Freebsd: >> Freebsd >> 5.4 Security Vulnerabilities
The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels.
CVSS Score
2.1
EPSS Score
0.001
Published
2006-04-20
opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd.
CVSS Score
7.2
EPSS Score
0.001
Published
2006-03-23
A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks.
CVSS Score
7.5
EPSS Score
0.012
Published
2006-03-23
OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.
CVSS Score
5.0
EPSS Score
0.018
Published
2006-03-07
Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not properly handle an incoming selective acknowledgement when there is insufficient memory, which might allow remote attackers to cause a denial of service (infinite loop).
CVSS Score
5.0
EPSS Score
0.014
Published
2006-02-02
FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a buffer before making it available to userland, which could allow local users to read portions of kernel memory.
CVSS Score
2.1
EPSS Score
0.001
Published
2006-01-25
A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel to calculate an incorrect buffer length, which causes more data to be copied to userland than intended, which could allow local users to read portions of kernel memory.
CVSS Score
2.1
EPSS Score
0.001
Published
2006-01-25
A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a 'scrub fragment crop' or 'scrub fragment drop-ovl' rule is being used, allows remote attackers to cause a denial of service (crash) via crafted packets that cause a packet fragment to be inserted twice.
CVSS Score
5.0
EPSS Score
0.051
Published
2006-01-25
The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell.
CVSS Score
2.1
EPSS Score
0.001
Published
2006-01-11
The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used for authentication without other encryption, uses a constant key instead of the one that was assigned by the system administrator, which can allow remote attackers to spoof packets to establish an IPsec session.
CVSS Score
5.0
EPSS Score
0.004
Published
2005-08-05