CVE-2001-0247 – FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x - FTPd 'glob()' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2001-0247
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3. • https://www.exploit-db.com/exploits/20731 https://www.exploit-db.com/exploits/20732 https://www.exploit-db.com/exploits/20733 ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-018.txt.asc ftp://patches.sgi.com/support/free/security/advisories/20010802-01-P http://archives.neohapsis.com/archives/freebsd/2001-04/0466.html http://www.cert.org/advisories/CA-2001-07.html http://www.nai.com/research/covert/advisories/048.asp http://www.securityfocus.com •
CVE-2000-0916 – Linux Kernel 2.2 - Predictable TCP Initial Sequence Number
https://notcve.org/view.php?id=CVE-2000-0916
FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections. • https://www.exploit-db.com/exploits/19522 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:52.tcp-iss.asc http://www.securityfocus.com/bid/1766 •
CVE-2000-0461
https://notcve.org/view.php?id=CVE-2000-0461
The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:19.semconfig.asc ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-004.txt.asc http://www.openbsd.org/errata26.html#semconfig http://www.securityfocus.com/bid/1270 •
CVE-1999-0761
https://notcve.org/view.php?id=CVE-1999-0761
Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program. • http://www.osvdb.org/1074 http://www.securityfocus.com/bid/644 •
CVE-1999-0001
https://notcve.org/view.php?id=CVE-1999-0001
ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets. ip_input.c en implementaciones de TCP/IP derivadas de BSD permiten a atacantes remotos causar una denegación de servicio (cuelgue o caída) mediante paquetes artesanales. • http://www.openbsd.org/errata23.html#tcpfix http://www.osvdb.org/5707 • CWE-20: Improper Input Validation •