Vulnerabilities > Freebsd

DATE CVE VULNERABILITY TITLE RISK
2008-09-25 CVE-2008-4247 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
network
low complexity
freebsd netbsd openbsd CWE-352
7.5
2008-09-05 CVE-2008-3890 Permissions, Privileges, and Access Controls vulnerability in Freebsd 6.3/7.0
The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an extra swapgs call after a General Protection Fault (GPF), which allows local users to gain privileges by triggering a GPF during the kernel's return from (1) an interrupt, (2) a trap, or (3) a system call.
local
low complexity
freebsd amd CWE-264
7.2
2008-09-05 CVE-2008-3531 Buffer Errors vulnerability in Freebsd 7.0/7.1
Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in FreeBSD 7.0 and 7.1, when vfs.usermount is enabled, allows local users to gain privileges via a crafted (1) mount or (2) nmount system call, related to copying of "user defined data" in "certain error conditions."
6.9
2008-09-05 CVE-2008-3530 Improper Input Validation vulnerability in Freebsd 6.3/7.0/7.1
sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD 3.0 through 4.0, and possibly other operating systems does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message, which allows remote attackers to cause a denial of service (panic) via a crafted Packet Too Big Message.
network
freebsd CWE-20
7.1
2008-06-24 CVE-2008-2427 Buffer Errors vulnerability in Pagesperso-Orange GFL Sdk, Nconvert and Xnview
Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file.
9.3
2008-03-27 CVE-2008-1391 Numeric Errors vulnerability in multiple products
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.
network
low complexity
freebsd netbsd CWE-189
7.5
2008-03-09 CVE-2008-1215 Permissions, Privileges, and Access Controls vulnerability in multiple products
Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via long commands containing "~" characters.
local
low complexity
freebsd netbsd openbsd CWE-264
4.6
2008-03-04 CVE-2008-1148 A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. 6.8
2008-03-04 CVE-2008-1146 A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. 6.8
2008-02-15 CVE-2008-0777 Permissions, Privileges, and Access Controls vulnerability in Freebsd
The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files.
local
low complexity
freebsd CWE-264
4.9