CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2006-6164
https://notcve.org/view.php?id=CVE-2006-6164
The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges. La función _dl_unsetenv en loader.c en el ELF ld.so en OpenBSD 3.9 y 4.0 no borra adecuadamente variables de entorno duplicadas, lo cual permite a usuarios locales pasar variables peligrosas como LD_PRELOAD a procesos de carga, lo cual puede ser utilizado para obtener privilegios. • http://secunia.com/advisories/22993 http://securitytracker.com/id?1017253 http://www.matasano.com/log/592/finger-79tcp-mcdonald-dowd-and-schuh-challenge-part-2 http://www.openbsd.org/errata.html#ldso http://www.openbsd.org/errata39.html#ldso http://www.securityfocus.com/archive/1/452371/100/0/threaded http://www.securityfocus.com/archive/1/452428/100/0/threaded http://www.securityfocus.com/bid/21188 https://exchange.xforce.ibmcloud.com/vulnerabilities/30441 •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 3CVE-2006-5550 – FreeBSD 6.1 - '/dev/crypto' Local Kernel Denial of Service
https://notcve.org/view.php?id=CVE-2006-5550
The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certain ioctl requests to /dev/crypto. El núcleo en FreeBSD 6.1 y OpenBSD 4.0 permite a usuarios locales provocar una denegación de servicio mediante vectores sin especificar relativas a peticiones concretas ioctl al /dev/crypto. • https://www.exploit-db.com/exploits/2639 http://elegerov.blogspot.com/2006/10/here-is-lame-proof-of-concept-code-for.html http://secunia.com/advisories/22543 http://www.securityfocus.com/bid/20713 •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 1CVE-2006-5218
https://notcve.org/view.php?id=CVE-2006-5218
Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in systrace in OpenBSD 3.9 and NetBSD 3 allows local users to cause a denial of service (crash), gain privileges, or read arbitrary kernel memory via large numeric arguments to the systrace ioctl. Desbordamiento de entero en la función systrace_preprepl (STRIOCREPLACE) en systrace de OpenBSD 3.9 y NetBSD 3 permite a usuarios locales provocar una denegación de servicio (caída), escalar privilegios, o leer memoria del núcleo de su elección mediante argumentos numéricos muy grandes en la llamada ioctl systrace. • http://openbsd.org/errata.html#systrace http://scary.beasts.org/security/CESA-2006-003.html http://secunia.com/advisories/22324 http://securitytracker.com/id?1017009 http://www.osvdb.org/29570 http://www.securityfocus.com/bid/20392 https://exchange.xforce.ibmcloud.com/vulnerabilities/29392 •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2006-4435
https://notcve.org/view.php?id=CVE-2006-4435
OpenBSD 3.8, 3.9, and possibly earlier versions allows context-dependent attackers to cause a denial of service (kernel panic) by allocating more semaphores than the default. OpenBSD 3.8, 3.9,y posiblemente versiones anteriores permiten a un atacante dependiente del contexto provocar denegación de servicio (kernel panic) destinando mas semaforos que los que hay por defecto. • http://secunia.com/advisories/21642 http://securitytracker.com/id?1016756 http://www.openbsd.org/errata.html#sem http://www.openbsd.org/errata38.html#sem http://www.osvdb.org/28195 http://www.securityfocus.com/bid/19713 https://exchange.xforce.ibmcloud.com/vulnerabilities/28617 •
CVSS: 5.0EPSS: 9%CPEs: 2EXPL: 0CVE-2006-4436
https://notcve.org/view.php?id=CVE-2006-4436
isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates Security Associations (SA) with a replay window of size 0 when isakmpd acts as a responder during SA negotiation, which allows remote attackers to replay IPSec packets and bypass the replay protection. isakmpd en OpenBSD 3.8, 3.9, y posiblemente versiones anetriores, crea Asociaciones de Seguridad (Security Associations o SA) con una ventana de respuesta de tamañoñ 0 cuando isakmpd actúa como respondedor durante una negociación SA, lo que permite a atacantes remotos repetir paquetes IPSec y evitar la protección contra repetición. • http://secunia.com/advisories/21652 http://secunia.com/advisories/21905 http://securitytracker.com/id?1016757 http://www.debian.org/security/2006/dsa-1175 http://www.openbsd.org/errata.html#isakmpd http://www.openbsd.org/errata38.html#isakmpd http://www.osvdb.org/28194 http://www.securityfocus.com/bid/19712 https://exchange.xforce.ibmcloud.com/vulnerabilities/28645 •