FreeBSD
by FreeBSD
Source repositories
CVEs (510)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-2019 | 0.00 | — | 0.01 | Jul 5, 2005 | ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) or Uni Processor (UP) systems with the PREEMPTION kernel option enabled, does not sufficiently lock certain resources while performing table lookups, which can cause the cache results to be corrupted during… | |||
| CVE-2005-1400 | 0.00 | — | 0.00 | May 6, 2005 | The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values. | |||
| CVE-2005-1399 | 0.00 | — | 0.00 | May 6, 2005 | FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver. | |||
| CVE-2005-1406 | 0.00 | — | 0.00 | May 6, 2005 | The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory. | |||
| CVE-2005-0708 | 0.00 | — | 0.02 | May 2, 2005 | The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information. | |||
| CVE-2005-0988 | 0.00 | — | 0.01 | May 2, 2005 | Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is… | |||
| CVE-2005-1126 | 0.00 | — | 0.00 | Apr 15, 2005 | The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before using it, which allows local users to obtain portions of sensitive kernel memory. | |||
| CVE-2005-0610 | 0.00 | — | 0.00 | Apr 12, 2005 | Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a… | |||
| CVE-2004-1066 | 0.00 | — | 0.00 | Jan 10, 2005 | The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly validate a process argument vector, which allows local users to cause a denial of service (panic) or read portions of kernel memory. NOTE: this… | |||
| CVE-2004-0919 | 0.00 | — | 0.00 | Dec 31, 2004 | The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to read arbitrary kernel memory via (1) negative coordinates or (2) large coordinates. | |||
| CVE-2004-0602 | 0.00 | — | 0.00 | Dec 6, 2004 | The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local users to access kernel memory to gain privileges or cause a system panic. | |||
| CVE-2004-0435 | 0.00 | — | 0.00 | Aug 18, 2004 | Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being… | |||
| CVE-2004-0125 | 0.00 | — | 0.00 | Aug 6, 2004 | The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verify that an attempt to manipulate routing tables originated from a non-jailed process, which could allow local users to modify the routing table. | |||
| CVE-2004-0370 | 0.00 | — | 0.00 | May 4, 2004 | The setsockopt call in the KAME Project IPv6 implementation, as used in FreeBSD 5.2, does not properly handle certain IPv6 socket options, which could allow attackers to read kernel memory and cause a system panic. | |||
| CVE-2004-0126 | 0.00 | — | 0.00 | Mar 29, 2004 | The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn't have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail. | |||
| CVE-2004-0171 | 0.00 | — | 0.03 | Mar 15, 2004 | FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections. | |||
| CVE-2004-0099 | 0.00 | — | 0.00 | Mar 3, 2004 | mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when creating a snapshot for a file system, which causes default values for other flags to be used, possibly disabling security-critical settings and allowing a local user to bypass intended access restrictions. | |||
| CVE-2004-0002 | 0.00 | — | 0.02 | Mar 3, 2004 | The TCP MSS (maximum segment size) functionality in netinet allows remote attackers to cause a denial of service (resource exhaustion) via (1) a low MTU, which causes a large number of small packets to be produced, or (2) via a large number of packets with a small TCP payload,… | |||
| CVE-2003-1234 | 0.00 | — | 0.00 | Dec 31, 2003 | Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to… | |||
| CVE-2003-1230 | 0.00 | — | 0.01 | Dec 31, 2003 | The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through 5.0-RELEASE-p3 uses only 32-bit internal keys when generating syncookies, which makes it easier for remote attackers to conduct brute force ISN guessing attacks and spoof legitimate traffic. |
- CVE-2005-2019Jul 5, 2005risk 0.00cvss —epss 0.01
ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) or Uni Processor (UP) systems with the PREEMPTION kernel option enabled, does not sufficiently lock certain resources while performing table lookups, which can cause the cache results to be corrupted during…
- CVE-2005-1400May 6, 2005risk 0.00cvss —epss 0.00
The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values.
- CVE-2005-1399May 6, 2005risk 0.00cvss —epss 0.00
FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver.
- CVE-2005-1406May 6, 2005risk 0.00cvss —epss 0.00
The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory.
- CVE-2005-0708May 2, 2005risk 0.00cvss —epss 0.02
The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information.
- CVE-2005-0988May 2, 2005risk 0.00cvss —epss 0.01
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is…
- CVE-2005-1126Apr 15, 2005risk 0.00cvss —epss 0.00
The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before using it, which allows local users to obtain portions of sensitive kernel memory.
- CVE-2005-0610Apr 12, 2005risk 0.00cvss —epss 0.00
Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a…
- CVE-2004-1066Jan 10, 2005risk 0.00cvss —epss 0.00
The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly validate a process argument vector, which allows local users to cause a denial of service (panic) or read portions of kernel memory. NOTE: this…
- CVE-2004-0919Dec 31, 2004risk 0.00cvss —epss 0.00
The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to read arbitrary kernel memory via (1) negative coordinates or (2) large coordinates.
- CVE-2004-0602Dec 6, 2004risk 0.00cvss —epss 0.00
The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local users to access kernel memory to gain privileges or cause a system panic.
- CVE-2004-0435Aug 18, 2004risk 0.00cvss —epss 0.00
Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being…
- CVE-2004-0125Aug 6, 2004risk 0.00cvss —epss 0.00
The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verify that an attempt to manipulate routing tables originated from a non-jailed process, which could allow local users to modify the routing table.
- CVE-2004-0370May 4, 2004risk 0.00cvss —epss 0.00
The setsockopt call in the KAME Project IPv6 implementation, as used in FreeBSD 5.2, does not properly handle certain IPv6 socket options, which could allow attackers to read kernel memory and cause a system panic.
- CVE-2004-0126Mar 29, 2004risk 0.00cvss —epss 0.00
The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn't have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail.
- CVE-2004-0171Mar 15, 2004risk 0.00cvss —epss 0.03
FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections.
- CVE-2004-0099Mar 3, 2004risk 0.00cvss —epss 0.00
mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when creating a snapshot for a file system, which causes default values for other flags to be used, possibly disabling security-critical settings and allowing a local user to bypass intended access restrictions.
- CVE-2004-0002Mar 3, 2004risk 0.00cvss —epss 0.02
The TCP MSS (maximum segment size) functionality in netinet allows remote attackers to cause a denial of service (resource exhaustion) via (1) a low MTU, which causes a large number of small packets to be produced, or (2) via a large number of packets with a small TCP payload,…
- CVE-2003-1234Dec 31, 2003risk 0.00cvss —epss 0.00
Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to…
- CVE-2003-1230Dec 31, 2003risk 0.00cvss —epss 0.01
The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through 5.0-RELEASE-p3 uses only 32-bit internal keys when generating syncookies, which makes it easier for remote attackers to conduct brute force ISN guessing attacks and spoof legitimate traffic.
Page 20 of 26