CVE-2007-0166
https://notcve.org/view.php?id=CVE-2007-0166
The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack. El script de cárcel rc.d en FreeBSD 5.3 hasta to 6.2 no verifica nombres de ruta cuando escribe en /var/log/console.log durante un arranque de cárcel, o cuando ficheros del sistema están montados o desmontados, lo cual permite a atacantes remotos sobre-escribir ficheros de su elección, o montar y desmontar ficheros, fuera de la cárcel mediante un ataque de enlaces simbólicos • http://osvdb.org/32726 http://secunia.com/advisories/23730 http://security.freebsd.org/advisories/FreeBSD-SA-07:01.jail.asc http://securitytracker.com/id?1017505 http://www.securityfocus.com/bid/22011 •
CVE-2006-4172
https://notcve.org/view.php?id=CVE-2006-4172
Integer overflow vulnerability in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-4178. Vulnerabilidad por desbordamiento de entero en la llamada i386_set_ldt en FreeBSD 5.5, y posiblemente versiones anteriores desde la 5.2, permite a usuarios locales provocar denegación de servicio (caída) y posiblemente ejecutar código mediante vectores no especificados, una vulnerabilidad diferente a CVE-2006-4178. • http://archives.neohapsis.com/archives/bugtraq/2006-09/0376.html http://secunia.com/advisories/22064 http://securitytracker.com/id?1016926 http://securitytracker.com/id?1016928 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=414 http://www.securityfocus.com/archive/1/446945/100/0/threaded http://www.securityfocus.com/bid/20158 https://exchange.xforce.ibmcloud.com/vulnerabilities/29132 •
CVE-2006-4178 – FreeBSD 5.x - 'I386_Set_LDT()' Multiple Local Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-4178
Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) via unspecified arguments that use negative signed integers to cause the bzero function to be called with a large length parameter, a different vulnerability than CVE-2006-4172. Error de presencia de signo (signedness) de entero en la llamada i386_set_ldt en FreeBSD 5.5, y posiblemente versiones anteriores desde la 5.2, permite a usuarios locales provocar una denegación de servicio (caída) mediante argumentos no especificados que usan enteros con signo negativo para provocar la llamada a la función bzero con un parámetro de gran longitud, una vulnerabilidad diferente a CVE-2006-4172. • https://www.exploit-db.com/exploits/28648 http://secunia.com/advisories/22064 http://securitytracker.com/id?1016927 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=415 http://www.securityfocus.com/archive/1/446946/100/0/threaded http://www.securityfocus.com/bid/20158 •
CVE-2005-4351
https://notcve.org/view.php?id=CVE-2005-4351
The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running. • http://archives.neohapsis.com/archives/openbsd/2005-10/1523.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041177.html http://www.redteam-pentesting.de/advisories/rt-sa-2005-015.txt http://www.redteam-pentesting.de/advisories/rt-sa-2005-15.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/24037 •
CVE-2004-0114 – BSD - SHMAT System Call Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-0114
The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges. La llamada de sistema shmat en el interfaz de Memoria Compartida de Sistema V de FreeBSD 5.2 y anteriores, NetBSD 1.3 y anteriores, y OpenBSD 2.6 y anteriores, no decrementa adecuadamente un contador de referencias de segmentos de memoria compartidos cuando al función vm_map_find falla, lo que podría permitir a usuarios locales ganar acceso de lectura y escritura a una porción de memoria del kernel y ganar privilegios. • https://www.exploit-db.com/exploits/23655 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-004.txt.asc http://marc.info/?l=bugtraq&m=107608375207601&w=2 http://www.openbsd.org/errata33.html#sysvshm http://www.osvdb.org/3836 http://www.pine.nl/press/pine-cert-20040201.txt http://www.securityfocus.com/bid/9586 https://exchange.xforce.ibmcloud.com/vulnerabilities/15061 •