Vulnerabilities > Freebsd
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-06-25 | CVE-2009-2208 | Permissions, Privileges, and Access Controls vulnerability in Freebsd FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on the SIOCSIFINFO_IN6 IOCTL, which allows local users to modify or disable IPv6 network interfaces, as demonstrated by modifying the MTU. | 3.6 |
2009-06-18 | CVE-2009-1935 | Numeric Errors vulnerability in Freebsd Integer overflow in the pipe_build_write_buffer function (sys/kern/sys_pipe.c) in the direct write optimization feature in the pipe implementation in FreeBSD 7.1 through 7.2 and 6.3 through 6.4 allows local users to bypass virtual-to-physical address lookups and read sensitive information in memory pages via unspecified vectors. | 4.9 |
2009-04-27 | CVE-2009-1436 | Improper Input Validation vulnerability in Freebsd The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file. | 4.9 |
2009-03-26 | CVE-2009-1041 | Buffer Errors vulnerability in Freebsd 7.0/7.1/7.2 The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 allows local users to overwrite arbitrary kernel memory via an out-of-bounds timer value. | 7.2 |
2009-02-20 | CVE-2009-0641 | Permissions, Privileges, and Access Controls vulnerability in Freebsd sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library. | 9.3 |
2009-02-16 | CVE-2009-0601 | USE of Externally-Controlled Format String vulnerability in Wireshark Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. | 2.1 |
2008-12-26 | CVE-2008-5736 | Permissions, Privileges, and Access Controls vulnerability in Freebsd Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, 6.3 before 6.3-RELEASE-p7, 6.4 before 6.4-RELEASE-p1, 7.0 before 7.0-RELEASE-p7, 7.1 before 7.1-RC2, and 7 before 7.1-PRERELEASE allow local users to gain privileges via unknown attack vectors related to function pointers that are "not properly initialized" for (1) netgraph sockets and (2) bluetooth sockets. | 7.2 |
2008-11-26 | CVE-2008-5162 | Use of Insufficiently Random Values vulnerability in Freebsd The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator. | 7.0 |
2008-11-18 | CVE-2008-5142 | Link Following vulnerability in Freebsd Freebsd-Sendpr 3.113+5.3 sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pr.##### temporary file. | 6.9 |
2008-10-03 | CVE-2008-2476 | Improper Input Validation vulnerability in multiple products The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB). | 9.3 |