U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:openbsd:openbsd:2.9:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 56 matching records.
Displaying matches 41 through 56.
Vuln ID Summary CVSS Severity
CVE-2002-0766

OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when OpenBSD fails to open an alternate descriptor.

Published: August 12, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2002-0701

ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges.

Published: July 23, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2002-0542

mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron.

Published: July 03, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2002-0381

The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address.

Published: June 25, 2002; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2001-1559

The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference.

Published: December 31, 2001; 12:00:00 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2001-1415

vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes.

Published: November 13, 2001; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2001-0670

Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.

Published: October 03, 2001; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2001-1145

fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories.

Published: August 17, 2001; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 6.2 MEDIUM
CVE-2001-1244

Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.

Published: July 07, 2001; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2001-1047

Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork.

Published: June 02, 2001; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 1.2 LOW
CVE-2000-0995

Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name.

Published: December 19, 2000; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2000-0996

Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell.

Published: December 19, 2000; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-1999-0482

OpenBSD kernel crash through TSS handling, as caused by the crashme program.

Published: March 21, 1999; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-1999-0483

OpenBSD crash using nlink value in FFS and EXT2FS filesystems.

Published: February 25, 1999; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-1999-0484

Buffer overflow in OpenBSD ping.

Published: February 23, 1999; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-1999-1225

rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.

Published: August 24, 1997; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM