CVE-2010-0561
https://notcve.org/view.php?id=CVE-2010-0561
Integer signedness error in NetBSD 4.0, 5.0, and NetBSD-current before 2010-01-21 allows local users to cause a denial of service (kernel panic) via a negative mixer index number being passed to (1) the azalia_query_devinfo function in the azalia audio driver (src/sys/dev/pci/azalia.c) or (2) the hdaudio_afg_query_devinfo function in the hdaudio audio driver (src/sys/dev/pci/hdaudio/hdaudio_afg.c). Error de presencia de signo entero en NetBSD v4.0, v5.0, y NetBSD-current anterior a 2010-01-21, permite a usuarios locales provocar una denegación de servicio (kernel panic) a través de una mezcla negativa de números indexados que son pasados a (1) la función azalia_query_devinfo en el controlador de audio azalia (src/sys/dev/pci/azalia.c) o (2) la función hdaudio_afg_query_devinfo en el controlador de audio (src/sys/dev/pci/hdaudio/hdaudio_afg.c). • http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-003.txt.asc http://osvdb.org/62081 http://osvdb.org/62082 http://secunia.com/advisories/38284 http://www.securityfocus.com/bid/38057 http://www.securitytracker.com/id?1023539 • CWE-189: Numeric Errors •
CVE-2009-2793 – NetBSD 5.0.1 - 'IRET' General Protection Fault Handling Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-2793
The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits. El kernel en NetBSD, posiblemente 5.0.1 y anteriores, en plataformas x86 no gestiona adecuadamente el fallo de preasignación de la instrucción "iret", lo que permitiría a usuarios locales conseguir privilegios a través de vectores relacionados con la variable de pseudocódigo tempEIP que esta fuera de los limites de segmento de código. • https://www.exploit-db.com/exploits/33229 http://www.securityfocus.com/archive/1/506531/100/0/threaded • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-0687 – Multiple Vendor - PF Null Pointer Dereference
https://notcve.org/view.php?id=CVE-2009-0687
The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload. La función pf_test_rule de OpenBSD Packet Filter (PF), tal como es usada en OpenBSD v4.2 hasta v4.5, NetBSD v5.0 anterior a RC3, MirOS v10 y anteriores y MidnightBSD v0.3 hasta la versión actual permite a atacantes remotos causar una denegación de servicio a través de paquetes IP modificados que provocan una "desreferencia" de un puntero nulo relacionada con un paquete IPv4 con datos ("payload") ICMPv6. • https://www.exploit-db.com/exploits/8581 https://www.exploit-db.com/exploits/8430 https://www.exploit-db.com/exploits/8406 ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/013_pf.patch http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-001.txt.asc http://www.helith.net/txt/multiple_vendor-PF_null_pointer_dereference.txt http://www.openbsd.org/errata43.html#013_pf http://www.openbsd.org/errata44.html#013_pf http://www.openbsd.org/errata45.html • CWE-399: Resource Management Errors •
CVE-2009-2483
https://notcve.org/view.php?id=CVE-2009-2483
libprop/prop_object.c in proplib in NetBSD 4.0 and 4.0.1 allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via a malformed externalized plist (XML form) containing an undefined element. libprop/prop_object.c en proplib en NetBSD v4.0 y v4.0.1 permite a los usuarios locales causar una denegación de servicio (puntero NULO desreferenciado y pánico del kernel) a través de un plist externalizada malformada (formulario XML) conteniendo un elemento no definido. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-003.txt.asc http://osvdb.org/55285 http://secunia.com/advisories/35556 http://www.securityfocus.com/bid/35466 http://www.securitytracker.com/id?1022431 https://exchange.xforce.ibmcloud.com/vulnerabilities/51311 • CWE-189: Numeric Errors •
CVE-2009-2482
https://notcve.org/view.php?id=CVE-2009-2482
The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group. El módulo pam_unix en OpenPAM en NetBSD v4.0 anteriores a v4.0.2 y v5.0 anteriores a v5.0.1 permite a los usuarios locales cambiar la contraseña de administrador actual si ya se conoce, aún cuando no están en el grupo "wheel ". • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-004.txt.asc http://osvdb.org/55284 http://secunia.com/advisories/35553 http://www.securityfocus.com/bid/35465 http://www.securitytracker.com/id?1022432 https://exchange.xforce.ibmcloud.com/vulnerabilities/51312 • CWE-264: Permissions, Privileges, and Access Controls •