CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Openbsd : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-1692 119 DoS Overflow Mem. Corr. 2014-01-29 2014-12-02
7.5
None Remote Low Not required Partial Partial Partial
The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.
2 CVE-2011-1013 189 DoS 2011-05-09 2012-03-19
7.2
None Local Low Not required Complete Complete Complete
Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument.
3 CVE-2010-4478 287 Bypass 2010-12-06 2014-08-08
7.5
None Remote Low Not required Partial Partial Partial
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
4 CVE-2009-0687 399 2 DoS 2009-08-11 2009-08-11
7.8
None Remote Low Not required None None Complete
The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload.
5 CVE-2008-4609 16 DoS 2008-10-20 2013-10-10
7.1
None Remote Medium Not required None None Complete
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
6 CVE-2008-4247 352 Exec Code CSRF 2008-09-25 2012-10-22
7.5
User Remote Low Not required Partial Partial Partial
ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
7 CVE-2008-1058 DoS 2008-02-28 2008-09-05
7.8
None Remote Low Not required None None Complete
The tcp_respond function in netinet/tcp_subr.c in OpenBSD 4.1 and 4.2 allows attackers to cause a denial of service (panic) via crafted TCP packets. NOTE: some of these details are obtained from third party information.
8 CVE-2008-1057 DoS 2008-02-28 2008-09-05
7.8
None Remote Low Not required None None Complete
The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 allows attackers to cause a denial of service (panic) via malformed IPv6 routing headers.
9 CVE-2007-5365 119 1 DoS Exec Code Overflow 2007-10-11 2011-08-02
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.
10 CVE-2007-4752 20 +Priv 2007-09-11 2014-08-08
7.5
User Remote Low Not required Partial Partial Partial
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
11 CVE-2006-6164 +Priv 2006-11-28 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges.
12 CVE-2006-5794 Bypass 2006-11-08 2010-09-15
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.
13 CVE-2006-4924 399 DoS 2006-09-26 2013-09-02
7.8
None Remote Low Not required None None Complete
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
14 CVE-2004-2338 Bypass 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions.
15 CVE-2004-2163 Bypass 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.
16 CVE-2004-1799 Bypass 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces.
17 CVE-2004-1471 DoS Exec Code 2004-12-31 2008-09-05
7.1
Admin Remote High Single system Complete Complete Complete
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.
18 CVE-2004-1082 2004-02-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
19 CVE-2004-0688 Exec Code Overflow 2004-10-20 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
20 CVE-2004-0687 Exec Code Overflow 2004-10-20 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
21 CVE-2004-0488 Exec Code Overflow 2004-07-07 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
22 CVE-2004-0106 2004-03-03 2010-08-21
7.2
Admin Local Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
23 CVE-2003-1562 362 2003-12-31 2008-09-05
7.6
Admin Remote High Not required Complete Complete Complete
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.
24 CVE-2003-0787 +Priv 2003-11-17 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.
25 CVE-2003-0695 DoS Exec Code 2003-10-06 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.
26 CVE-2003-0682 2003-10-06 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
27 CVE-2003-0681 Overflow 2003-10-06 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
28 CVE-2003-0386 Bypass 2003-07-02 2010-08-21
7.5
None Remote Low Not required Partial Partial Partial
OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.
29 CVE-2003-0144 Overflow +Priv 2003-03-31 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.
30 CVE-2003-0028 Exec Code Overflow 2003-03-25 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
31 CVE-2002-1420 2003-04-11 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation.
32 CVE-2002-1219 Exec Code Overflow 2002-11-29 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).
33 CVE-2002-0766 DoS +Priv 2002-08-12 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when OpenBSD fails to open an alternate descriptor.
34 CVE-2002-0765 2002-08-12 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.
35 CVE-2002-0575 Overflow +Priv 2002-06-18 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges.
36 CVE-2002-0572 2002-07-03 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.
37 CVE-2002-0557 2002-07-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an incorrect call to auth_approval().
38 CVE-2002-0542 +Priv 2002-07-03 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron.
39 CVE-2002-0414 2002-08-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets.
40 CVE-2001-1507 2001-12-31 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.
41 CVE-2001-1459 Exec Code Bypass 2001-06-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.
42 CVE-2001-1380 2001-10-18 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.
43 CVE-2001-0872 +Priv 2001-12-21 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.
44 CVE-2001-0816 Bypass 2001-12-06 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.
45 CVE-2001-0670 Exec Code Overflow 2001-10-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.
46 CVE-2001-0572 +Info 2001-08-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.
47 CVE-2001-0529 2001-08-14 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack.
48 CVE-2001-0402 Bypass 2001-06-18 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port.
49 CVE-2001-0268 +Priv 2001-05-03 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address.
50 CVE-2000-1208 +Priv 2002-08-12 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call.
Total number of vulnerabilities : 62   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.