CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Freebsd : Security Vulnerabilities Published In 2000

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2000-1066 DoS 2000-12-11 2008-09-05
5.0
None Remote Low Not required None None Partial
The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname.
2 CVE-2000-1013 2000-12-11 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
The setlocale function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable.
3 CVE-2000-1012 2000-12-11 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable.
4 CVE-2000-1011 Overflow +Priv 2000-12-11 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to gain root privileges via a long environmental variable.
5 CVE-2000-0998 +Priv 2000-12-11 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function.
6 CVE-2000-0993 +Priv 2000-12-19 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.
7 CVE-2000-0963 Exec Code Overflow 2000-12-19 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.
8 CVE-2000-0916 2000-12-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections.
9 CVE-2000-0915 2000-12-19 2008-09-05
5.0
None Remote Low Not required Partial None None
fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name.
10 CVE-2000-0852 Overflow +Priv 2000-11-14 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges.
11 CVE-2000-0752 Overflow +Priv 2000-10-20 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflows in brouted in FreeBSD and possibly other OSes allows local users to gain root privileges via long command line arguments.
12 CVE-2000-0749 Overflow +Priv 2000-10-20 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system.
13 CVE-2000-0729 DoS 2000-10-20 2008-09-05
2.1
None Local Low Not required None None Partial
FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header.
14 CVE-2000-0595 Exec Code 2000-07-05 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users to execute arbitrary commands by installing a modified .editrc in another directory.
15 CVE-2000-0594 DoS 2000-07-04 2008-09-10
5.0
None Remote Low Not required None None Partial
BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.
16 CVE-2000-0584 Exec Code Overflow 2000-07-02 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name.
17 CVE-2000-0535 2000-06-12 2008-09-10
5.0
None Remote Low Not required None Partial None
OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.
18 CVE-2000-0532 2000-06-07 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port 722 as well as port 22, which might allow remote attackers to access SSH through port 722 even if port 22 is otherwise filtered.
19 CVE-2000-0461 DoS 2000-05-29 2008-09-10
2.1
None Local Low Not required None None Partial
The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.
20 CVE-2000-0440 DoS 2000-05-01 2008-09-10
5.0
None Remote Low Not required None None Partial
NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option.
21 CVE-2000-0235 Overflow +Priv 2000-03-27 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges.
22 CVE-2000-0186 Overflow +Priv 2000-02-28 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.
23 CVE-2000-0163 +Priv 2000-02-21 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
asmon and ascpu in FreeBSD allow local users to gain root privileges via a configuration file.
24 CVE-2000-0092 2000-01-19 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.
25 CVE-1999-1008 2000-05-17 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
xsoldier program allows local users to gain root access via a long argument.
26 CVE-1999-0964 Exec Code Overflow 2000-01-01 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in FreeBSD setlocale in the libc module allows attackers to execute arbitrary code via a long PATH_LOCALE environment variable.
27 CVE-1999-0761 Overflow 2000-09-16 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program.
Total number of vulnerabilities : 27   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.