Page 5 of 60 results (0.004 seconds)

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

31 Dec 2005 — NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2005-013.txt.asc •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

31 Dec 2005 — kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not check for a negative offset when reading the message buffer, which allows local users to read arbitrary kernel memory. • http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/miscfs/kernfs/kernfs_vnops.c •

CVSS: 5.5EPSS: 0%CPEs: 80EXPL: 2

31 Dec 2005 — The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap." The implementations of securelevels on NetBSD and Linux contain an integer overflow, allowing the protection of system time to ... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041178.html •

CVSS: 8.2EPSS: 19%CPEs: 58EXPL: 0

02 Dec 2003 — ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value. ISC BIND 8.3.x antes de 8.3.7, y 8.4.x antes de 8.4.3 permite a atacantes remotos envenenar la cache mediante un servidor de nombres malicioso que devuelve respuestas negativas con un valor TTL (time to live) largo. • ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-003.0/CSSA-2004-003.0.txt •

CVSS: 9.8EPSS: 12%CPEs: 105EXPL: 1

18 Sep 2003 — A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. Un "desbordamiento de búfer potencial en el análisis de reglas" (ruleset parsing) en Sendmail 8.12.9 cuando se usan los conjuntos de reglas no estándar: (1) receptor, (2) final, o (3) receptores de envoltorio específicos del enviador de correo, tienen consecuencias desconocidas. • https://www.exploit-db.com/exploits/23154 •

CVSS: 10.0EPSS: 76%CPEs: 163EXPL: 1

18 Sep 2003 — The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. La función de prescan en Sendmail 8.12.9 permite a atacantes remotos ejecutar código arbitrario mediante ataques de desbordamiento de búfer, como se demostró usando la función parseaddr en parseaddr.c. • https://packetstorm.news/files/id/180502 •

CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 0

31 Dec 2002 — tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file. • http://online.securityfocus.com/archive/1/283033 • CWE-667: Improper Locking •

CVSS: 7.0EPSS: 0%CPEs: 52EXPL: 0

31 Dec 2002 — Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:08.exec.asc •

CVSS: 10.0EPSS: 27%CPEs: 87EXPL: 3

14 Aug 2001 — Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function. The Netkit telnetd implementation shipped with Debian Linux appears to be lacking the AYT vulnerability patch. This exposes the platform to a remote root problem discovered by scut of TESO back in 2001. • https://www.exploit-db.com/exploits/21018 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.2EPSS: 0%CPEs: 27EXPL: 2

09 Aug 1999 — The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve. • https://www.exploit-db.com/exploits/19447 •