| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2006-5229 |
200 |
|
+Info |
2006-10-10 |
2011-08-26 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds. |
|
2 |
CVE-2004-2230 |
|
|
DoS Overflow |
2004-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket. |
|
3 |
CVE-2002-2280 |
16 |
|
|
2002-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server. |
|
4 |
CVE-2002-1915 |
|
|
DoS |
2002-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file. |
|
5 |
CVE-2002-0701 |
|
|
+Info |
2002-07-23 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges. |
|
6 |
CVE-2001-1559 |
|
|
DoS |
2001-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference. |
|
7 |
CVE-2001-1029 |
|
|
Bypass |
2001-09-20 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files. |
|
8 |
CVE-2001-0378 |
|
|
|
2001-06-27 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files. |
|
9 |
CVE-2000-0489 |
|
|
DoS |
1999-09-05 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers. |
|
10 |
CVE-2000-0309 |
|
|
DoS |
2001-03-12 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service. |
|
11 |
CVE-1999-1214 |
255 |
|
DoS |
1997-09-15 |
2011-03-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID. |
|
12 |
CVE-1999-1010 |
|
|
|
1999-12-14 |
2008-09-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy. |
|
13 |
CVE-1999-0485 |
|
|
|
1999-02-19 |
2008-09-09 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD. |
|
14 |
CVE-1999-0484 |
|
|
Overflow |
1999-02-23 |
2008-09-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Buffer overflow in OpenBSD ping. |
|
15 |
CVE-1999-0483 |
|
|
|
1999-02-25 |
2008-09-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
OpenBSD crash using nlink value in FFS and EXT2FS filesystems. |
|
16 |
CVE-1999-0396 |
|
|
DoS |
1999-02-17 |
2008-09-09 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service. |
