstormsecurity.com/files/136276/FreeBSD-Kernel-amd64_set_ldt-Heap-Overflow.html http://seclists.org/fulldisclosure/2016/Mar/56 http://seclists.org/fulldisclosure/2016/Mar/67 http://www.coresecurity.com/advisories/freebsd-kernel-amd64setldt-heap-overflow http://www.securityfocus.com/archive/1/537812/100/0/threaded http://www.securityfocus.com/archive/1/537813/100/0/threaded http://www.securitytracker.com/id/1035309 https://security.Free • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-7977 – ntp: restriction list NULL pointer dereference
https://notcve.org/view.php?id=CVE-2015-7977
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. ntpd en NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) mediante un comando ntpdc reslist. A NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could potentially use this flaw to crash ntpd. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html http://lists.opensuse.org/opensuse-security-announce • CWE-476: NULL Pointer Dereference •
CVE-2016-1883
https://notcve.org/view.php?id=CVE-2016-1883
The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors. La llamada de sistema issetugid en la capa de compatibilidad de Linux en FreeBSD 9.3, 10.1 y 10.2 permite a usuarios locales obtener privilegios a través de vectores no especificados. • http://www.securitytracker.com/id/1034872 https://www.freebsd.org/security/advisories/FreeBSD-SA-16:10.linux.asc • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-7973
https://notcve.org/view.php?id=CVE-2015-7973
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90, cuando está configurado en modo de difusión, permite a atacantes man-in-the-middle realizar ataques de repetición rastreando la red. • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2016-08 • CWE-254: 7PK - Security Features •
CVE-2015-5677 – FreeBSD bsnmpd Information Disclosure
https://notcve.org/view.php?id=CVE-2015-5677
bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable permissions on the snmpd.config file, which allows local users to obtain the secret key for USM authentication by reading the file. bsnmpd, como se utiliza en FreeBSD 9.3, 10.1 y 10.2, utiliza permisos de lectura universal en el archivo snmpd.config, lo que permite a usuarios locales obtener la clave secreta para autenticación USM leyendo el archivo. FreeBSD suffers from a bsnmpd information disclosure vulnerability. • http://www.securitytracker.com/id/1034678 https://pierrekim.github.io/blog/2016-01-15-cve-2015-5677-freebsd-bsnmpd.html https://www.freebsd.org/security/advisories/FreeBSD-SA-16:06.bsnmpd.asc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •