Vulnerabilities > Freebsd > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-07-14 | CVE-2007-3644 | Remote vulnerability in Freebsd Libarchive 2.2.3 archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive. network freebsd | 4.3 |
| 2007-01-17 | CVE-2007-0267 | Resource Management Errors vulnerability in multiple products The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels allows local users to cause a denial of service (kernel panic) and possibly corrupt other filesystems by mounting a crafted UNIX File System (UFS) DMG image that contains a corrupted directory entry (struct direct), related to the ufs_dirbad function. | 6.6 |
| 2007-01-11 | CVE-2007-0166 | Local Symbolic Link vulnerability in FreeBSD Jail RC.D The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack. local freebsd | 6.6 |
| 2006-11-09 | CVE-2006-5824 | Denial-Of-Service vulnerability in Freebsd 6.1 Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows local users to cause a denial of service (kernel panic) and trigger a heap-based buffer overflow via a crafted UFS filesystem, a different vulnerability than CVE-2006-5679. | 4.9 |
| 2006-11-09 | CVE-2006-5680 | Remote Denial Of Service vulnerability in Freebsd 6 The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before 2006-11-08 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive that causes libarchive to skip a region past the actual end of the archive, which triggers an infinite loop that attempts to read more data. | 5.0 |
| 2006-11-03 | CVE-2006-5679 | Numeric Errors vulnerability in Freebsd 6.1 Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted UFS filesystem that causes invalid or large size parameters to be provided to the kmem_alloc function. | 4.6 |
| 2006-10-26 | CVE-2006-5550 | Local Denial of Service vulnerability in FreeBSD Crypto The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certain ioctl requests to /dev/crypto. | 4.9 |
| 2006-10-12 | CVE-2006-4516 | Local Denial of Service vulnerability in Freebsd 6.0 Integer signedness error in FreeBSD 6.0-RELEASE allows local users to cause a denial of service (memory corruption and kernel panic) via a PT_LWPINFO ptrace command with a large negative data value that satisfies a signed maximum value check but is used in an unsigned copyout function call. | 4.9 |
| 2006-09-26 | CVE-2006-4178 | Local Denial of Service vulnerability in FreeBSD I386_Set_LDT() Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) via unspecified arguments that use negative signed integers to cause the bzero function to be called with a large length parameter, a different vulnerability than CVE-2006-4172. | 4.9 |
| 2006-06-02 | CVE-2006-2655 | Unspecified vulnerability in Freebsd The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally disables access restrictions when using the /var/yp/securenets file, which allows remote attackers to bypass intended access restrictions. | 6.4 |