CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Openbsd : Security Vulnerabilities (Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-2904 16 +Priv 2009-10-01 2014-08-08
6.9
None Local Medium Not required Complete Complete Complete
A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
2 CVE-2008-1215 264 Overflow +Priv 2008-03-08 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via long commands containing "~" characters.
3 CVE-2007-4752 20 +Priv 2007-09-11 2014-08-08
7.5
User Remote Low Not required Partial Partial Partial
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
4 CVE-2007-0085 +Priv 2007-01-05 2008-09-05
6.0
Admin Local High Single system Complete Complete Complete
Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agp_ioctl NULL pointer reference.
5 CVE-2006-6164 +Priv 2006-11-28 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges.
6 CVE-2006-5218 DoS Overflow +Priv 2006-10-10 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in systrace in OpenBSD 3.9 and NetBSD 3 allows local users to cause a denial of service (crash), gain privileges, or read arbitrary kernel memory via large numeric arguments to the systrace ioctl.
7 CVE-2004-0114 +Priv 2004-03-03 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges.
8 CVE-2003-0787 +Priv 2003-11-17 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.
9 CVE-2003-0786 +Priv 2003-11-17 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.
10 CVE-2003-0144 Overflow +Priv 2003-03-31 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.
11 CVE-2002-2180 +Priv 2002-12-31 2008-09-05
6.8
Admin Local Low Single system Complete Complete Complete
The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error.
12 CVE-2002-2092 +Priv 2002-12-31 2008-09-05
3.7
User Local High Not required Partial Partial Partial
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.
13 CVE-2002-0766 DoS +Priv 2002-08-12 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when OpenBSD fails to open an alternate descriptor.
14 CVE-2002-0575 Overflow +Priv 2002-06-18 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges.
15 CVE-2002-0542 +Priv 2002-07-03 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron.
16 CVE-2002-0083 189 +Priv 2002-03-15 2008-11-20
10.0
Admin Remote Low Not required Complete Complete Complete
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
17 CVE-2001-0872 +Priv 2001-12-21 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.
18 CVE-2001-0268 +Priv 2001-05-03 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address.
19 CVE-2001-0053 Overflow +Priv 2001-02-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges.
20 CVE-2000-1208 +Priv 2002-08-12 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call.
21 CVE-2000-0999 +Priv 2000-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges.
22 CVE-2000-0997 +Priv 2000-12-19 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges.
23 CVE-2000-0996 +Priv 2000-12-19 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell.
24 CVE-2000-0995 +Priv 2000-12-19 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name.
25 CVE-2000-0994 +Priv 2000-12-19 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable.
26 CVE-2000-0993 +Priv 2000-12-19 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.
27 CVE-2000-0312 +Priv 2001-03-12 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron's fake popen function.
Total number of vulnerabilities : 27   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.