Vulnerabilities > Freebsd
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2002-12-31 | CVE-2002-1669 | Unspecified vulnerability in Freebsd 4.2/4.3/4.4 pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation. | 2.1 |
2002-12-31 | CVE-2002-1667 | Denial-Of-Service vulnerability in Freebsd 4.5 The virtual memory management system in FreeBSD 4.5-RELEASE and earlier does not properly check the existence of a VM object during page invalidation, which allows local users to cause a denial of service (crash) by calling msync on an unaccessed memory map created with MAP_ANON and MAP_NOSYNC flags. | 2.1 |
2002-11-29 | CVE-2002-1221 | Denial Of Service vulnerability in ISC BIND 8 Invalid Expiry Time BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference. | 5.0 |
2002-11-29 | CVE-2002-1220 | Denial of Service vulnerability in ISC BIND OPT Record Large UDP BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size. | 5.0 |
2002-11-29 | CVE-2002-1219 | Buffer Overflow vulnerability in ISC BIND SIG Cached Resource Record Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR). | 7.5 |
2002-11-04 | CVE-2002-0666 | Denial of Service vulnerability in Multiple Vendor IPSec Implementation IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors. | 5.0 |
2002-09-24 | CVE-2002-1125 | Unspecified vulnerability in Freebsd FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory. | 2.1 |
2002-09-24 | CVE-2002-0973 | Buffer Overflow vulnerability in FreeBSD System Call Signed Integer Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl. | 4.6 |
2002-08-12 | CVE-2002-0831 | Denial Of Service vulnerability in FreeBSD kqueue Kernel Panic The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end. | 2.1 |
2002-08-12 | CVE-2002-0830 | Denial Of Service vulnerability in Multiple Vendor BSD NFS Zero-Length RPC Message Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, NetBSD 1.5.3 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service (hang) via an RPC message with a zero length payload, which causes NFS to reference a previous payload and enter an infinite loop. | 5.0 |