National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:freebsd:freebsd:4.9:p13
There are 88 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2007-3722

The 4BSD process scheduler in the FreeBSD kernel performs scheduling based on CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption) by performing voluntary nanosecond sleeps that result in the process not being active during a clock interrupt, as described in "Secretly Monopolizing the CPU Without Superuser Privileges."

Published: July 12, 2007; 12:30:00 PM -04:00
    V2: 2.1 LOW
CVE-2007-0166

The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack.

Published: January 11, 2007; 03:28:00 PM -05:00
    V2: 6.6 MEDIUM
CVE-2006-4172

Integer overflow vulnerability in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-4178.

Published: September 25, 2006; 10:07:00 PM -04:00
    V2: 7.2 HIGH
CVE-2006-4178

Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) via unspecified arguments that use negative signed integers to cause the bzero function to be called with a large length parameter, a different vulnerability than CVE-2006-4172.

Published: September 25, 2006; 10:07:00 PM -04:00
    V2: 4.9 MEDIUM
CVE-2006-1056

The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels.

Published: April 20, 2006; 06:02:00 AM -04:00
    V2: 2.1 LOW
CVE-2006-1283

opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd.

Published: March 23, 2006; 03:06:00 PM -05:00
    V2: 7.2 HIGH
CVE-2006-0905

A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks.

Published: March 23, 2006; 06:06:00 AM -05:00
    V2: 7.5 HIGH
CVE-2005-2068

FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers to modify certain TCP options via a TCP packet with the SYN flag set for an already established session.

Published: July 05, 2005; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2005-0356

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.

Published: May 31, 2005; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2005-1399

FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver.

Published: May 06, 2005; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2005-1400

The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values.

Published: May 06, 2005; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2005-1406

The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory.

Published: May 06, 2005; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2005-0708

The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information.

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2005-0988

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 3.7 LOW
CVE-2005-1126

The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before using it, which allows local users to obtain portions of sensitive kernel memory.

Published: April 15, 2005; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2005-0610

Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a port or package, or (3) create arbitrary zero-byte files via the pkgdb.fixme temporary file.

Published: April 12, 2005; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2005-0109

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.

Published: March 05, 2005; 12:00:00 AM -05:00
V3.0: 5.6 MEDIUM
    V2: 4.7 MEDIUM
CVE-2004-1066

The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly validate a process argument vector, which allows local users to cause a denial of service (panic) or read portions of kernel memory. NOTE: this candidate might be SPLIT into 2 separate items in the future.

Published: January 10, 2005; 12:00:00 AM -05:00
    V2: 3.6 LOW
CVE-2004-1471

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.

Published: December 31, 2004; 12:00:00 AM -05:00
    V2: 7.1 HIGH
CVE-2004-0079

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

Published: November 23, 2004; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM