CVE-2006-1587
https://notcve.org/view.php?id=CVE-2006-1587
NetBSD 1.6 up to 3.0, when a user has "set record" in .mailrc with the default umask set, creates the record file with 0644 permissions, which allows local users to read the record file. • ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-007.txt.asc http://secunia.com/advisories/19465 http://securitytracker.com/id?1015847 http://www.osvdb.org/24258 https://exchange.xforce.ibmcloud.com/vulnerabilities/25581 •
CVE-2006-1588
https://notcve.org/view.php?id=CVE-2006-1588
The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory. • ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-005.txt.asc http://secunia.com/advisories/19464 http://securitytracker.com/id?1015846 http://www.osvdb.org/24262 http://www.securityfocus.com/bid/17312 https://exchange.xforce.ibmcloud.com/vulnerabilities/25582 •
CVE-2006-0145
https://notcve.org/view.php?id=CVE-2006-0145
The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and OpenBSD 3.8, does not properly validate file offsets against negative 32-bit values that occur as a result of truncation, which allows local users to read arbitrary kernel memory and gain privileges via the lseek system call. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-001.txt.asc http://secunia.com/advisories/18388 http://secunia.com/advisories/18712 http://securityreason.com/securityalert/405 http://www.osvdb.org/22293 http://www.securityfocus.com/archive/1/423827/100/0/threaded http://www.securityfocus.com/bid/16173 http://www.securitylab.net/research/2006/02/advisory_netbsd_openbsd_kernfs.html https://exchange.xforce.ibmcloud.com/vulnerabilities/24035 •
CVE-2005-4691
https://notcve.org/view.php?id=CVE-2005-4691
imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, certain versions of X.Org, and certain versions of XFree86 allows local users to overwrite arbitrary files via a symlink attack on the temporary file for the file.0 target, which is used for a pre-formatted manual page. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2005-009.txt.asc http://mail-index.netbsd.org/netbsd-announce/2005/10/31/0000.html http://mail-index.netbsd.org/source-changes/2005/09/12/0043.html http://securitytracker.com/id?1015132 http://www.osvdb.org/20731 http://www.securityfocus.com/bid/15263 •
CVE-2005-4776
https://notcve.org/view.php?id=CVE-2005-4776
Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, NetBSD-2.0, and NetBSD-2 before 20050913; and NetBSD-1.6 before 20050914; allows local users to cause a denial of service (heap corruption or system crash) and possibly gain root privileges. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2005-008.txt.asc http://mail-index.netbsd.org/source-changes/2005/09/13/0024.html http://www.osvdb.org/20757 •