The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-04-10
Updated
2018-10-09
The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-11-13
Updated
2014-11-14
The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect page fault kernel trace entry size, which allows local users to obtain sensitive information from kernel memory via a kernel process trace.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-06-10
Updated
2014-06-24
The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user.
Source: FreeBSD
Max CVSS
2.1
EPSS Score
0.04%
Published
2008-01-16
Updated
2017-08-08
The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2007-11-30
Updated
2017-07-29
The 4BSD process scheduler in the FreeBSD kernel performs scheduling based on CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption) by performing voluntary nanosecond sleeps that result in the process not being active during a clock interrupt, as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2007-07-12
Updated
2008-11-15
The ULE process scheduler in the FreeBSD kernel gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2007-07-12
Updated
2008-11-15
Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. NOTE: this issue has been labeled as an integer overflow, but it is more like an integer signedness error.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.06%
Published
2006-11-21
Updated
2018-10-17
p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by setting a scheduler policy, which should only be settable by root.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2006-10-24
Updated
2008-09-05
ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by calling the ftruncate function on a file type that is not VREG, VLNK or VDIR, which is not defined in POSIX.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.05%
Published
2006-10-24
Updated
2008-09-05
The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels.
Source: Red Hat, Inc.
Max CVSS
2.1
EPSS Score
0.10%
Published
2006-04-20
Updated
2018-10-30
A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel to calculate an incorrect buffer length, which causes more data to be copied to userland than intended, which could allow local users to read portions of kernel memory.
Source: FreeBSD
Max CVSS
2.1
EPSS Score
0.04%
Published
2006-01-25
Updated
2017-07-20
FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a buffer before making it available to userland, which could allow local users to read portions of kernel memory.
Source: FreeBSD
Max CVSS
2.1
EPSS Score
0.04%
Published
2006-01-25
Updated
2017-07-20
The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell.
Source: FreeBSD
Max CVSS
2.1
EPSS Score
0.04%
Published
2006-01-11
Updated
2017-07-20
The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before using it, which allows local users to obtain portions of sensitive kernel memory.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-04-15
Updated
2017-07-11
FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service (crash) via an execve system call with an unaligned memory address as an argument.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-12-06
Updated
2017-07-11
The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local users to access kernel memory to gain privileges or cause a system panic.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-12-06
Updated
2017-07-11
The setsockopt call in the KAME Project IPv6 implementation, as used in FreeBSD 5.2, does not properly handle certain IPv6 socket options, which could allow attackers to read kernel memory and cause a system panic.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.06%
Published
2004-05-04
Updated
2017-07-11
pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2002-12-31
Updated
2017-07-11
The virtual memory management system in FreeBSD 4.5-RELEASE and earlier does not properly check the existence of a VM object during page invalidation, which allows local users to cause a denial of service (crash) by calling msync on an unaccessed memory map created with MAP_ANON and MAP_NOSYNC flags.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2002-12-31
Updated
2017-07-11
FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2002-09-24
Updated
2016-10-18
The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2002-08-12
Updated
2016-10-18
The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2002-08-12
Updated
2008-09-05
ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.06%
Published
2002-07-23
Updated
2016-10-18
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2001-09-20
Updated
2017-10-10
40 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!