Page 30 of 341 results (0.008 seconds)

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 2

The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running. • http://archives.neohapsis.com/archives/openbsd/2005-10/1523.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041177.html http://www.redteam-pentesting.de/advisories/rt-sa-2005-015.txt http://www.redteam-pentesting.de/advisories/rt-sa-2005-15.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/24037 •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used for authentication without other encryption, uses a constant key instead of the one that was assigned by the system administrator, which can allow remote attackers to spoof packets to establish an IPsec session. El algoritmo AES-XCBC-MACen IPsec en FreeBSD 5.3 y 5.4, cuando se usa para autentificación sin otra encriptación, usa una clave constante (en vez de la que asigne el administrador del sistema). Esto puede permitir que atacantes remotos establezcan una sesión IPsec. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:19.ipsec.asc http://secunia.com/advisories/16244 http://securitytracker.com/id?1014586 http://www.securityfocus.com/bid/14394 https://exchange.xforce.ibmcloud.com/vulnerabilities/21551 •

CVSS: 7.2EPSS: 0%CPEs: 21EXPL: 0

The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type when creating a device node, which makes hidden devices available to attackers, who can then bypass restrictions on a jailed process. El sistema de ficheros de dispositivos en FreeBSD 5.x no comprueba adecuadamente los parámetros del tipo de nodo cuando crea un nodo de dispositivo, lo que hace que dispositivos ocultos estén disponibles a tacantes (quienes pueden por tanto sortear restricciones en ciertos procesos). • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:17.devfs.asc http://secunia.com/advisories/16145 http://securitytracker.com/id?1014536 http://www.osvdb.org/18123 http://www.securityfocus.com/bid/14334 https://exchange.xforce.ibmcloud.com/vulnerabilities/21451 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) or Uni Processor (UP) systems with the PREEMPTION kernel option enabled, does not sufficiently lock certain resources while performing table lookups, which can cause the cache results to be corrupted during multiple concurrent lookups, allowing remote attackers to bypass intended access restrictions. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:13.ipfw.asc •

CVSS: 5.0EPSS: 0%CPEs: 20EXPL: 0

FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers to modify certain TCP options via a TCP packet with the SYN flag set for an already established session. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc •