CVSS: 4.6EPSS: 0%CPEs: 30EXPL: 1CVE-2009-2793 – NetBSD 5.0.1 - 'IRET' General Protection Fault Handling Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-2793
The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits. El kernel en NetBSD, posiblemente 5.0.1 y anteriores, en plataformas x86 no gestiona adecuadamente el fallo de preasignación de la instrucción "iret", lo que permitiría a usuarios locales conseguir privilegios a través de vectores relacionados con la variable de pseudocódigo tempEIP que esta fuera de los limites de segmento de código. • https://www.exploit-db.com/exploits/33229 http://www.securityfocus.com/archive/1/506531/100/0/threaded • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 2%CPEs: 2049EXPL: 0CVE-2008-4609
https://notcve.org/view.php?id=CVE-2008-4609
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. La implementación del protocolo TCP en (1) Linux, (2) plataformas basadas en BSD Unix, (3) Microsoft Windows, (4) productos Cisco, y probablemente otros sistemas operativos, permite a atacantes remotos provocar una denegación de servicio (agotamiento de cola de conexión) a través de múltiples vectores que manipulan información en la tabla de estados del TCP, como lo demuestra sockstress. • http://blog.robertlee.name/2008/10/conjecture-speculation.html http://insecure.org/stf/tcp-dos-attack-explained.html http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html http://marc.info/?l=bugtraq&m=125856010926699&w=2 http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html http://www.cpni • CWE-16: Configuration •
CVSS: 9.3EPSS: 2%CPEs: 3EXPL: 0CVE-2008-3584
https://notcve.org/view.php?id=CVE-2008-3584
NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not properly check the length of a PPPoE packet tag, which allows remote attackers to cause a denial of service (system crash) via a crafted PPPoE packet. NetBSD 3.0, 3.1, y 4.0, cuando una instancia pppoe existe, no chequea correctamente la etiqueta de la longitud del paquete PPPoE, el cual permite a los atacantes remotos causar una denegación de servicio (caída del sistema) a través de un paquete PPPoE manipulado. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-010.txt.asc http://secunia.com/advisories/31597 http://support.apple.com/kb/HT3467 http://www.securityfocus.com/bid/30838 http://www.securitytracker.com/id?1020749 http://www.vupen.com/english/advisories/2009/0633 https://exchange.xforce.ibmcloud.com/vulnerabilities/44679 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 14EXPL: 0CVE-2008-1335
https://notcve.org/view.php?id=CVE-2008-1335
The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 and NetBSD-current before 20071028, when the fast_ipsec subsystem is enabled, allows remote attackers to bypass the IPsec policy by sending packets from a source machine with a different endianness than the destination machine, a different vulnerability than CVE-2006-0905. La función ipsec4_get_ulp del kernel en las versiones 2.0 a 3.1 de NetBSD y NetBSD-current anterior a 20071028, cuando está habilitado el subsistema fast_ipsec, permite a atacantes remotos saltarse las restricciones de IPsec al enviar paquetes desde una máquina origen con diferente longitud de carácter que la máquina destino, siendo un vulnerabilidad diferente a CVE-2006-0905. • ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2008-002.txt.asc http://secunia.com/advisories/29180 http://securitytracker.com/id?1019533 http://www.securityfocus.com/bid/28045 •
CVSS: 6.8EPSS: 1%CPEs: 198EXPL: 0CVE-2008-1147
https://notcve.org/view.php?id=CVE-2008-1147
A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting. Cierto algoritmo generador de números pseudo-aleatorios(PRNG) que usa XOR y alterna en saltos de 2-bit (también conocido com o"algoritmo X2"), usado en OpenBSD de la v2.6 a la 3.4, Mac OS X de la v10 a a 10.5.1, FreeBSD 4.4 a la 7.0 y DragonFlyBSD 1.0 a la 1.10.1, permite a atacantes remotos adivinar datos sensibles como los IDs de una fragmentación IP observando una secuencia generada previamente. NOTA: este fallo puede ser aprovechado por ataques como la inyección de paquetes TCP y OS fingerprinting. • http://seclists.org/bugtraq/2008/Feb/0052.html http://seclists.org/bugtraq/2008/Feb/0063.html http://secunia.com/advisories/28819 http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_id.c?rev=1.10%3Bcontenttype= http://www.securiteam.com/securityreviews/5PP0H0UNGW.html http://www.securityfocus.com/archive/1/487658 http://www.securityfocus.com/bid/27647 http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf https://e •