NotCVE - vendor:"Netbsd" product:"Netbsd" version:"3.1"

Page 5 of 44 results (0.011 seconds)

CVSS: 6.8EPSS: 1%CPEs: 198EXPL: 0

CVE-2008-1146

https://notcve.org/view.php?id=CVE-2008-1146

A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning against OpenBSD's modification of BIND. Cierto algoritmo generador de números pseudo-aleatorios(PRNG) que usa XOR y alterna en saltos de 3-bit (también conocido com o"algoritmo X3"), usado en OpenBSD de la v2.8 a la 4.2, permite a atacantes remotos adivinar datos sensibles como los IDs de una transacción DNS, observando una secuencia de datos generada previamente. NOTA: esta cuestión puede ser aprovechado por ataques como el envenenamiento de la caché DNS contra la modificación BIND en OpenBDS. • http://secunia.com/advisories/28819 http://www.securiteam.com/securityreviews/5PP0H0UNGW.html http://www.securityfocus.com/archive/1/487658 http://www.securityfocus.com/bid/27647 http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/40329 •

CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2007-3654

https://notcve.org/view.php?id=CVE-2007-3654

The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2, and NetBSD-current before 20070728, allow local users to cause a denial of service (panic) via a (1) negative or (2) large value in an ioctl call, as demonstrated by the vga_allocattr function. El controlador de display de las funciones allocattr en NetBSD 3.0 hasta la 4.0_BETA2, y NetBSD-actual anterior a 20070728, permite a usuarios locales provocar denegación de servicio (panic) a través de un valor negativo o largo en una llamada ioctl, como se demostró con la función vga_allocattr. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-006.txt.asc http://osvdb.org/40810 http://www.securityfocus.com/bid/25682 http://www.securitytracker.com/id?1018693 https://exchange.xforce.ibmcloud.com/vulnerabilities/36598 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 14%CPEs: 9EXPL: 0

CVE-2007-2242 – IPv6 routing headers issue

https://notcve.org/view.php?id=CVE-2007-2242

The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. El protocolo IPv6 permite a atacantes remotos provocar una denegación de servicio mediante cabeceras IPv6 de enrutamiento de tipo 0 (IPV6_RTHDR_TYPE_0) lo cual provoca amplificación de la red entre dos enrutadores. • http://docs.info.apple.com/article.html?artnum=305712 http://docs.info.apple.com/article.html?artnum=306375 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html http://openbsd.org/errata39.html#022_route6 http://openbsd.org/errata40.html#012_route6 http://secunia.com/advisories/24978 http://secunia.com/advisories/25033 http://secunia.com/advisories/25068 http://secunia.com/advisories/25083 http://secunia.com/advisories/25288 http://secunia.com/advisories/25 •

CVSS: 6.6EPSS: 0%CPEs: 13EXPL: 0

CVE-2007-1677

https://notcve.org/view.php?id=CVE-2007-1677

Multiple buffer overflows in the ISO network protocol support in the NetBSD kernel 2.0 through 4.0_BETA2, and NetBSD-current before 20070329, allow local users to execute arbitrary code via long parameters to certain functions, as demonstrated by a long sockaddr structure argument to the clnp_route function. Múltiples desbordamientos de búfer en el protocolo de red ISO soportado por el NetBSD kernel 2.0 hasta la 4.0_BETA2 y el NetBSD-current anterior al 20070329, permite a usuarios locales ejecutar código de su elección mediante el paso de parámetros largos a ciertas funciones, como lo demostrado mediante el paso como argumento de la estructura larga sockaddr a la función clnp_route. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-004.txt.asc http://osvdb.org/43596 http://www.securityfocus.com/bid/23193 http://www.securitytracker.com/id?1017832 http://www.vupen.com/english/advisories/2007/1159 https://exchange.xforce.ibmcloud.com/vulnerabilities/33381 •

CVSS: 6.9EPSS: 0%CPEs: 9EXPL: 0

CVE-2007-1273

https://notcve.org/view.php?id=CVE-2007-1273

Integer overflow in the ktruser function in NetBSD-current before 20061022, NetBSD 3 and 3-0 before 20061024, and NetBSD 2 before 20070209, when the kernel is built with the COMPAT_FREEBSD or COMPAT_DARWIN option, allows local users to cause a denial of service and possibly gain privileges. Desbordamiento de entero en la función ktruser en NetBSD-current versiones anteriores a 20061022, NetBSD 3 y 3-0 versiones anteriores a 20061024, y NetBSD 2 versiones anteriores a 20070209, cuando el kernel se construye con la opción COMAPT_FREEBSD o COMPAT_DARWIN, permite a usuarios locales provocar una denegación de servicio y posiblemente obtener privilegios. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-001.txt.asc http://osvdb.org/35453 http://www.securityfocus.com/bid/22878 •

1...3 4 5 6 7