|
|
Openbsd : Security Vulnerabilities (CVSS score between 3 and 3.99)
Copy Results
Download Results
Select Table
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-0814 |
255 |
|
+Info |
2012-01-27 |
2012-02-16 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory. |
|
2 |
CVE-2011-5000 |
189 |
|
DoS |
2012-04-05 |
2012-07-21 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant. |
|
3 |
CVE-2007-1352 |
|
|
Exec Code Overflow |
2007-04-05 |
2010-11-30 |
3.8 |
None |
Local Network |
Medium |
Single system |
None |
Partial |
Partial |
|
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow. |
|
4 |
CVE-2003-1366 |
200 |
|
+Info |
2003-12-31 |
2008-09-05 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information. |
|
5 |
CVE-2002-2092 |
|
|
+Priv |
2002-12-31 |
2008-09-05 |
3.7 |
User |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid. |
|
6 |
CVE-1999-0703 |
|
|
|
1999-08-03 |
2008-09-09 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices. |
Total number of vulnerabilities : 6
Page :
1
(This Page)
|
|
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE's CVE web site.
CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE's CWE web site.
OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user's risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.
