CVSS: 10.0EPSS: 79%CPEs: 8EXPL: 7CVE-2003-0466 – FreeBSD 4.8 - 'realpath()' Off-by-One Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-0466
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. Error de fuera-por-uno (off-by-one) en la función fb_realpath(), derivada de la función realpath de BSD, pude permitir a atacantes ejecutar código arbitrario, como se ha demostrado en wu-ftpd 2.5.0 a 2.6.2 mediante comandos que causan que nombres de rutas de tamaño MAXPATHLEN+1 disparen un desbordamiento de búfer, incluyendo: (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, y (8) RNTO. • https://www.exploit-db.com/exploits/22976 https://www.exploit-db.com/exploits/78 https://www.exploit-db.com/exploits/74 https://www.exploit-db.com/exploits/22974 https://www.exploit-db.com/exploits/22975 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01 http://isec.pl/vulnerabilities/isec-0011-wu • CWE-193: Off-by-one Error •
CVSS: 4.6EPSS: 0%CPEs: 6EXPL: 0CVE-2002-1476
https://notcve.org/view.php?id=CVE-2002-1476
Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh. Desbordamiento de búfer en setlocale en libc de NetBSD 1.4.x a 1.5, y posiblemente otros sistemas operativos, cuando es llamado con la categoría LC_ALL, permite a atacantes locales ejecutar código arbitrario mediante una cadena de formato controlada por el usuario que tenga más de 6 elementos, lo que excede los límites del array de categoría new_categories, es explotable a través de otros programas como xterm y zsh. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-012.txt.asc http://www.iss.net/security_center/static/10159.php http://www.osvdb.org/7565 http://www.securityfocus.com/bid/5724 •
CVSS: 2.1EPSS: 0%CPEs: 24EXPL: 0CVE-2002-1490
https://notcve.org/view.php?id=CVE-2002-1490
NetBSD 1.4 through 1.6 beta allows local users to cause a denial of service (kernel panic) via a series of calls to the TIOCSCTTY ioctl, which causes an integer overflow in a structure counter and sets the counter to zero, which frees memory that is still in use by other processes. NetBSD 1.4 a la 1.6 beta permite a usuarios locales causar la Denegación de Servicios (DoS) mediante una serie de llamadas a TIOCSCTTY ioctl, lo cual provoca un desbordamiento de enteros en un contador, poniendo dicho contador a 0, liberando memoria que aún esta en uso por otros procesos. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-007.txt.asc http://www.iss.net/security_center/static/10115.php http://www.osvdb.org/7566 http://www.securityfocus.com/bid/5722 •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2002-1543
https://notcve.org/view.php?id=CVE-2002-1543
Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users to gain privileges via long keyboard input. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-025.txt.asc http://www.iss.net/security_center/static/10458.php http://www.osvdb.org/7570 http://www.securityfocus.com/bid/6036 •
CVSS: 7.2EPSS: 0%CPEs: 23EXPL: 0CVE-2002-1500
https://notcve.org/view.php?id=CVE-2002-1500
Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD 1.4.x through 1.6 allows local users to gain privileges by executing the programs after filling the file descriptor tables, which produces file descriptors larger than FD_SETSIZE, which are not checked by FD_SET(). Desbordamiento de búfer en mrinfo, mtrace, y pppd en NetBSD 1.4.x a 1.6 permite a usuarios locales ganar privilegios ejecutando los programas despues de rellenar las tablas de descritptores de ficherros, lo que produce descriptores de ficheros mayores que FD_SETSIZE, que no son comprobados por FD_SET() • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-014.txt.asc http://www.iss.net/security_center/static/10114.php http://www.securityfocus.com/bid/5727 •