National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:freebsd:freebsd:4.6:p19
There are 91 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2005-2068

FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers to modify certain TCP options via a TCP packet with the SYN flag set for an already established session.

Published: July 05, 2005; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2005-0356

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.

Published: May 31, 2005; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2005-1399

FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver.

Published: May 06, 2005; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2005-1406

The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory.

Published: May 06, 2005; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2005-0708

The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information.

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2005-0988

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 3.7 LOW
CVE-2005-1126

The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before using it, which allows local users to obtain portions of sensitive kernel memory.

Published: April 15, 2005; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2005-0610

Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a port or package, or (3) create arbitrary zero-byte files via the pkgdb.fixme temporary file.

Published: April 12, 2005; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2005-0109

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.

Published: March 05, 2005; 12:00:00 AM -05:00
V3.0: 5.6 MEDIUM
    V2: 4.7 MEDIUM
CVE-2004-1066

The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly validate a process argument vector, which allows local users to cause a denial of service (panic) or read portions of kernel memory. NOTE: this candidate might be SPLIT into 2 separate items in the future.

Published: January 10, 2005; 12:00:00 AM -05:00
    V2: 3.6 LOW
CVE-2004-1471

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 7.1 HIGH
CVE-2004-0125

The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verify that an attempt to manipulate routing tables originated from a non-jailed process, which could allow local users to modify the routing table.

Published: August 06, 2004; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2004-0002

The TCP MSS (maximum segment size) functionality in netinet allows remote attackers to cause a denial of service (resource exhaustion) via (1) a low MTU, which causes a large number of small packets to be produced, or (2) via a large number of packets with a small TCP payload, which cause a large number of calls to the resource-intensive sowakeup function.

Published: March 03, 2004; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2004-0114

The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges.

Published: March 03, 2004; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2003-1234

Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop.

Published: December 31, 2003; 12:00:00 AM -05:00
    V2: 3.6 LOW
CVE-2003-0914

ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.

Published: December 15, 2003; 12:00:00 AM -05:00
    V2: 4.3 MEDIUM
CVE-2003-0804

The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests.

Published: November 17, 2003; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2003-0688

The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.

Published: October 20, 2003; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2003-0466

Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.

Published: August 27, 2003; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2003-0028

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

Published: March 25, 2003; 12:00:00 AM -05:00
    V2: 7.5 HIGH