CVSS: 5.3EPSS: 1%CPEs: 37EXPL: 5CVE-2003-0001 – Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
https://notcve.org/view.php?id=CVE-2003-0001
08 Jan 2003 — Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. Múltiples controladores de dispositivo (device drivers) de Tarjetas de Interfaz de Red (Network Interface Card - NIC) Ethernet no rellenan las tramas con bytes nulos, lo que permite a atacantes remotos obtener información de paquetes anteriores o memoria del kernel ... • https://packetstorm.news/files/id/121969 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2002-1669
https://notcve.org/view.php?id=CVE-2002-1669
31 Dec 2002 — pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:01.pkg_add.asc •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2002-1674
https://notcve.org/view.php?id=CVE-2002-1674
31 Dec 2002 — procfs on FreeBSD before 4.5 allows local users to cause a denial of service (kernel panic) by removing a file that the fstatfs function refers to. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:09.fstatfs.asc •
CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 0CVE-2002-1915
https://notcve.org/view.php?id=CVE-2002-1915
31 Dec 2002 — tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file. • http://online.securityfocus.com/archive/1/283033 • CWE-667: Improper Locking •
CVSS: 7.0EPSS: 0%CPEs: 52EXPL: 0CVE-2002-2092
https://notcve.org/view.php?id=CVE-2002-2092
31 Dec 2002 — Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:08.exec.asc •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 4CVE-2002-1125 – WMMon 1.0 b2 - Memory Character File Open File Descriptor Read
https://notcve.org/view.php?id=CVE-2002-1125
17 Sep 2002 — FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory. Programas portados a FreeBSD que usan libkvm para FreeBSD 4.6.2-RELEASE y anteriores, incluyendo asmon, ascpu, bubblemon, wmmon, y wmnet2, dejan abiertos descriptores de ficheros para /dev/mem y /dev/kmem, lo que permite a usuarios locales leer la memoria d... • https://www.exploit-db.com/exploits/21798 •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2002-0973
https://notcve.org/view.php?id=CVE-2002-0973
23 Aug 2002 — Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl. • http://marc.info/?l=bugtraq&m=102976839728706&w=2 •
CVSS: 10.0EPSS: 4%CPEs: 10EXPL: 4CVE-2002-0391
https://notcve.org/view.php?id=CVE-2002-0391
12 Aug 2002 — Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txt • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2002-0414
https://notcve.org/view.php?id=CVE-2002-0414
12 Aug 2002 — KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets. • http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0057.html •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2002-0754
https://notcve.org/view.php?id=CVE-2002-0754
12 Aug 2002 — Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them. Kerberos 5 su (k5su) en FreeBSD 4.4 y anteriores se basa en la llamada al sistema getlogin para determinar si el usuario que esta ejecutando k5su es root, lo cual podría permitir a procesos sin privilegios, la obtención de permisos si ese proceso tiene un getlogin como root. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc •