Vulnerabilities > Freebsd > Freebsd > 4.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-31 | CVE-2002-2092 | Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid. | 3.7 |
| 2002-12-31 | CVE-2002-1915 | Improper Locking vulnerability in multiple products tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file. | 5.5 |
| 2002-12-31 | CVE-2002-1674 | Unspecified vulnerability in Freebsd procfs on FreeBSD before 4.5 allows local users to cause a denial of service (kernel panic) by removing a file that the fstatfs function refers to. | 1.2 |
| 2002-12-31 | CVE-2002-1669 | Unspecified vulnerability in Freebsd 4.2/4.3/4.4 pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation. | 2.1 |
| 2002-09-24 | CVE-2002-1125 | Unspecified vulnerability in Freebsd FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory. | 2.1 |
| 2002-09-24 | CVE-2002-0973 | Buffer Overflow vulnerability in FreeBSD System Call Signed Integer Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl. | 4.6 |
| 2002-08-12 | CVE-2002-0754 | Privilege Escalation vulnerability in Kerberos 5 su Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them. | 7.2 |
| 2002-08-12 | CVE-2002-0414 | KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets. | 7.5 |
| 2002-08-12 | CVE-2002-0391 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. | 9.8 |
| 2002-06-25 | CVE-2002-0381 | The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address. | 5.0 |