Page 9 of 73 results (0.024 seconds)

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2006-7252

https://notcve.org/view.php?id=CVE-2006-7252

Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of one byte. • http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited http://svnweb.freebsd.org/base?view=revision&revision=161263 • CWE-189: Numeric Errors •

CVSS: 7.9EPSS: 0%CPEs: 20EXPL: 4

CVE-2012-0217 – FreeBSD Intel SYSRET Privilege Escalation

https://notcve.org/view.php?id=CVE-2012-0217

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier. El modo de usuario Scheduler en el núcleo en Microsoft Windows Server v2008 R2 y R2 SP1 y Windows v7 Gold y SP1 sobre la plataforma x64 no maneja adecuadamente solicitudes del sistema, lo que permite a usuarios locales obtener privilegios a través de una aplicación modificada, también conocida como "vulnerabilidad de corrupción de memoria de modo de usuario Scheduler". It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level. • https://www.exploit-db.com/exploits/46508 https://www.exploit-db.com/exploits/28718 https://www.exploit-db.com/exploits/20861 http://blog.illumos.org/2012/06/14/illumos-vulnerability-patched http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2012-003.txt.asc http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html http://lists.xen.org/archives/html/xen-devel/2012-06 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 66EXPL: 0

CVE-2012-2143 – crypt(): DES encrypted password weakness

https://notcve.org/view.php?id=CVE-2012-2143

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password. La función crypt_des (también conocido como crypt basado en DES), en FreeBSD v9.0-RELEASE-p2, tal y como se utiliza en PHP, PostgreSQL y otros productos, no procesa las contraseñas en claro si la contraseña contiene un carácter de 0x80, lo que hace más fácil para los atacantes dependientes del contexto a la hora de obtener acceso a través de un intento de autenticación con una subcadena inicial con la contraseña, tal y como se demuestra con una contraseña Unicode. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aab49e934de1fff046e659cbec46e3d053b41c34 http://git.postgresql.org/gitweb/?p=postgresql.git&a=commit&h=932ded2ed51e8333852e370c7a6dad75d9f236f9 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html http://lists.fedoraproject.org • CWE-310: Cryptographic Issues •

CVSS: 9.3EPSS: 84%CPEs: 44EXPL: 2

CVE-2010-1938 – FreeBSD 8.0 - 'ftpd' (FreeBSD-SA-10:05) Off-By-One (PoC)

https://notcve.org/view.php?id=CVE-2010-1938

Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd. Error Off-by-oneen en la función __opiereadrec en readrec.c en libopie en OPIE v2.4.1-test1 y anteriores, utilizada en FreeBSD v6.4 hasta v8.1-PRERELEASE y otras plataformas, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) o posiblemente ejecutar código de su elección a través de un nombre de usuraio largo, como se ha demostrado mediante un comando USER largo en el ftpd FreeBSD v8.0. • https://www.exploit-db.com/exploits/12762 http://blog.pi3.com.pl/?p=111 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584932 http://secunia.com/advisories/39963 http://secunia.com/advisories/39966 http://secunia.com/advisories/45136 http://security.FreeBSD.org/advisories/FreeBSD-SA-10:05.opie.asc http://securityreason.com/achievement_securityalert/87 http://securityreason.com/securityalert/7450 http://securitytracker.com/id?1024040 http://securitytracker.com/id?1025709 http&# • CWE-189: Numeric Errors •

CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0

CVE-2009-4358

https://notcve.org/view.php?id=CVE-2009-4358

freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation. FreeBSD-update en FreeBSD v8.0, v7.2, v7.1, v6.4, y v6.3 utiliza permisos inseguros en su directorio de trabajo (/var/db/Freebsd-update por defecto), lo que permite leer las copias de archivos confidenciales a usuarios locales después de una operacion de actualización (1) freebsd-update (fetch) o (2) freebsd-update (upgrade). • http://secunia.com/advisories/37575 http://security.freebsd.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc http://www.securityfocus.com/bid/37190 • CWE-264: Permissions, Privileges, and Access Controls •