CVE-2009-0687 – Multiple Vendor - PF Null Pointer Dereference
https://notcve.org/view.php?id=CVE-2009-0687
The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload. La función pf_test_rule de OpenBSD Packet Filter (PF), tal como es usada en OpenBSD v4.2 hasta v4.5, NetBSD v5.0 anterior a RC3, MirOS v10 y anteriores y MidnightBSD v0.3 hasta la versión actual permite a atacantes remotos causar una denegación de servicio a través de paquetes IP modificados que provocan una "desreferencia" de un puntero nulo relacionada con un paquete IPv4 con datos ("payload") ICMPv6. • https://www.exploit-db.com/exploits/8581 https://www.exploit-db.com/exploits/8430 https://www.exploit-db.com/exploits/8406 ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/013_pf.patch http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-001.txt.asc http://www.helith.net/txt/multiple_vendor-PF_null_pointer_dereference.txt http://www.openbsd.org/errata43.html#013_pf http://www.openbsd.org/errata44.html#013_pf http://www.openbsd.org/errata45.html • CWE-399: Resource Management Errors •
CVE-2006-6653
https://notcve.org/view.php?id=CVE-2006-6653
The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka "a dangling socket"). La función accept en NetBSD-current versiones anteriores a 20061023, NetBSD 3.0 y 3.0.1 versiones anteriores a 20061024, y NetBSD 2.x versiones anteriores a 20061029, permite a atacantes locales provocar una denegación de servicio (agotamiento de socket) a través del parámetro inválido (1) name ó (2) namelen, que podría resultar en un socket nunca cerrado (también conocido como "un socket colagado (dangling)") • ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-026.txt.asc http://securitytracker.com/id?1017293 • CWE-20: Improper Input Validation •
CVE-2006-6013
https://notcve.org/view.php?id=CVE-2006-6013
Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. NOTE: this issue has been labeled as an integer overflow, but it is more like an integer signedness error. Error de presencia de signo en entero en la función fw_ioctl (FW_IOCTL) en los controladores (dev/firewire/fwdev.c) FireWire (IEEE-1394) en varios núcleos de BSD, incluyendo DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT anterior al 15/11/2006, NetBSD-current anterior al 16/11/2006, NetBSD-4 anterior al 03/12/2006, y TrustedBSD, permite a usuarios locales leer contenidos de la memoria de su elección mediante ciertos valores negativos de crom_buf->len en un comando FW_GCROM. Nota: este asunto ha sido etiquetado como un desbordamiento de entero, pero se parece más a un error de presencia de signo en entero. • http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0261.html http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/ieee1394/fwdev.c http://mail-index.netbsd.org/tech-security/2006/11/16/0001.html http://mail-index.netbsd.org/tech-security/2006/12/14/0002.html http://secunia.com/advisories/22917 http://security.freebsd.org/advisories/FreeBSD-SA-06:25.kmem.asc http://securitytracker.com/id?1017344 http://www.dragonflybsd.org/cvsweb/src/sys/bus/firewire/fwdev.c http: •
CVE-2006-6014
https://notcve.org/view.php?id=CVE-2006-6014
The NetBSD-current kernel before 20061028 does not properly perform bounds checking of an unspecified userspace parameter in the ptrace system call during a PT_DUMPCORE request, which allows local users to have an unknown impact. El núcleo NetBSD-current antes del 28/10/2006 no realiza la comprobación de límites adecuadamente de un parámetro userspace no especificado en la llamada al sistema ptrace durante una petición PT_DUMPCORE, lo cual permite a usuarios locales tener un impacto desconocido. • http://mail-index.netbsd.org/current-users/2006/11/10/0000.html •
CVE-2005-4352
https://notcve.org/view.php?id=CVE-2005-4352
The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap." • http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041178.html http://secunia.com/advisories/25691 http://securitytracker.com/id?1015454 http://www.redteam-pentesting.de/advisories/rt-sa-2005-16.txt http://www.securityfocus.com/archive/1/421426/100/0/threaded http://www.securityfocus.com/archive/1/471457 http://www.securityfocus.com/bid/16170 https://exchange.xforce.ibmcloud.com/vulnerabilities/24036 •