CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2002-0701
https://notcve.org/view.php?id=CVE-2002-0701
ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges. ktrace en sistemas opertativos basados en BSD permite al propietario de un proceso con privilegios especiales trazar el proceso después de que sus privilegios han sido bajados, lo que puede permitir al propietario obtener información sensible que el proceso obtuviera mientras corría con privilegios extra. • http://marc.info/?l=bugtraq&m=102650797504351&w=2 http://www.iss.net/security_center/static/9474.php http://www.openbsd.org/errata.html#ktrace http://www.securityfocus.com/bid/5133 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0574
https://notcve.org/view.php?id=CVE-2002-0574
Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory exhaustion) via ICMP echo packets that trigger a bug in ip_output() in which the reference count for a routing table entry is not decremented, which prevents the entry from being removed. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:21.tcpip.asc http://www.iss.net/security_center/static/8893.php http://www.osvdb.org/5232 http://www.securityfocus.com/bid/4539 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 1CVE-2002-0381
https://notcve.org/view.php?id=CVE-2002-0381
The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address. • ftp://patches.sgi.com/support/free/security/advisories/20030604-01-I http://cvsweb.netbsd.org/bsdweb.cgi/syssrc/sys/netinet/tcp_input.c.diff?r1=1.136&r2=1.137 http://online.securityfocus.com/archive/1/262733 http://www.FreeBSD.org/cgi/query-pr.cgi?pr=35022 http://www.iss.net/security_center/static/8485.php http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/tcp_input.c.diff?r1=1.109&r2=1.110 http://www.osvdb.org/5308 http://www.securityfocus.com/bi •
CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 3CVE-2002-0572 – Apple Mac OSX 10.x / FreeBSD 4.x / OpenBSD 2.x / Solaris 2.5/2.6/7.0/8 - 'exec C Library' Standard I/O File Descriptor Closure
https://notcve.org/view.php?id=CVE-2002-0572
FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files. • https://www.exploit-db.com/exploits/21407 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0033.html http://online.securityfocus.com/archive/1/268970 http://online.securityfocus.com/archive/1/269102 http://www.ciac.org/ciac/bulletins/m-072.shtml http://www.iss.net/security_center/static/8920.php http://www.kb.cert.org/vuls/id/809347 http://www.osvdb.org/6095 http://www.secu •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-2002-0518
https://notcve.org/view.php?id=CVE-2002-0518
The SYN cache (syncache) and SYN cookie (syncookie) mechanism in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (crash) (1) via a SYN packet that is accepted using syncookies that causes a null pointer to be referenced for the socket's TCP options, or (2) by killing and restarting a process that listens on the same socket, which does not properly clear the old inpcb pointer on restart. Los mecanismos SYN cache (syncache) y SYN cookie (syncookie) en FreeBSD 4.5 y anteriores, permite a atacantes remotos provocar la Denegación de Servicios (por caida) por algunos de los siguiente métodos: mediante un paquete SYN aceptado utilizando syncookies, que provoca que las opciones TCP del conector (socket) referencien a un puntero nulo. eliminando y reiniciando un proceso que espera en el mismo conector (socket) que no eliminó adecuadamente el contenido anterior del puntero inpcb en el reinicio. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:20.syncache.asc http://www.iss.net/security_center/static/8873.php http://www.iss.net/security_center/static/8875.php http://www.osvdb.org/6046 http://www.securityfocus.com/bid/4524 •