Freebsd: >> Freebsd >> 4.1.1 Security Vulnerabilities
TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.
CVSS Score
9.8
EPSS Score
0.005
Published
2001-08-23
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
CVSS Score
10.0
EPSS Score
0.274
Published
2001-08-14
rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service via malformed packets with a short length.
CVSS Score
5.0
EPSS Score
0.007
Published
2001-06-27
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.
CVSS Score
10.0
EPSS Score
0.352
Published
2001-06-18
Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information.
CVSS Score
6.2
EPSS Score
0.001
Published
2001-06-18
sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly impacts security-sensitive scripts.
CVSS Score
2.1
EPSS Score
0.001
Published
2001-06-02
inetd ident server in FreeBSD 4.x and earlier does not properly set group permissions, which allows remote attackers to read the first 16 bytes of files that are accessible by the wheel group.
CVSS Score
5.0
EPSS Score
0.007
Published
2001-05-03
ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to bypass access restrictions by setting the ECE flag in a TCP packet, which makes the packet appear to be part of an established connection.
CVSS Score
7.5
EPSS Score
0.089
Published
2001-03-26
procfs in FreeBSD and possibly other operating systems does not properly restrict access to per-process mem and ctl files, which allows local users to gain root privileges by forking a child process and executing a privileged process from the child, while the parent retains access to the child's address space.
CVSS Score
7.2
EPSS Score
0.0
Published
2001-02-12
procfs in FreeBSD and possibly other operating systems allows local users to cause a denial of service by calling mmap on the process' own mem file, which causes the kernel to hang.
CVSS Score
2.1
EPSS Score
0.001
Published
2001-02-12