U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:openbsd:openbsd:3.9
There are 26 matching records.
Displaying matches 21 through 26.
Vuln ID Summary CVSS Severity
CVE-2007-0085

Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agp_ioctl NULL pointer reference.

Published: January 05, 2007; 6:28:00 AM -0500
V3.x:(not available)
V2.0: 6.0 MEDIUM
CVE-2006-6164

The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges.

Published: November 28, 2006; 8:28:00 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2006-5218

Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in systrace in OpenBSD 3.9 and NetBSD 3 allows local users to cause a denial of service (crash), gain privileges, or read arbitrary kernel memory via large numeric arguments to the systrace ioctl.

Published: October 10, 2006; 12:06:00 AM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2006-4435

OpenBSD 3.8, 3.9, and possibly earlier versions allows context-dependent attackers to cause a denial of service (kernel panic) by allocating more semaphores than the default.

Published: August 28, 2006; 8:04:00 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2006-4436

isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates Security Associations (SA) with a replay window of size 0 when isakmpd acts as a responder during SA negotiation, which allows remote attackers to replay IPSec packets and bypass the replay protection.

Published: August 28, 2006; 8:04:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-4304

Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver.

Published: August 23, 2006; 9:04:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH