CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Freebsd : Security Vulnerabilities (Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-5691 264 DoS +Priv 2013-09-23 2013-10-23
6.9
None Local Medium Not required Complete Complete Complete
The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeBSD 8.3 through 9.2-STABLE do not validate SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR, and SIOCSIFNETMASK requests, which allows local users to perform link-layer actions, cause a denial of service (panic), or possibly gain privileges via a crafted application.
2 CVE-2013-3077 189 Overflow +Priv Bypass 2013-08-28 2013-10-07
7.2
None Local Low Not required Complete Complete Complete
Multiple integer overflows in the IP_MSFILTER and IPV6_MSFILTER features in (1) sys/netinet/in_mcast.c and (2) sys/netinet6/in6_mcast.c in the multicast implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE allow local users to bypass intended restrictions on kernel-memory read and write operations, and consequently gain privileges, via vectors involving a large number of source-filter entries.
3 CVE-2013-2171 264 +Priv Bypass 2013-07-01 2013-08-22
6.9
None Local Medium Not required Complete Complete Complete
The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determine whether a task should have write access to a memory location, which allows local users to bypass filesystem write permissions and consequently gain privileges via a crafted application that leverages read permissions, and makes mmap and ptrace system calls.
4 CVE-2012-0217 119 Overflow +Priv 2012-06-12 2013-10-10
7.2
None Local Low Not required Complete Complete Complete
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
5 CVE-2011-4122 22 +Priv Dir. Trav. 2011-11-17 2012-01-10
6.9
None Local Medium Not required Complete Complete Complete
Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name argument to the pam_start function, as demonstrated by a .. in the -c option to kcheckpass.
6 CVE-2011-4062 119 1 DoS Overflow +Priv 2011-10-17 2011-12-12
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly gain privileges via a bind system call with a long pathname for a UNIX socket.
7 CVE-2010-2693 264 DoS +Priv 2010-07-13 2010-07-14
7.2
Admin Local Low Not required Complete Complete Complete
FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag when creating a duplicate mbuf buffer reference, which allows local users to cause a denial of service (system file corruption) and gain privileges via the sendfile system call.
8 CVE-2010-2020 20 2 +Priv 2010-05-28 2012-11-05
6.9
None Local Medium Not required Complete Complete Complete
sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allows local users to gain privileges via a crafted mount request.
9 CVE-2009-4147 264 +Priv 2009-12-02 2009-12-03
7.2
Admin Local Low Not required Complete Complete Complete
The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the (1) LD_LIBMAP, (2) LD_LIBRARY_PATH, (3) LD_LIBMAP_DISABLE, (4) LD_DEBUG, and (5) LD_ELF_HINTS_PATH environment variables, which allows local users to gain privileges by executing a setuid or setguid program with a modified variable containing an untrusted search path that points to a Trojan horse library, different vectors than CVE-2009-4146.
10 CVE-2009-4146 264 +Priv 2009-12-02 2009-12-07
7.2
Admin Local Low Not required Complete Complete Complete
The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LD_PRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LD_PRELOAD variable containing an untrusted search path that points to a Trojan horse library, a different vector than CVE-2009-4147.
11 CVE-2009-3527 362 DoS +Priv Mem. Corr. 2009-10-06 2009-10-07
6.9
Admin Local Medium Not required Complete Complete Complete
Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 allows local users to cause a denial of service (crash) or gain privileges via vectors related to kqueues, which triggers a use after free, leading to a NULL pointer dereference or memory corruption.
12 CVE-2008-5736 264 2 +Priv 2008-12-26 2011-09-21
7.2
None Local Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, 6.3 before 6.3-RELEASE-p7, 6.4 before 6.4-RELEASE-p1, 7.0 before 7.0-RELEASE-p7, 7.1 before 7.1-RC2, and 7 before 7.1-PRERELEASE allow local users to gain privileges via unknown attack vectors related to function pointers that are "not properly initialized" for (1) netgraph sockets and (2) bluetooth sockets.
13 CVE-2008-3890 264 +Priv 2008-09-05 2008-09-10
7.2
None Local Low Not required Complete Complete Complete
The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an extra swapgs call after a General Protection Fault (GPF), which allows local users to gain privileges by triggering a GPF during the kernel's return from (1) an interrupt, (2) a trap, or (3) a system call.
14 CVE-2008-3531 119 Overflow +Priv 2008-09-05 2008-09-24
6.9
None Local Medium Not required Complete Complete Complete
Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in FreeBSD 7.0 and 7.1, when vfs.usermount is enabled, allows local users to gain privileges via a crafted (1) mount or (2) nmount system call, related to copying of "user defined data" in "certain error conditions."
15 CVE-2008-1215 264 Overflow +Priv 2008-03-08 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via long commands containing "~" characters.
16 CVE-2007-0229 189 DoS Overflow +Priv 2007-01-12 2011-10-11
7.2
Admin Local Low Not required Complete Complete Complete
Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.
17 CVE-2006-6165 +Priv Bypass 2006-11-28 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
** DISPUTED ** ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment.
18 CVE-2006-1283 +Priv 2006-03-23 2011-08-25
7.2
Admin Local Low Not required Complete Complete Complete
opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd.
19 CVE-2005-1036 DoS +Priv Bypass +Info 2005-05-02 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges.
20 CVE-2004-0602 +Priv 2004-12-06 2008-09-05
2.1
None Local Low Not required Partial None None
The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local users to access kernel memory to gain privileges or cause a system panic.
21 CVE-2004-0126 +Priv 2004-03-29 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn't have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail.
22 CVE-2004-0114 +Priv 2004-03-03 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges.
23 CVE-2003-0144 Overflow +Priv 2003-03-31 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.
24 CVE-2002-2092 +Priv 2002-12-31 2008-09-05
3.7
User Local High Not required Partial Partial Partial
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.
25 CVE-2002-0829 Overflow +Priv 2002-08-12 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system.
26 CVE-2002-0820 +Priv 2002-08-12 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the descriptors reference procfs or linprocfs, which could allow local users to reuse the file descriptors in a setuid or setgid program to modify critical data and gain privileges.
27 CVE-2002-0754 +Priv 2002-08-12 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them.
28 CVE-2002-0062 Overflow +Priv 2002-03-08 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."
29 CVE-2001-1185 +Priv 2001-12-10 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
Some AIO operations in FreeBSD 4.4 may be delayed until after a call to execve, which could allow a local user to overwrite memory of the new process and gain privileges.
30 CVE-2001-1180 +Priv 2001-07-10 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child.
31 CVE-2001-1017 +Priv 2001-09-04 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords.
32 CVE-2001-0230 Overflow +Priv 2001-06-02 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly other operating systems, allows local users to gain privileges.
33 CVE-2001-0221 Overflow +Priv 2001-06-02 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in ja-xklock 2.7.1 and earlier allows local users to gain root privileges.
34 CVE-2001-0128 +Priv Bypass 2001-03-12 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.
35 CVE-2001-0094 Overflow +Priv 2001-02-12 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 authentication library) in NetBSD 1.5 and FreeBSD 4.2 and earlier, as used in Kerberised applications such as telnetd and login, allows local users to gain root privileges.
36 CVE-2001-0093 +Priv 2001-02-12 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain root privileges by modifying critical environmental variables that affect the behavior of telnetd.
37 CVE-2001-0063 +Priv Bypass 2001-02-12 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
procfs in FreeBSD and possibly other operating systems allows local users to bypass access control restrictions for a jail environment and gain additional privileges.
38 CVE-2001-0061 +Priv 2001-02-12 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
procfs in FreeBSD and possibly other operating systems does not properly restrict access to per-process mem and ctl files, which allows local users to gain root privileges by forking a child process and executing a privileged process from the child, while the parent retains access to the child's address space.
39 CVE-2000-1011 Overflow +Priv 2000-12-11 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to gain root privileges via a long environmental variable.
40 CVE-2000-0998 +Priv 2000-12-11 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function.
41 CVE-2000-0993 +Priv 2000-12-19 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.
42 CVE-2000-0852 Overflow +Priv 2000-11-14 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges.
43 CVE-2000-0752 Overflow +Priv 2000-10-20 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflows in brouted in FreeBSD and possibly other OSes allows local users to gain root privileges via long command line arguments.
44 CVE-2000-0749 Overflow +Priv 2000-10-20 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system.
45 CVE-2000-0235 Overflow +Priv 2000-03-27 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges.
46 CVE-2000-0186 Overflow +Priv 2000-02-28 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.
47 CVE-2000-0163 +Priv 2000-02-21 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
asmon and ascpu in FreeBSD allow local users to gain root privileges via a configuration file.
48 CVE-1999-1385 Overflow +Priv 1996-12-19 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable.
49 CVE-1999-1313 +Priv 1996-05-23 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Manual page reader (man) in FreeBSD 2.2 and earlier allows local users to gain privileges via a sequence of commands.
50 CVE-1999-1187 +Priv 1996-08-26 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail.
Total number of vulnerabilities : 58   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.