Page 79 of 531 results (0.004 seconds)

CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 0

Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them. Kerberos 5 su (k5su) en FreeBSD 4.4 y anteriores se basa en la llamada al sistema getlogin para determinar si el usuario que esta ejecutando k5su es root, lo cual podría permitir a procesos sin privilegios, la obtención de permisos si ese proceso tiene un getlogin como root. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc http://www.iss.net/security_center/static/7956.php http://www.securityfocus.com/bid/3919 •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets. • http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0057.html http://orange.kame.net/dev/cvsweb.cgi/kame/CHANGELOG http://www.iss.net/security_center/static/8416.php http://www.osvdb.org/5304 http://www.securityfocus.com/archive/1/259598 http://www.securityfocus.com/bid/4224 •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1

BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device. • https://www.exploit-db.com/exploits/21669 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-010.txt.asc http://marc.info/?l=bugtraq&m=102812546815606&w=2 http://www.iss.net/security_center/static/9738.php http://www.openbsd.org/errata31.html http://www.securityfocus.com/bid/5355 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly remove entries from the incomplete listen queue when adding a syncache, which allows remote attackers to cause a denial of service (network service availability) via a large number of connection attempts, which fills the queue. • http://archives.neohapsis.com/archives/freebsd/2002-05/0349.html http://www.iss.net/security_center/static/9209.php http://www.osvdb.org/5081 http://www.securityfocus.com/bid/4879 •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system. • http://marc.info/?l=bugtraq&m=102865404413458&w=2 http://www.iss.net/security_center/static/9771.php http://www.osvdb.org/5073 http://www.securityfocus.com/bid/5399 •