Openbsd: >> Openbsd Security Vulnerabilities
Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is not a vulnerability
CVSS Score
4.4
EPSS Score
0.002
Published
2006-12-08
The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges.
CVSS Score
7.2
EPSS Score
0.0
Published
2006-11-29
The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certain ioctl requests to /dev/crypto.
CVSS Score
4.9
EPSS Score
0.002
Published
2006-10-26
Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in systrace in OpenBSD 3.9 and NetBSD 3 allows local users to cause a denial of service (crash), gain privileges, or read arbitrary kernel memory via large numeric arguments to the systrace ioctl.
CVSS Score
4.6
EPSS Score
0.001
Published
2006-10-10
OpenBSD 3.8, 3.9, and possibly earlier versions allows context-dependent attackers to cause a denial of service (kernel panic) by allocating more semaphores than the default.
CVSS Score
4.9
EPSS Score
0.001
Published
2006-08-29
isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates Security Associations (SA) with a replay window of size 0 when isakmpd acts as a responder during SA negotiation, which allows remote attackers to replay IPSec packets and bypass the replay protection.
CVSS Score
5.0
EPSS Score
0.007
Published
2006-08-29
Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver.
CVSS Score
10.0
EPSS Score
0.052
Published
2006-08-24
The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3.8 allows local users to re-open arbitrary files by using setuid programs to access file descriptors using /dev/fd/.
CVSS Score
4.6
EPSS Score
0.001
Published
2006-01-06
The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running.
CVSS Score
4.3
EPSS Score
0.001
Published
2005-12-31
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.
CVSS Score
5.0
EPSS Score
0.815
Published
2005-05-31