CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Openbsd : Security Vulnerabilities Published In 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1000373 400 Exec Code 2017-06-19 2017-08-11
6.4
None Remote Low Not required None Partial Partial
The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions.
2 CVE-2017-1000372 284 Exec Code Bypass 2017-06-19 2017-06-29
7.5
None Remote Low Not required Partial Partial Partial
A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions.
3 CVE-2017-8301 254 2017-04-27 2017-05-10
2.6
None Remote High Not required None Partial None
LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx.
4 CVE-2017-5850 399 DoS 2017-03-27 2017-03-31
7.8
None Remote Low Not required None None Complete
httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header.
5 CVE-2016-10012 119 Overflow +Priv 2017-01-04 2017-01-06
7.2
None Local Low Not required Complete Complete Complete
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.
6 CVE-2016-10011 320 +Info 2017-01-04 2017-01-06
2.1
None Local Low Not required Partial None None
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.
7 CVE-2016-10010 264 +Priv 2017-01-04 2017-01-06
6.9
None Local Medium Not required Complete Complete Complete
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.
8 CVE-2016-10009 426 2017-01-04 2017-01-06
7.5
None Remote Low Not required Partial Partial Partial
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
9 CVE-2016-6522 190 DoS Overflow 2017-03-07 2017-03-08
4.9
None Local Low Not required None None Complete
Integer overflow in the uvm_map_isavail function in uvm/uvm_map.c in OpenBSD 5.9 allows local users to cause a denial of service (kernel panic) via a crafted mmap call, which triggers the new mapping to overlap with an existing mapping.
10 CVE-2016-6350 476 DoS 2017-03-07 2017-03-08
4.9
None Local Low Not required None None Complete
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (NULL pointer dereference and panic) via a sysctl call with a path starting with 10,9.
11 CVE-2016-6247 20 DoS 2017-03-07 2017-03-08
4.9
None Local Low Not required None None Complete
OpenBSD 5.8 and 5.9 allows certain local users to cause a denial of service (kernel panic) by unmounting a filesystem with an open vnode on the mnt_vnodelist.
12 CVE-2016-6246 20 DoS 2017-03-07 2017-03-08
4.9
None Local Low Not required None None Complete
OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount privileges to cause a denial of service (kernel panic) by mounting a tmpfs with a VNOVAL in the (1) username, (2) groupname, or (3) device name of the root node.
13 CVE-2016-6245 DoS 2017-03-07 2017-03-08
4.9
None Local Low Not required None None Complete
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a large size in a getdents system call.
14 CVE-2016-6244 20 DoS 2017-03-07 2017-03-08
7.8
None Remote Low Not required None None Complete
The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel 5.9 allows remote attackers to cause a denial of service (panic) via a negative "ts.tv_sec" value.
15 CVE-2016-6243 20 DoS 2017-03-07 2017-03-08
4.9
None Local Low Not required None None Complete
thrsleep in kern/kern_synch.c in OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a crafted value in the tsp parameter of the __thrsleep system call.
16 CVE-2016-6242 189 DoS 2017-03-07 2017-03-08
4.9
None Local Low Not required None None Complete
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call.
17 CVE-2016-6241 190 Exec Code Overflow 2017-03-07 2017-08-31
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.
18 CVE-2016-6240 189 Exec Code 2017-03-07 2017-08-31
7.2
None Local Low Not required Complete Complete Complete
Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.
19 CVE-2016-6239 20 DoS 2017-03-07 2017-08-31
4.9
None Local Low Not required None None Complete
The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attackers to cause a denial of service (kernel panic and crash) via a large size value.
20 CVE-2016-6210 200 +Info 2017-02-13 2017-09-02
4.3
None Remote Medium Not required Partial None None
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
21 CVE-2016-1908 254 2017-04-11 2017-09-09
7.5
None Remote Low Not required Partial Partial Partial
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.
Total number of vulnerabilities : 21   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.