Page 43 of 345 results (0.016 seconds)

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a user is a member of the wheel group before granting superuser privileges, which could allow unauthorized users to execute commands as root. Kerberos 5 su (k5su) en FreeBSD 4.5 y anteriores no verifican que el usuario sea miembro del grupo antes de otorgarle privilegios de superusuario, de modo podría permitir a usuarios no autorizados la ejecución de comandos como root. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:24.k5su.asc http://www.iss.net/security_center/static/9125.php http://www.osvdb.org/4893 http://www.securityfocus.com/bid/4777 •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 1

The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:27.rc.asc http://www.iss.net/security_center/static/9217.php http://www.osvdb.org/5083 http://www.securityfocus.com/bid/4880 •

CVSS: 10.0EPSS: 82%CPEs: 10EXPL: 4

Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txt ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.asc ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A ftp://patches.sgi.com/support/free/security/advisories/20020801-01-P http://archives.neohapsis.com/archives/aix/2002-q4/0002.html http://archives.neohapsis.com/archives/bugtraq/2002-07/0514.html http://archives.neohapsis.com/archives/hp/2002-q3/0077.html http://bvl • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the descriptors reference procfs or linprocfs, which could allow local users to reuse the file descriptors in a setuid or setgid program to modify critical data and gain privileges. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0047.html http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&frame=right&th=d429cd2ef1d3a2b7&seekm=ai6c0q%242289%241%40FreeBSD.csie.NCTU.edu.tw#link16 http://marc.info/?l=bugtraq&m=102979180524452&w=2 •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges. ktrace en sistemas opertativos basados en BSD permite al propietario de un proceso con privilegios especiales trazar el proceso después de que sus privilegios han sido bajados, lo que puede permitir al propietario obtener información sensible que el proceso obtuviera mientras corría con privilegios extra. • http://marc.info/?l=bugtraq&m=102650797504351&w=2 http://www.iss.net/security_center/static/9474.php http://www.openbsd.org/errata.html#ktrace http://www.securityfocus.com/bid/5133 •