Openbsd: >> Openbsd >> 3.2 Security Vulnerabilities
OpenBSD before 20070116 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via certain IPv6 ICMP (aka ICMP6) echo request packets.
CVSS Score
5.0
EPSS Score
0.018
Published
2007-01-18
OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local users with root privileges to reduce securelevel by replacing the System Management Mode (SMM) handler via a write to an SMRAM address within /dev/xf86 (aka the video card memory-mapped I/O range), and then launching the new handler via a System Management Interrupt (SMI), as demonstrated by a write to Programmed I/O port 0xB2.
CVSS Score
6.6
EPSS Score
0.0
Published
2006-12-26
Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is not a vulnerability
CVSS Score
4.4
EPSS Score
0.001
Published
2006-12-08
The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running.
CVSS Score
4.3
EPSS Score
0.001
Published
2005-12-31
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.
CVSS Score
5.0
EPSS Score
0.86
Published
2005-05-31
The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout.
CVSS Score
5.0
EPSS Score
0.009
Published
2005-01-13
PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces.
CVSS Score
7.5
EPSS Score
0.004
Published
2004-12-31
login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.
CVSS Score
7.5
EPSS Score
0.012
Published
2004-12-31
OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port.
CVSS Score
5.0
EPSS Score
0.02
Published
2004-11-23
The bridge functionality in OpenBSD 3.4 and 3.5, when running a gateway configured as a bridging firewall with the link2 option for IPSec enabled, allows remote attackers to cause a denial of service (crash) via an ICMP echo (ping) packet.
CVSS Score
5.0
EPSS Score
0.007
Published
2004-08-25