Openbsd: >> Openbsd Security Vulnerabilities
It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service.
CVSS Score
7.5
EPSS Score
0.012
Published
2021-06-22
An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration.
CVSS Score
5.3
EPSS Score
0.016
Published
2021-05-11
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-07-28
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.
CVSS Score
7.5
EPSS Score
0.208
Published
2020-02-12
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.
CVSS Score
7.8
EPSS Score
0.107
Published
2019-12-12
A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.
CVSS Score
7.4
EPSS Score
0.001
Published
2019-12-11
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
CVSS Score
9.8
EPSS Score
0.009
Published
2019-12-10
In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-12-05
xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.
CVSS Score
7.8
EPSS Score
0.022
Published
2019-12-05
libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login/login.c and xenocara/app/xenodm/greeter/verify.c).
CVSS Score
9.8
EPSS Score
0.008
Published
2019-12-05