The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address.
CVSS Score
7.2
EPSS Score
0.001
Published
2001-05-03
traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero.
CVSS Score
5.0
EPSS Score
0.003
Published
2001-03-12
traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks.
CVSS Score
5.0
EPSS Score
0.004
Published
2001-03-12
KTH Kerberos IV allows local users to change the configuration of a Kerberos server running at an elevated privilege by specifying an alternate directory using with the KRBCONFDIR environmental variable, which allows the user to gain additional privileges.
CVSS Score
7.2
EPSS Score
0.001
Published
2001-02-16
One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges.
CVSS Score
10.0
EPSS Score
0.156
Published
2001-02-12
Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.
CVSS Score
7.2
EPSS Score
0.002
Published
2000-12-19
Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges.
CVSS Score
7.2
EPSS Score
0.001
Published
2000-12-19
Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name.
CVSS Score
7.5
EPSS Score
0.017
Published
2000-10-20
mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.
CVSS Score
7.5
EPSS Score
0.177
Published
2000-10-20
The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.
CVSS Score
2.1
EPSS Score
0.001
Published
2000-05-29