isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and in OpenBSD 3.1, allows remote attackers to cause a denial of service (crash) by sending Internet Key Exchange (IKE) payloads out of sequence.
Max CVSS
5.1
EPSS Score
0.70%
Published
2002-12-31
Updated
2017-07-29
The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error.
Max CVSS
6.8
EPSS Score
0.04%
Published
2002-12-31
Updated
2008-09-05
tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.
Max CVSS
5.5
EPSS Score
0.04%
Published
2002-12-31
Updated
2024-02-08
Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.
Max CVSS
5.0
EPSS Score
0.13%
Published
2002-12-23
Updated
2018-10-30
BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.
Max CVSS
5.0
EPSS Score
5.35%
Published
2002-11-29
Updated
2018-05-03
BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.
Max CVSS
5.0
EPSS Score
15.20%
Published
2002-11-29
Updated
2018-05-03
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).
Max CVSS
7.5
EPSS Score
13.55%
Published
2002-11-29
Updated
2018-05-03
OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when OpenBSD fails to open an alternate descriptor.
Max CVSS
7.2
EPSS Score
0.06%
Published
2002-08-12
Updated
2008-09-10
sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.
Max CVSS
7.5
EPSS Score
0.48%
Published
2002-08-12
Updated
2008-09-10
FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.
Max CVSS
7.2
EPSS Score
0.04%
Published
2002-07-03
Updated
2018-10-30
Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an incorrect call to auth_approval().
Max CVSS
7.5
EPSS Score
0.33%
Published
2002-07-03
Updated
2008-09-05
mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron.
Max CVSS
7.2
EPSS Score
0.04%
Published
2002-07-03
Updated
2016-10-18
PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL.
Max CVSS
5.0
EPSS Score
0.67%
Published
2002-08-12
Updated
2008-09-05
KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets.
Max CVSS
7.5
EPSS Score
0.45%
Published
2002-08-12
Updated
2008-09-05
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
Max CVSS
10.0
EPSS Score
85.02%
Published
2002-08-12
Updated
2024-02-08
The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address.
Max CVSS
5.0
EPSS Score
0.16%
Published
2002-06-25
Updated
2008-09-05
Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call.
Max CVSS
7.2
EPSS Score
0.06%
Published
2002-08-12
Updated
2016-10-18
17 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!