CVE-2010-0561
https://notcve.org/view.php?id=CVE-2010-0561
Integer signedness error in NetBSD 4.0, 5.0, and NetBSD-current before 2010-01-21 allows local users to cause a denial of service (kernel panic) via a negative mixer index number being passed to (1) the azalia_query_devinfo function in the azalia audio driver (src/sys/dev/pci/azalia.c) or (2) the hdaudio_afg_query_devinfo function in the hdaudio audio driver (src/sys/dev/pci/hdaudio/hdaudio_afg.c). Error de presencia de signo entero en NetBSD v4.0, v5.0, y NetBSD-current anterior a 2010-01-21, permite a usuarios locales provocar una denegación de servicio (kernel panic) a través de una mezcla negativa de números indexados que son pasados a (1) la función azalia_query_devinfo en el controlador de audio azalia (src/sys/dev/pci/azalia.c) o (2) la función hdaudio_afg_query_devinfo en el controlador de audio (src/sys/dev/pci/hdaudio/hdaudio_afg.c). • http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-003.txt.asc http://osvdb.org/62081 http://osvdb.org/62082 http://secunia.com/advisories/38284 http://www.securityfocus.com/bid/38057 http://www.securitytracker.com/id?1023539 • CWE-189: Numeric Errors •
CVE-2009-2793 – NetBSD 5.0.1 - 'IRET' General Protection Fault Handling Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-2793
The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits. El kernel en NetBSD, posiblemente 5.0.1 y anteriores, en plataformas x86 no gestiona adecuadamente el fallo de preasignación de la instrucción "iret", lo que permitiría a usuarios locales conseguir privilegios a través de vectores relacionados con la variable de pseudocódigo tempEIP que esta fuera de los limites de segmento de código. • https://www.exploit-db.com/exploits/33229 http://www.securityfocus.com/archive/1/506531/100/0/threaded • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-2483
https://notcve.org/view.php?id=CVE-2009-2483
libprop/prop_object.c in proplib in NetBSD 4.0 and 4.0.1 allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via a malformed externalized plist (XML form) containing an undefined element. libprop/prop_object.c en proplib en NetBSD v4.0 y v4.0.1 permite a los usuarios locales causar una denegación de servicio (puntero NULO desreferenciado y pánico del kernel) a través de un plist externalizada malformada (formulario XML) conteniendo un elemento no definido. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-003.txt.asc http://osvdb.org/55285 http://secunia.com/advisories/35556 http://www.securityfocus.com/bid/35466 http://www.securitytracker.com/id?1022431 https://exchange.xforce.ibmcloud.com/vulnerabilities/51311 • CWE-189: Numeric Errors •
CVE-2009-2482
https://notcve.org/view.php?id=CVE-2009-2482
The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group. El módulo pam_unix en OpenPAM en NetBSD v4.0 anteriores a v4.0.2 y v5.0 anteriores a v5.0.1 permite a los usuarios locales cambiar la contraseña de administrador actual si ya se conoce, aún cuando no están en el grupo "wheel ". • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-004.txt.asc http://osvdb.org/55284 http://secunia.com/advisories/35553 http://www.securityfocus.com/bid/35465 http://www.securitytracker.com/id?1022432 https://exchange.xforce.ibmcloud.com/vulnerabilities/51312 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-4609
https://notcve.org/view.php?id=CVE-2008-4609
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. La implementación del protocolo TCP en (1) Linux, (2) plataformas basadas en BSD Unix, (3) Microsoft Windows, (4) productos Cisco, y probablemente otros sistemas operativos, permite a atacantes remotos provocar una denegación de servicio (agotamiento de cola de conexión) a través de múltiples vectores que manipulan información en la tabla de estados del TCP, como lo demuestra sockstress. • http://blog.robertlee.name/2008/10/conjecture-speculation.html http://insecure.org/stf/tcp-dos-attack-explained.html http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html http://marc.info/?l=bugtraq&m=125856010926699&w=2 http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html http://www.cpni • CWE-16: Configuration •