Page 69 of 472 results (0.008 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the descriptors reference procfs or linprocfs, which could allow local users to reuse the file descriptors in a setuid or setgid program to modify critical data and gain privileges. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0047.html http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&frame=right&th=d429cd2ef1d3a2b7&seekm=ai6c0q%242289%241%40FreeBSD.csie.NCTU.edu.tw#link16 http://marc.info/?l=bugtraq&m=102979180524452&w=2 •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges. ktrace en sistemas opertativos basados en BSD permite al propietario de un proceso con privilegios especiales trazar el proceso después de que sus privilegios han sido bajados, lo que puede permitir al propietario obtener información sensible que el proceso obtuviera mientras corría con privilegios extra. • http://marc.info/?l=bugtraq&m=102650797504351&w=2 http://www.iss.net/security_center/static/9474.php http://www.openbsd.org/errata.html#ktrace http://www.securityfocus.com/bid/5133 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory exhaustion) via ICMP echo packets that trigger a bug in ip_output() in which the reference count for a routing table entry is not decremented, which prevents the entry from being removed. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:21.tcpip.asc http://www.iss.net/security_center/static/8893.php http://www.osvdb.org/5232 http://www.securityfocus.com/bid/4539 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 1

The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address. • ftp://patches.sgi.com/support/free/security/advisories/20030604-01-I http://cvsweb.netbsd.org/bsdweb.cgi/syssrc/sys/netinet/tcp_input.c.diff?r1=1.136&r2=1.137 http://online.securityfocus.com/archive/1/262733 http://www.FreeBSD.org/cgi/query-pr.cgi?pr=35022 http://www.iss.net/security_center/static/8485.php http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/tcp_input.c.diff?r1=1.109&r2=1.110 http://www.osvdb.org/5308 http://www.securityfocus.com/bi •

CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 3

FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files. • https://www.exploit-db.com/exploits/21407 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0033.html http://online.securityfocus.com/archive/1/268970 http://online.securityfocus.com/archive/1/269102 http://www.ciac.org/ciac/bulletins/m-072.shtml http://www.iss.net/security_center/static/8920.php http://www.kb.cert.org/vuls/id/809347 http://www.osvdb.org/6095 http://www.secu •