CVE-2006-0145
https://notcve.org/view.php?id=CVE-2006-0145
The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and OpenBSD 3.8, does not properly validate file offsets against negative 32-bit values that occur as a result of truncation, which allows local users to read arbitrary kernel memory and gain privileges via the lseek system call. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-001.txt.asc http://secunia.com/advisories/18388 http://secunia.com/advisories/18712 http://securityreason.com/securityalert/405 http://www.osvdb.org/22293 http://www.securityfocus.com/archive/1/423827/100/0/threaded http://www.securityfocus.com/bid/16173 http://www.securitylab.net/research/2006/02/advisory_netbsd_openbsd_kernfs.html https://exchange.xforce.ibmcloud.com/vulnerabilities/24035 •
CVE-2005-4783
https://notcve.org/view.php?id=CVE-2005-4783
kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not check for a negative offset when reading the message buffer, which allows local users to read arbitrary kernel memory. • http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/miscfs/kernfs/kernfs_vnops.c http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/miscfs/kernfs/kernfs_vnops.c.diff?r1=1.110&r2=1.111&f=h http://mail-index.netbsd.org/netbsd-announce/2005/10/31/0000.html http://releng.netbsd.org/cgi-bin/req-3.cgi?show=727 http://securitytracker.com/id?1015132 http://www.osvdb.org/20729 http://www.packetstormsecurity.org/0601-advisories/NetBSD-SA2006-001.txt •
CVE-2005-4352
https://notcve.org/view.php?id=CVE-2005-4352
The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap." • http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041178.html http://secunia.com/advisories/25691 http://securitytracker.com/id?1015454 http://www.redteam-pentesting.de/advisories/rt-sa-2005-16.txt http://www.securityfocus.com/archive/1/421426/100/0/threaded http://www.securityfocus.com/archive/1/471457 http://www.securityfocus.com/bid/16170 https://exchange.xforce.ibmcloud.com/vulnerabilities/24036 •
CVE-2005-4741
https://notcve.org/view.php?id=CVE-2005-4741
NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2005-013.txt.asc http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0157.html http://mail-index.netbsd.org/source-changes/2005/10/31/0001.html http://prdelka.blackart.org.uk/exploitz/prdelka-vs-BSD-ptrace.tar.gz http://www.osvdb.org/20759 http://www.securityfocus.com/bid/15290 •
CVE-2005-4782
https://notcve.org/view.php?id=CVE-2005-4782
NetBSD 2.0 before 2.0.4, 2.1 before 2.1.1, and 3, when the kernel is compiled with "options DIAGNOSTIC," allows local users to cause a denial of service (kernel assertion panic) via a negative linger time in the SO_LINGER socket option. • http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/kern/uipc_socket.c.diff?r1=1.111&r2=1.112 http://mail-index.netbsd.org/netbsd-announce/2005/11/08/0010.html http://mail-index.netbsd.org/source-changes/2005/10/21/0038.html http://www.securityfocus.com/bid/15289 •