CVE-2005-4691
https://notcve.org/view.php?id=CVE-2005-4691
imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, certain versions of X.Org, and certain versions of XFree86 allows local users to overwrite arbitrary files via a symlink attack on the temporary file for the file.0 target, which is used for a pre-formatted manual page. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2005-009.txt.asc http://mail-index.netbsd.org/netbsd-announce/2005/10/31/0000.html http://mail-index.netbsd.org/source-changes/2005/09/12/0043.html http://securitytracker.com/id?1015132 http://www.osvdb.org/20731 http://www.securityfocus.com/bid/15263 •
CVE-2005-4776
https://notcve.org/view.php?id=CVE-2005-4776
Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, NetBSD-2.0, and NetBSD-2 before 20050913; and NetBSD-1.6 before 20050914; allows local users to cause a denial of service (heap corruption or system crash) and possibly gain root privileges. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2005-008.txt.asc http://mail-index.netbsd.org/source-changes/2005/09/13/0024.html http://www.osvdb.org/20757 •
CVE-2005-4783
https://notcve.org/view.php?id=CVE-2005-4783
kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not check for a negative offset when reading the message buffer, which allows local users to read arbitrary kernel memory. • http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/miscfs/kernfs/kernfs_vnops.c http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/miscfs/kernfs/kernfs_vnops.c.diff?r1=1.110&r2=1.111&f=h http://mail-index.netbsd.org/netbsd-announce/2005/10/31/0000.html http://releng.netbsd.org/cgi-bin/req-3.cgi?show=727 http://securitytracker.com/id?1015132 http://www.osvdb.org/20729 http://www.packetstormsecurity.org/0601-advisories/NetBSD-SA2006-001.txt •
CVE-2005-4352
https://notcve.org/view.php?id=CVE-2005-4352
The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap." • http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041178.html http://secunia.com/advisories/25691 http://securitytracker.com/id?1015454 http://www.redteam-pentesting.de/advisories/rt-sa-2005-16.txt http://www.securityfocus.com/archive/1/421426/100/0/threaded http://www.securityfocus.com/archive/1/471457 http://www.securityfocus.com/bid/16170 https://exchange.xforce.ibmcloud.com/vulnerabilities/24036 •
CVE-2005-4741
https://notcve.org/view.php?id=CVE-2005-4741
NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2005-013.txt.asc http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0157.html http://mail-index.netbsd.org/source-changes/2005/10/31/0001.html http://prdelka.blackart.org.uk/exploitz/prdelka-vs-BSD-ptrace.tar.gz http://www.osvdb.org/20759 http://www.securityfocus.com/bid/15290 •