CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 1CVE-2010-2693 – FreeBSD - 'mbufs()' sendfile Cache Poisoning Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-2693
13 Jul 2010 — FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag when creating a duplicate mbuf buffer reference, which allows local users to cause a denial of service (system file corruption) and gain privileges via the sendfile system call. FreeBSD v7.1 a la v8.1-PRERELEASE no copia la bandera (flag) de solo lectura cuando crea una referencia duplicada del búfer mbuf, lo que permite a usuarios locales provocar una denegación de servicio (corrupción del sistema de ficheros) y la obtención de privilegios... • https://www.exploit-db.com/exploits/14688 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 4CVE-2010-2020 – FreeBSD - 'mountnfs()' Denial of Service
https://notcve.org/view.php?id=CVE-2010-2020
28 May 2010 — sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allows local users to gain privileges via a crafted mount request. sys/nfsclient/nfs_vfsops.c en el cliente NFS en el kernel en FreeBSD v7.2 hasta v8.1-PRERELEASE, cuando vfs.usermount está habilitado no valida la longitud de ciertos parámetros fhsize, lo que permite a usuarios locales obtener privilegios a través d... • https://www.exploit-db.com/exploits/14003 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2022
https://notcve.org/view.php?id=CVE-2010-2022
28 May 2010 — jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U root" options are omitted, does not properly restrict access to the current working directory, which might allow local users to read, modify, or create arbitrary files via standard filesystem operations. jail.c en jail en FreeBSD v8.0 y v8.1-PRERELEASE, cuando las opciones "-l -U root" son omitidas, no restringe adecuadamente el acceso al directorio de trabajo actual, lo que podría permitir a usuarios locales leer, modificar, o crear ficheros... • http://security.FreeBSD.org/advisories/FreeBSD-SA-10:04.jail.asc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 64%CPEs: 44EXPL: 3CVE-2010-1938 – FreeBSD 8.0 - 'ftpd' (FreeBSD-SA-10:05) Off-By-One (PoC)
https://notcve.org/view.php?id=CVE-2010-1938
28 May 2010 — Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd. Error Off-by-oneen en la función __opiereadrec en readrec.c en libopie en OPIE v2.4.1-test1 y anteriores, utilizada en FreeBSD v6.4 hasta v8.1-PRERELEASE... • https://www.exploit-db.com/exploits/12762 • CWE-189: Numeric Errors •