CVSS: 10.0EPSS: 96%CPEs: 21EXPL: 6CVE-2011-4862 – FreeBSD - Telnet Service Encryption Key ID Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-4862
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. Desbordamiento de búfer basado en pila en libtelnet/encrypt.c en telnetd en FreeBSD v7.3 hasta v9.0, MIT Kerberos Version v5 Applications (también conocido como krb5-appl) v1.0.2 y anteriores, y Heimdal v1.5.1 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de una clave de cifrado larga, como fue explotado en Diciembre 2011. Detect telnet services vulnerable to the encrypt option Key ID overflow (BSD-derived telnetd). • https://www.exploit-db.com/exploits/18369 https://www.exploit-db.com/exploits/18368 https://www.exploit-db.com/exploits/18280 https://github.com/hdbreaker/GO-CVE-2011-4862 https://github.com/kpawar2410/CVE-2011-4862 http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html http://lists.fedoraproject.org/p • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 2CVE-2011-4122 – OpenPAM - 'pam_start()' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2011-4122
Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name argument to the pam_start function, as demonstrated by a .. in the -c option to kcheckpass. Una vulnerabilidad de salto de directorio en el archivo openpam_configure.c en OpenPAM anterior a versión r478 en FreeBSD versión 8.1, permite a los usuarios locales cargar DSO arbitrarios y alcanzar privilegios por medio de un .. (punto) en el argumento service_name para la función pam_start, como es demostrado por un .. en la opción -c en kcheckpass. • https://www.exploit-db.com/exploits/36296 http://c-skills.blogspot.com/2011/11/openpam-trickery.html http://openwall.com/lists/oss-security/2011/12/07/3 http://openwall.com/lists/oss-security/2011/12/08/9 http://osvdb.org/76945 http://secunia.com/advisories/46756 http://secunia.com/advisories/46804 http://stealth.openwall.net/xSports/pamslam http://trac.des.no/openpam/changeset/478/trunk/lib/openpam_configure.c https://exchange.xforce.ibmcloud.com/vulnerabilities/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 5%CPEs: 4EXPL: 5CVE-2011-3336 – Libc - 'regcomp()' Stack Exhaustion Denial of Service
https://notcve.org/view.php?id=CVE-2011-3336
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. regcomp en la implementación BSD de libc, es vulnerable a una denegación de servicio debido al agotamiento de la pila. Mac OS X, Safari, Firefox and Kaspersky all suffer from a regular expression denial of service condition that was discovered long ago in regcomp(). • https://www.exploit-db.com/exploits/36288 http://seclists.org/fulldisclosure/2014/Mar/166 http://www.securityfocus.com/bid/50541 https://cxsecurity.com/issue/WLB-2011110082 https://www.securityfocus.com/archive/1/520390 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 2CVE-2011-4062 – FreeBSD - UIPC socket heap Overflow (PoC)
https://notcve.org/view.php?id=CVE-2011-4062
Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly gain privileges via a bind system call with a long pathname for a UNIX socket. Desbordamiento de búfer en la "emulación de Linux" de apoyo en FreeBSD v7.3 y v7.4, v8.1 y v8.2, y v9 antes de v9.0-RC1 permite a usuarios locales provocar una denegación de servicio (pánico) y posiblemente ejecutar código arbitrario mediante una llamada al llamado sistema de vinculación con un largo camino para un socket UNIX-domain, que no se manipula correctamente, cuando la dirección es utilizada por otras llamadas al sistema no especificado. • https://www.exploit-db.com/exploits/17908 http://secunia.com/advisories/46202 http://secunia.com/advisories/46564 http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc http://security.freebsd.org/patches/SA-11:05/unix2.patch http://www.debian.org/security/2011/dsa-2325 http://www.exploit-db.com/exploits/17908 http://www.osvdb.org/75788 http://www.securityfocus.com/bid/49862 http://www.securitytracker.com/id?1026106 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2011-1739
https://notcve.org/view.php?id=CVE-2011-1739
The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 does not properly handle a -network field specifying a CIDR block with a prefix length that is not an integer multiple of 8, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances via an NFS mount request. La función makemask en mountd.c en mountd en FreeBSD v7.4 a v8.2 no controla correctamente el campo de una red, la especificación de un bloque CIDR con una longitud de prefijo que no es un múltiplo entero de 8, lo que permite a atacantes remotos evitar las restricciones de acceso previsto en oportunistas circunstancias a través de un montaje de petición NFS. • http://secunia.com/advisories/44307 http://security.FreeBSD.org/advisories/FreeBSD-SA-11:01.mountd.asc http://securitytracker.com/id?1025425 http://www.securityfocus.com/bid/47517 http://www.vupen.com/english/advisories/2011/1076 https://exchange.xforce.ibmcloud.com/vulnerabilities/66981 • CWE-20: Improper Input Validation •