CVE-2008-1148
https://notcve.org/view.php?id=CVE-2008-1148
A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting. Cierto algoritmo generador de números pseudo-aleatorios(PRNG) que usa ADD con 0 saltos aleatorios(también conocido como "algoritmo A0"), usado en OpenBSD de la v3.5 a la 4.2 y NetBSD v1.6.2 a la 4.0, permite a atacantes remotos adivinar datos sensibles como (1)los IDs de una transacción DNS, (2)IDs de una fragmentación IP observando una secuencias generadas previamente. NOTA: este fallo puede ser aprovechado por ataques como el envenenamiento de la cachés DNS, la inyección de paquetes TCP y OS fingerprinting. • http://secunia.com/advisories/28819 http://www.securiteam.com/securityreviews/5PP0H0UNGW.html http://www.securityfocus.com/archive/1/487658 http://www.securityfocus.com/bid/27647 http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/40329 https://exchange.xforce.ibmcloud.com/vulnerabilities/41157 •
CVE-2007-0343
https://notcve.org/view.php?id=CVE-2007-0343
OpenBSD before 20070116 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via certain IPv6 ICMP (aka ICMP6) echo request packets. OpenBSD anterior a 20070116 permite a atacantes remotos provocar una denegación de servicio (bucle infinito y agotamiento de CPU) a través de ciertos IPv6 ICMP (también conocido como ICMP6) repitiendo los paquetes de peticiones. • http://secunia.com/advisories/23830 http://securitytracker.com/id?1017518 http://www.openbsd.org/errata.html#icmp6 http://www.openbsd.org/errata39.html#icmp6 http://www.osvdb.org/32935 http://www.securityfocus.com/bid/22087 •
CVE-2006-5218
https://notcve.org/view.php?id=CVE-2006-5218
Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in systrace in OpenBSD 3.9 and NetBSD 3 allows local users to cause a denial of service (crash), gain privileges, or read arbitrary kernel memory via large numeric arguments to the systrace ioctl. Desbordamiento de entero en la función systrace_preprepl (STRIOCREPLACE) en systrace de OpenBSD 3.9 y NetBSD 3 permite a usuarios locales provocar una denegación de servicio (caída), escalar privilegios, o leer memoria del núcleo de su elección mediante argumentos numéricos muy grandes en la llamada ioctl systrace. • http://openbsd.org/errata.html#systrace http://scary.beasts.org/security/CESA-2006-003.html http://secunia.com/advisories/22324 http://securitytracker.com/id?1017009 http://www.osvdb.org/29570 http://www.securityfocus.com/bid/20392 https://exchange.xforce.ibmcloud.com/vulnerabilities/29392 •
CVE-2006-4435
https://notcve.org/view.php?id=CVE-2006-4435
OpenBSD 3.8, 3.9, and possibly earlier versions allows context-dependent attackers to cause a denial of service (kernel panic) by allocating more semaphores than the default. OpenBSD 3.8, 3.9,y posiblemente versiones anteriores permiten a un atacante dependiente del contexto provocar denegación de servicio (kernel panic) destinando mas semaforos que los que hay por defecto. • http://secunia.com/advisories/21642 http://securitytracker.com/id?1016756 http://www.openbsd.org/errata.html#sem http://www.openbsd.org/errata38.html#sem http://www.osvdb.org/28195 http://www.securityfocus.com/bid/19713 https://exchange.xforce.ibmcloud.com/vulnerabilities/28617 •
CVE-2006-4436
https://notcve.org/view.php?id=CVE-2006-4436
isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates Security Associations (SA) with a replay window of size 0 when isakmpd acts as a responder during SA negotiation, which allows remote attackers to replay IPSec packets and bypass the replay protection. isakmpd en OpenBSD 3.8, 3.9, y posiblemente versiones anetriores, crea Asociaciones de Seguridad (Security Associations o SA) con una ventana de respuesta de tamañoñ 0 cuando isakmpd actúa como respondedor durante una negociación SA, lo que permite a atacantes remotos repetir paquetes IPSec y evitar la protección contra repetición. • http://secunia.com/advisories/21652 http://secunia.com/advisories/21905 http://securitytracker.com/id?1016757 http://www.debian.org/security/2006/dsa-1175 http://www.openbsd.org/errata.html#isakmpd http://www.openbsd.org/errata38.html#isakmpd http://www.osvdb.org/28194 http://www.securityfocus.com/bid/19712 https://exchange.xforce.ibmcloud.com/vulnerabilities/28645 •