18 results (0.006 seconds)

CVSS: 7.1EPSS: 2%CPEs: 2049EXPL: 0

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. La implementación del protocolo TCP en (1) Linux, (2) plataformas basadas en BSD Unix, (3) Microsoft Windows, (4) productos Cisco, y probablemente otros sistemas operativos, permite a atacantes remotos provocar una denegación de servicio (agotamiento de cola de conexión) a través de múltiples vectores que manipulan información en la tabla de estados del TCP, como lo demuestra sockstress. • http://blog.robertlee.name/2008/10/conjecture-speculation.html http://insecure.org/stf/tcp-dos-attack-explained.html http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html http://marc.info/?l=bugtraq&m=125856010926699&w=2 http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html http://www.cpni • CWE-16: Configuration •

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 1

Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI BSD/OS 3.0 through 4.2 allows local users to execute arbitrary code via a long command line argument. • http://www.iss.net/security_center/static/7633.php http://www.securityfocus.com/archive/1/243096 http://www.securityfocus.com/bid/3603 •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 2

Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users to cause a denial of service (reboot) in the kernel via a particular sequence of instructions. • https://www.exploit-db.com/exploits/21077 http://www.iss.net/security_center/static/7023.php http://www.securityfocus.com/archive/1/209192 http://www.securityfocus.com/bid/3220 •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 3

rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows local attackers to gain privileges by specifying an alternate Trojan horse script on the command line. • https://www.exploit-db.com/exploits/202 http://www.securityfocus.com/archive/1/147120 http://www.securityfocus.com/bid/2009 •

CVSS: 5.0EPSS: 0%CPEs: 23EXPL: 0

ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets. ip_input.c en implementaciones de TCP/IP derivadas de BSD permiten a atacantes remotos causar una denegación de servicio (cuelgue o caída) mediante paquetes artesanales. • http://www.openbsd.org/errata23.html#tcpfix http://www.osvdb.org/5707 • CWE-20: Improper Input Validation •