CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Freebsd : Security Vulnerabilities (Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-1452 119 DoS Exec Code Overflow 2014-01-21 2014-02-21
5.8
None Local Network Low Not required Partial Partial Partial
Stack-based buffer overflow in lib/snmpagent.c in bsnmpd, as used in FreeBSD 8.3 through 10.0, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted GETBULK PDU request.
2 CVE-2013-3077 189 Overflow +Priv Bypass 2013-08-28 2013-10-07
7.2
None Local Low Not required Complete Complete Complete
Multiple integer overflows in the IP_MSFILTER and IPV6_MSFILTER features in (1) sys/netinet/in_mcast.c and (2) sys/netinet6/in6_mcast.c in the multicast implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE allow local users to bypass intended restrictions on kernel-memory read and write operations, and consequently gain privileges, via vectors involving a large number of source-filter entries.
3 CVE-2012-0217 119 Overflow +Priv 2012-06-12 2013-10-10
7.2
None Local Low Not required Complete Complete Complete
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
4 CVE-2011-4862 119 1 Exec Code Overflow 2011-12-24 2013-07-17
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
5 CVE-2011-4062 119 1 DoS Overflow +Priv 2011-10-17 2011-12-12
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly gain privileges via a bind system call with a long pathname for a UNIX socket.
6 CVE-2011-2895 119 Exec Code Overflow 2011-08-19 2012-12-18
9.3
None Remote Medium Not required Complete Complete Complete
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
7 CVE-2011-1778 119 DoS Exec Code Overflow 2012-04-13 2012-05-11
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive.
8 CVE-2011-1777 119 DoS Exec Code Overflow 2012-04-13 2012-05-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image.
9 CVE-2010-4666 119 DoS Overflow 2012-04-13 2012-04-16
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data.
10 CVE-2009-1935 189 Overflow Bypass 2009-06-18 2009-07-01
4.9
None Local Low Not required Complete None None
Integer overflow in the pipe_build_write_buffer function (sys/kern/sys_pipe.c) in the direct write optimization feature in the pipe implementation in FreeBSD 7.1 through 7.2 and 6.3 through 6.4 allows local users to bypass virtual-to-physical address lookups and read sensitive information in memory pages via unspecified vectors.
11 CVE-2009-1041 119 1 Overflow 2009-03-26 2009-04-02
7.2
Admin Local Low Not required Complete Complete Complete
The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 allows local users to overwrite arbitrary kernel memory via an out-of-bounds timer value.
12 CVE-2009-0689 119 DoS Exec Code Overflow 2009-07-01 2014-03-25
6.8
User Remote Medium Not required Partial Partial Partial
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
13 CVE-2008-3531 119 Overflow +Priv 2008-09-05 2008-09-24
6.9
None Local Medium Not required Complete Complete Complete
Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in FreeBSD 7.0 and 7.1, when vfs.usermount is enabled, allows local users to gain privileges via a crafted (1) mount or (2) nmount system call, related to copying of "user defined data" in "certain error conditions."
14 CVE-2008-1391 189 Exec Code Overflow 2008-03-27 2010-06-23
7.5
User Remote Low Not required Partial Partial Partial
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.
15 CVE-2008-1215 264 Overflow +Priv 2008-03-08 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via long commands containing "~" characters.
16 CVE-2007-6754 189 Overflow 2012-07-25 2012-07-26
5.0
None Remote Low Not required None None Partial
The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD does not properly allocate memory, which makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, related to "integer rounding and overflow" errors.
17 CVE-2007-3641 DoS Exec Code Overflow 2007-07-13 2012-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.
18 CVE-2007-0229 189 DoS Overflow +Priv 2007-01-12 2011-10-11
7.2
Admin Local Low Not required Complete Complete Complete
Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.
19 CVE-2006-7252 189 Overflow 2012-07-25 2012-07-26
5.0
None Remote Low Not required None None Partial
Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of one byte.
20 CVE-2006-6397 Overflow 2006-12-07 2008-09-05
4.4
User Local Medium Not required Partial Partial Partial
** DISPUTED ** Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is not a vulnerability.
21 CVE-2006-6013 Overflow 2006-11-21 2008-09-05
2.1
None Local Low Not required Partial None None
Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. NOTE: this issue has been labeled as an integer overflow, but it is more like an integer signedness error.
22 CVE-2006-5824 DoS Overflow 2006-11-09 2008-09-05
4.9
None Local Low Not required None None Complete
Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows local users to cause a denial of service (kernel panic) and trigger a heap-based buffer overflow via a crafted UFS filesystem, a different vulnerability than CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.
23 CVE-2006-5679 189 DoS Exec Code Overflow 2006-11-03 2011-10-11
4.6
None Local Low Not required Partial Partial Partial
Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted UFS filesystem that causes invalid or large size parameters to be provided to the kmem_alloc function. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.
24 CVE-2006-4304 DoS Exec Code Overflow +Info 2006-08-23 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver.
25 CVE-2006-4172 DoS Exec Code Overflow 2006-09-25 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Integer overflow vulnerability in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-4178.
26 CVE-2006-0226 Exec Code Overflow 2006-01-18 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or (2) probe response frames.
27 CVE-2004-1053 Exec Code Overflow 2005-03-01 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote malicious servers to execute arbitrary code via certain HTTP headers in an HTTP response, which lead to a buffer overflow.
28 CVE-2003-1234 DoS Exec Code Overflow 2003-12-31 2008-09-05
3.6
None Local Low Not required None Partial Partial
Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop.
29 CVE-2003-0694 Exec Code Overflow 2003-10-06 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
30 CVE-2003-0466 Exec Code Overflow 2003-08-27 2010-05-25
10.0
Admin Remote Low Not required Complete Complete Complete
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
31 CVE-2003-0144 Overflow +Priv 2003-03-31 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.
32 CVE-2003-0028 Exec Code Overflow 2003-03-25 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
33 CVE-2002-1219 Exec Code Overflow 2002-11-29 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).
34 CVE-2002-0829 Overflow +Priv 2002-08-12 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system.
35 CVE-2002-0391 Exec Code Overflow Bypass 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
36 CVE-2002-0062 Overflow +Priv 2002-03-08 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."
37 CVE-2001-0670 Exec Code Overflow 2001-10-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.
38 CVE-2001-0554 Exec Code Overflow 2001-08-14 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
39 CVE-2001-0247 Exec Code Overflow 2001-06-18 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.
40 CVE-2001-0230 Overflow +Priv 2001-06-02 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly other operating systems, allows local users to gain privileges.
41 CVE-2001-0221 Overflow +Priv 2001-06-02 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in ja-xklock 2.7.1 and earlier allows local users to gain root privileges.
42 CVE-2001-0094 Overflow +Priv 2001-02-12 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 authentication library) in NetBSD 1.5 and FreeBSD 4.2 and earlier, as used in Kerberised applications such as telnetd and login, allows local users to gain root privileges.
43 CVE-2000-1011 Overflow +Priv 2000-12-11 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to gain root privileges via a long environmental variable.
44 CVE-2000-0963 Exec Code Overflow 2000-12-19 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.
45 CVE-2000-0852 Overflow +Priv 2000-11-14 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges.
46 CVE-2000-0752 Overflow +Priv 2000-10-20 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflows in brouted in FreeBSD and possibly other OSes allows local users to gain root privileges via long command line arguments.
47 CVE-2000-0749 Overflow +Priv 2000-10-20 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system.
48 CVE-2000-0584 Exec Code Overflow 2000-07-02 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name.
49 CVE-2000-0388 Exec Code Overflow 1990-05-09 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable.
50 CVE-2000-0235 Overflow +Priv 2000-03-27 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges.
Total number of vulnerabilities : 70   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.