CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Freebsd » Freebsd » 6.2 Stable * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:freebsd:freebsd:6.2:stable:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-4609 16 DoS 2008-10-20 2021-07-07
7.1
None Remote Medium Not required None None Complete
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
2 CVE-2008-0216 264 2008-01-16 2017-08-08
2.1
None Local Low Not required None Partial None
The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user.
3 CVE-2006-6397 Overflow 2006-12-08 2018-10-17
4.4
None Local Medium Not required Partial Partial Partial
** DISPUTED ** Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is not a vulnerability.
4 CVE-2006-6165 +Priv Bypass 2006-11-29 2018-10-17
7.2
None Local Low Not required Complete Complete Complete
** DISPUTED ** ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment.
5 CVE-2002-0701 +Info 2002-07-23 2016-10-18
2.1
None Local Low Not required Partial None None
ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges.
6 CVE-2001-0424 Exec Code 2001-07-02 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id.
7 CVE-2001-0128 +Priv Bypass 2001-03-12 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.
8 CVE-2000-0890 2001-02-16 2018-05-03
1.2
None Local High Not required None Partial None
periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack.
9 CVE-1999-1214 255 DoS 1997-09-15 2017-10-10
2.1
None Local Low Not required None None Partial
The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.
10 CVE-1999-0798 Overflow 1998-12-04 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.
11 CVE-1999-0782 1998-11-18 2016-10-18
2.1
None Local Low Not required None Partial None
KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.
12 CVE-1999-0781 Exec Code 1998-11-18 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.
13 CVE-1999-0780 1998-11-18 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.
14 CVE-1999-0628 1997-07-01 2008-09-09
5.0
None Remote Low Not required Partial None None
The rwho/rwhod service is running, which exposes machine status and user information.
15 CVE-1999-0299 Overflow 1997-03-05 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in FreeBSD lpd through long DNS hostnames.
16 CVE-1999-0085 Exec Code Overflow 1996-08-21 2018-05-03
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname.
17 CVE-1999-0078 Exec Code 1996-04-18 2018-10-30
1.9
None Local Medium Not required Partial None None
pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.
18 CVE-1999-0074 1997-07-01 2008-09-09
6.4
None Remote Low Not required Partial Partial None
Listening TCP ports are sequentially allocated, allowing spoofing attacks.
19 CVE-1999-0061 1997-10-02 2008-09-09
5.1
None Remote High Not required Partial Partial Partial
File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).
20 CVE-1999-0057 Exec Code 1998-11-16 2008-09-09
7.5
None Remote Low Not required Partial Partial Partial
Vacation program allows command execution by remote users through a sendmail command.
21 CVE-1999-0053 DoS 1998-10-13 2008-09-05
5.0
None Remote Low Not required None None Partial
TCP RST denial of service in FreeBSD.
22 CVE-1999-0037 Exec Code 1997-05-21 2008-09-09
7.5
None Remote Low Not required Partial Partial Partial
Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail.
Total number of vulnerabilities : 22   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.