| 8! | realpath() BSD and wu-ftpd / BSD FTP / SSH buffer overflow
updated since 01.08.2003
|
 | | off-by-one overflow in fb_realpath() function in oversized path of few FTP commands. |
| 6! | Multiple NetBSD security vulnerabilities
|
| | RNG generator non-random strem generation, DoS conditions. |
| | NetBSD mail weak permissions
|
| | Record file is created workd-readable if set record is present in .mailrc. |
| | NetBSD if_bridge information leak
|
| | ioctl call exposes content of uninitialized memory. |
| | BSD systems securelevel protection bypass
updated since 09.01.2006
|
| | By mounting different filesystem it's possible to mask file flagged 'immutable'. It's possible to rollback system tiime by setting it to maximum value. |
| 6! | Multiple NetBSD vulnerabilities
|
| | Integer overflow in FreeBSD compatibility subsystem, imake symbolic links problem, ptrace() privilege escalation. Known vulnerabilities in CVS, telnet, OpenSSL, ntpd are patched. |
| | NetBSD audio drivers ioctl DoS
|
| | Division by zero during ioctl() processing fo few audio cards types. |
| 6! | Multiple hardware platforms hyper threading technology systems information leak
updated since 13.05.2005
|
| | Unprivileged thread can read data from privileged thread memory from CPU cache memory. |
| 6! | NetBSD compat subsystems privilege escalation
|
| | Some emulated syscalls do insuficcient check for arguments. |
| | ISAKMPd/KAME/Racoon multiple bugs
updated since 05.11.2003
|
| | Multiple bugs in RFC 2407-2409 realization. |
| 6! | Heimdal ftpd/tnftpd/lukemftpd signal handling race conditions
updated since 19.08.2004
|
| | Problem with OOB data processing. |
| | NetBSD swapctl DoS |
| | | |
| 7! | TCP RST packets spoofing
updated since 21.04.2004
|
| | By sending spoofed RST it's possible to terminate established TCP connection. unlike TPC hijacking attacks there is no need for exact TCP sequence number, and number can be any number from handshaked TCP window. It significantly increases attack efficiency. In NetBSD sequence number for RST is not checked at all, it makes it possible to terminate session with single packet. |
| 7! | NetBSD systrace privilege escalation
updated since 11.05.2004
|
| | By using invalid handling of error condition it's possible to obtain superuser privileges. |
| | OpenSSL DoS
|
| | NULL pointer and uninitialized memory reference during SSL/TLS handshake. |
| 6! | BSD smat privilege escalation
|
| | It's possible to access unallocated page of phisical memory. |
| | Multiple NetBSD bugs
|
| | DoS, kernel memory reading. |
| | NetBSD OSI protocol DoS
|
| | Delivery error packet generation problem. |
| | NetBSD IPFilter FTP proxy protection bypass
|
| | It's possible to set TCP portmapping to client or server port behind firewall. |
| | NetBSD IPSec DoS
|
| | Short packet causes system to halt. |
| 7! | pic buffer overflow
|
| | buffer overflow in pic, remote if lpd is running. |
| 8! | Multiple bugs in NetBSD
|
| | Multiple vulnerabilities in different utilities were fixed. |
| | |
