Vulnerabilities > Openbsd

DATE CVE VULNERABILITY TITLE RISK
2003-12-31 CVE-2003-1366 Information Exposure vulnerability in Openbsd
chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information.
3.3
2003-12-15 CVE-2003-0955 Local Malformed Binary Execution Denial of Service vulnerability in Openbsd 3.3/3.4
OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by (1) ibcs2_exec.c in the iBCS2 emulation (compat_ibcs2) or (2) exec_elf.c, which leads to a stack-based buffer overflow.
local
low complexity
openbsd
4.6
2003-11-17 CVE-2003-0804 The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests.
network
low complexity
apple freebsd openbsd
5.0
2003-11-17 CVE-2003-0787 Unspecified vulnerability in Openbsd Openssh 3.7.1/3.7.1P1
The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.
network
low complexity
openbsd
7.5
2003-11-17 CVE-2003-0786 Unspecified vulnerability in Openbsd Openssh 3.7.1/3.7.1P1
The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.
network
low complexity
openbsd
critical
10.0
2003-10-20 CVE-2003-0688 The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.
network
low complexity
redhat sendmail sgi compaq freebsd openbsd
5.0
2003-10-06 CVE-2003-0695 Unspecified vulnerability in Openbsd Openssh
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.
network
low complexity
openbsd
7.5
2003-10-06 CVE-2003-0682 Remote Security vulnerability in OpenSSH
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
network
low complexity
openbsd
7.5
2003-10-06 CVE-2003-0681 Buffer Overflow vulnerability in Sendmail Ruleset Parsing
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
network
low complexity
sendmail apple gentoo hp ibm netbsd openbsd turbolinux
7.5
2003-09-22 CVE-2003-0693 Unspecified vulnerability in Openbsd Openssh
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.
network
low complexity
openbsd
critical
10.0