Vulnerabilities > Netbsd

DATE CVE VULNERABILITY TITLE RISK
2008-10-03 CVE-2008-2476 Improper Input Validation vulnerability in multiple products
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).
9.3
2008-09-25 CVE-2008-4247 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
network
low complexity
freebsd netbsd openbsd CWE-352
7.5
2008-09-11 CVE-2008-3584 Improper Input Validation vulnerability in Netbsd 3.0/3.1/4.0
NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not properly check the length of a PPPoE packet tag, which allows remote attackers to cause a denial of service (system crash) via a crafted PPPoE packet.
network
netbsd CWE-20
critical
9.3
2008-03-27 CVE-2008-1391 Numeric Errors vulnerability in multiple products
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.
network
low complexity
freebsd netbsd CWE-189
7.5
2008-03-13 CVE-2008-1335 Unspecified vulnerability in Netbsd and Netbsd Current
The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 and NetBSD-current before 20071028, when the fast_ipsec subsystem is enabled, allows remote attackers to bypass the IPsec policy by sending packets from a source machine with a different endianness than the destination machine, a different vulnerability than CVE-2006-0905.
network
netbsd
critical
9.3
2008-03-09 CVE-2008-1215 Permissions, Privileges, and Access Controls vulnerability in multiple products
Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via long commands containing "~" characters.
local
low complexity
freebsd netbsd openbsd CWE-264
4.6
2008-03-04 CVE-2008-1148 A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. 6.8
2008-03-04 CVE-2008-1146 A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. 6.8
2007-09-17 CVE-2007-3654 Improper Input Validation vulnerability in Netbsd
The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2, and NetBSD-current before 20070728, allow local users to cause a denial of service (panic) via a (1) negative or (2) large value in an ioctl call, as demonstrated by the vga_allocattr function.
local
low complexity
netbsd CWE-20
2.1
2007-08-13 CVE-2007-4305 System Call Wrappers Concurrency vulnerability in Systrace
Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.
local
high complexity
netbsd openbsd sysjail systrace todd-miller
6.2