Freebsd » Freebsd : Security Vulnerabilities, CVEs, CVSS score between 7 and 7.99

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

Local user gains root privileges via buffer overflow in rdist, via expstr() function.

Local user gains root privileges via buffer overflow in rdist, via lookup() function.

Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.

Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail.

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

Vacation program allows command execution by remote users through a sendmail command.

Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname.

Local users can start Sendmail in daemon mode and gain root privileges.

Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.

The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.

Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable.

mmap function in BSD allows local attackers in the kmem group to modify memory through devices.

A buffer overflow in lsof allows local users to obtain root privilege.

Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program.

KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.

FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks.

Buffer overflow in FreeBSD gdc program.

FreeBSD mount_union command allows local users to gain root privileges via a symlink attack.

Buffer overflow in FreeBSD setlocale in the libc module allows attackers to execute arbitrary code via a long PATH_LOCALE environment variable.

xsoldier program allows local users to gain root access via a long argument.

Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access to certain system resources.

A design flaw in the Z-Modem protocol allows the remote sender of a file to execute arbitrary programs on the client, as implemented in rz in the rzsz module of FreeBSD before 2.1.5, and possibly other programs.

Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable.

runtar in the Amanda backup system used in various UNIX operating systems executes tar with root privileges, which allows a user to overwrite or read arbitrary files by providing the target files to runtar.