CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 1CVE-2010-2693 – FreeBSD - 'mbufs()' sendfile Cache Poisoning Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-2693
13 Jul 2010 — FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag when creating a duplicate mbuf buffer reference, which allows local users to cause a denial of service (system file corruption) and gain privileges via the sendfile system call. FreeBSD v7.1 a la v8.1-PRERELEASE no copia la bandera (flag) de solo lectura cuando crea una referencia duplicada del búfer mbuf, lo que permite a usuarios locales provocar una denegación de servicio (corrupción del sistema de ficheros) y la obtención de privilegios... • https://www.exploit-db.com/exploits/14688 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 4CVE-2010-2020 – FreeBSD - 'mountnfs()' Denial of Service
https://notcve.org/view.php?id=CVE-2010-2020
28 May 2010 — sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allows local users to gain privileges via a crafted mount request. sys/nfsclient/nfs_vfsops.c en el cliente NFS en el kernel en FreeBSD v7.2 hasta v8.1-PRERELEASE, cuando vfs.usermount está habilitado no valida la longitud de ciertos parámetros fhsize, lo que permite a usuarios locales obtener privilegios a través d... • https://www.exploit-db.com/exploits/14003 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2022
https://notcve.org/view.php?id=CVE-2010-2022
28 May 2010 — jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U root" options are omitted, does not properly restrict access to the current working directory, which might allow local users to read, modify, or create arbitrary files via standard filesystem operations. jail.c en jail en FreeBSD v8.0 y v8.1-PRERELEASE, cuando las opciones "-l -U root" son omitidas, no restringe adecuadamente el acceso al directorio de trabajo actual, lo que podría permitir a usuarios locales leer, modificar, o crear ficheros... • http://security.FreeBSD.org/advisories/FreeBSD-SA-10:04.jail.asc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 64%CPEs: 44EXPL: 3CVE-2010-1938 – FreeBSD 8.0 - 'ftpd' (FreeBSD-SA-10:05) Off-By-One (PoC)
https://notcve.org/view.php?id=CVE-2010-1938
28 May 2010 — Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd. Error Off-by-oneen en la función __opiereadrec en readrec.c en libopie en OPIE v2.4.1-test1 y anteriores, utilizada en FreeBSD v6.4 hasta v8.1-PRERELEASE... • https://www.exploit-db.com/exploits/12762 • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2010-0119
https://notcve.org/view.php?id=CVE-2010-0119
25 Feb 2010 — Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, places a ccrypt key on the command line, which allows local users to obtain sensitive information by listing the process and its arguments, related to "echoing." Bournal anterior a v1.4.1 sobre FreeBSD v8.0, cuando se usa la opción -K, coloca una clave ccrypt en la línea de comandos que permite a usuarios locales obtener información sensible listando el proceso y sus argumentos. Relacionado con "echoing". • http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036697.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2010-0318
https://notcve.org/view.php?id=CVE-2010-0318
15 Jan 2010 — The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, and 8.0, when creating files during replay of a setattr transaction, uses 7777 permissions instead of the original permissions, which might allow local users to read or modify unauthorized files in opportunistic circumstances after a system crash or power failure. La funcionalidad replay para ZFS Intent Log (ZIL) en FreeBSD versiones 7.1, 7.2 y 8.0, al crear archivos durante la reproducción de una transacción setattr, utiliza 7777 permis... • http://secunia.com/advisories/38124 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2009-4358
https://notcve.org/view.php?id=CVE-2009-4358
20 Dec 2009 — freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation. FreeBSD-update en FreeBSD v8.0, v7.2, v7.1, v6.4, y v6.3 utiliza permisos inseguros en su directorio de trabajo (/var/db/Freebsd-update por defecto), lo que permite leer las copias de archivos confidenciales a usuarios ... • http://secunia.com/advisories/37575 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 8%CPEs: 2EXPL: 3CVE-2009-4147 – FreeBSD 8.0 Run-Time Link-Editor (RTLD) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-4147
02 Dec 2009 — The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the (1) LD_LIBMAP, (2) LD_LIBRARY_PATH, (3) LD_LIBMAP_DISABLE, (4) LD_DEBUG, and (5) LD_ELF_HINTS_PATH environment variables, which allows local users to gain privileges by executing a setuid or setguid program with a modified variable containing an untrusted search path that points to a Trojan horse library, different vectors than CVE-2009-4146. La función _rtld en Run-Time Link-Editor (rt... • https://packetstorm.news/files/id/152997 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 18%CPEs: 3EXPL: 4CVE-2009-4146 – FreeBSD 8.0 Run-Time Link-Editor (RTLD) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-4146
02 Dec 2009 — The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LD_PRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LD_PRELOAD variable containing an untrusted search path that points to a Trojan horse library, a different vector than CVE-2009-4147. La función _rtld en el Run-Time Link-Editor (rtld) de libexec/rtld-elf/rtld.c de FreeBSD v7.1, v7.2 y v8.0, no limp... • https://packetstorm.news/files/id/152997 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 2CVE-2009-3527 – FreeBSD 6.4 - 'pipeclose()'/'knlist_cleardel()' Race Condition
https://notcve.org/view.php?id=CVE-2009-3527
06 Oct 2009 — Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 allows local users to cause a denial of service (crash) or gain privileges via vectors related to kqueues, which triggers a use after free, leading to a NULL pointer dereference or memory corruption. Condición de carrera en la función Close Pipe (IPC)en FreeBSD v6.3 y v6.4, permite a usuarios locales provocar una denegación de servicio (caída) u obtener privilegios a través de vectores relacionados con "kqueues", lo que provoca una liber... • https://www.exploit-db.com/exploits/9859 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •