Vulnerabilities > Freebsd > Freebsd > 7.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-05-28 | CVE-2010-1938 | Numeric Errors vulnerability in multiple products Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd. | 9.3 |
2010-01-15 | CVE-2010-0318 | Permissions, Privileges, and Access Controls vulnerability in Freebsd 7.1/7.2/8.0 The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, and 8.0, when creating files during replay of a setattr transaction, uses 7777 permissions instead of the original permissions, which might allow local users to read or modify unauthorized files in opportunistic circumstances after a system crash or power failure. | 6.9 |
2009-12-20 | CVE-2009-4358 | Permissions, Privileges, and Access Controls vulnerability in Freebsd freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation. | 4.7 |
2009-12-02 | CVE-2009-4147 | Permissions, Privileges, and Access Controls vulnerability in Freebsd 7.1/8.0 The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the (1) LD_LIBMAP, (2) LD_LIBRARY_PATH, (3) LD_LIBMAP_DISABLE, (4) LD_DEBUG, and (5) LD_ELF_HINTS_PATH environment variables, which allows local users to gain privileges by executing a setuid or setguid program with a modified variable containing an untrusted search path that points to a Trojan horse library, different vectors than CVE-2009-4146. | 7.2 |
2009-12-02 | CVE-2009-4146 | Permissions, Privileges, and Access Controls vulnerability in Freebsd 7.1/7.2/8.0 The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LD_PRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LD_PRELOAD variable containing an untrusted search path that points to a Trojan horse library, a different vector than CVE-2009-4147. | 7.2 |
2009-06-25 | CVE-2009-2208 | Permissions, Privileges, and Access Controls vulnerability in Freebsd FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on the SIOCSIFINFO_IN6 IOCTL, which allows local users to modify or disable IPv6 network interfaces, as demonstrated by modifying the MTU. | 3.6 |
2009-06-18 | CVE-2009-1935 | Numeric Errors vulnerability in Freebsd Integer overflow in the pipe_build_write_buffer function (sys/kern/sys_pipe.c) in the direct write optimization feature in the pipe implementation in FreeBSD 7.1 through 7.2 and 6.3 through 6.4 allows local users to bypass virtual-to-physical address lookups and read sensitive information in memory pages via unspecified vectors. | 4.9 |
2009-04-27 | CVE-2009-1436 | Improper Input Validation vulnerability in Freebsd The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file. | 4.9 |
2009-03-26 | CVE-2009-1041 | Buffer Errors vulnerability in Freebsd 7.0/7.1/7.2 The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 allows local users to overwrite arbitrary kernel memory via an out-of-bounds timer value. | 7.2 |
2009-02-20 | CVE-2009-0641 | Permissions, Privileges, and Access Controls vulnerability in Freebsd sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library. | 9.3 |