|
|
Cpe Name: cpe:/o:freebsd:freebsd:6.4:stable
Copy Results
Download Results
Select Table
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2010-1938 |
189 |
1
|
DoS Exec Code |
2010-05-28 |
2011-07-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd. |
|
2 |
CVE-2009-2208 |
264 |
|
|
2009-06-24 |
2009-06-30 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on the SIOCSIFINFO_IN6 IOCTL, which allows local users to modify or disable IPv6 network interfaces, as demonstrated by modifying the MTU. |
|
3 |
CVE-2009-1935 |
189 |
|
Overflow Bypass |
2009-06-18 |
2009-07-01 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Integer overflow in the pipe_build_write_buffer function (sys/kern/sys_pipe.c) in the direct write optimization feature in the pipe implementation in FreeBSD 7.1 through 7.2 and 6.3 through 6.4 allows local users to bypass virtual-to-physical address lookups and read sensitive information in memory pages via unspecified vectors. |
|
4 |
CVE-2009-1436 |
20 |
|
+Info |
2009-04-27 |
2009-06-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file. |
|
5 |
CVE-2009-0689 |
119 |
|
DoS Exec Code Overflow |
2009-07-01 |
2010-11-15 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number. |
Total number of vulnerabilities : 5
Page :
1
(This Page)
|
|
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE's CVE web site.
CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE's CWE web site.
OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user's risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.
