netbsd current software vulnerabilities

Searching netbsd current software vulnerabilities

Format string vulnerabilities in eeprom program

Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges.

book.cgi in NetCode NC Book 0.2b allows remote

book.cgi in NetCode NC Book 0.2b allows remote attackers to execute arbitrary commands via shell metacharacters in the "current" parameter.

The Microsoft Java implementation, as used in I

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to determine the current directory of the Internet Explorer process via the getAbsolutePath() method in a File() call.

Multiple buffer overflows in NetBSD kernel may

Multiple buffer overflows in NetBSD kernel may allow local users to execute arbitrary code and gain privileges.

The systrace_exit function in the systrace util

The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.

imake in NetBSD before 2.0.3, NetBSD-current be

before | NetBSD | imake |

imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, certain versions of X.Org, and certain versions of XFree86 allows local users to overwrite arbitrary files via a symlink attack on the temporary file for the file.0 target, which is used for a pre-formatted manual page.

NetBSD 2.0 before 20050316 and NetBSD-current b

before | NetBSD |

NetBSD 2.0 before Wednesday, March 16, 2005 and NetBSD-current before Wednesday, January 12, 2005 allow local users to cause a denial of service (infinite loop and system hang) by calling the F_CLOSEM fcntl with a parameter value of 0.

Integer overflow in the FreeBSD compatibility c

Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, NetBSD-2.0, and NetBSD-2 before Tuesday, September 13, 2005; and NetBSD-1.6 before Wednesday, September 14, 2005; allows local users to cause a denial of service (heap corruption or system crash) and possibly gain root privileges.

The kernel in NetBSD-current before September 2

NetBSD-current | September | before | kernel |

The kernel in NetBSD-current before September 28, 2005 allows local users to cause a denial of service (system crash) by using the SIOCGIFALIAS ioctl to gather information on a non-existent alias of a network interface, which causes a NULL pointer dereference.

Integer signedness error in the fw_ioctl (FW_IO

signedness | fw_ioctl | Integer | error |

Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before Wednesday, November 15, 2006, NetBSD-current before Thursday, November 16, 2006, NetBSD-4 before Sunday, December 03, 2006, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. NOTE: this issue has been labeled as an integer overflow, but it is more like an integer signedness error.

The NetBSD-current kernel before 20061028 does

NetBSD-current | before | kernel |

The NetBSD-current kernel before Saturday, October 28, 2006 does not properly perform bounds checking of an unspecified userspace parameter in the ptrace system call during a PT_DUMPCORE request, which allows local users to have an unknown impact.

Buffer overflow in the glob implementation (glo

implementation | overflow | Buffer | glob |

Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before Wednesday, September 14, 2005, NetBSD 2.* and 3.* before Sunday, December 03, 2006, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion.

The accept function in NetBSD-current before 20

NetBSD-current | function | before | accept |

The accept function in NetBSD-current before Monday, October 23, 2006, NetBSD 3.0 and 3.0.1 before Tuesday, October 24, 2006, and NetBSD 2.x before Sunday, October 29, 2006 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka "a dangling socket").

The sendmsg function in NetBSD-current before 2

NetBSD-current | function | sendmsg | before |

The sendmsg function in NetBSD-current before Monday, October 23, 2006, NetBSD 3.0 and 3.0.1 before Tuesday, October 24, 2006, and NetBSD 2.x before Sunday, October 29, 2006, when run on a 64-bit architecture, allows attackers to cause a denial of service (kernel panic) via an invalid msg_controllen parameter to the sendit function.

The procfs implementation in NetBSD-current bef

NetBSD-current | implementation | before | procfs |

The procfs implementation in NetBSD-current before Monday, October 23, 2006, NetBSD 3.0 and 3.0.1 before Tuesday, October 24, 2006, and NetBSD 2.x before Sunday, October 29, 2006 allows local users to cause a denial of service (kernel panic) by attempting to access /emul/linux/proc/0/stat on a procfs filesystem that was mounted with mount_procfs -o linux, which results in a NULL pointer dereference.

Unspecified vulnerability in ptrace in NetBSD-c

Unspecified vulnerability in ptrace in NetBSD-current before Friday, October 27, 2006, NetBSD 3.0 and 3.0.1 before Friday, October 27, 2006, and NetBSD 2.x before Sunday, November 19, 2006 allows local users to read kernel memory and obtain sensitive information via certain manipulations of a PT_LWPINFO request, which leads to a memory leak and information leak.

The if_clone_list function in NetBSD-current be

NetBSD-current | if_clone_list | function | before |

The if_clone_list function in NetBSD-current before Friday, October 27, 2006, NetBSD 3.0 and 3.0.1 before Friday, October 27, 2006, and NetBSD 2.x before Sunday, November 19, 2006 allows local users to read potentially sensitive, uninitialized stack memory via unspecified vectors.

Integer overflow in the ktruser function in Net

Integer overflow in the ktruser function in NetBSD-current before Sunday, October 22, 2006, NetBSD 3 aand 3-0 before Tuesday, October 24, 2006, and NetBSD 2 before Friday, February 09, 2007, when the kernel is built with the COMPAT_FREEBSD or COMPAT_DARWIN option, allows local users to cause a denial of service and possibly gain privileges.

Multiple buffer overflows in the ISO network pr

Multiple buffer overflows in the ISO network protocol support in the NetBSD kernel 2.0 through 4.0_BETA2, and NetBSD-current before Thursday, March 29, 2007, allow local users to execute arbitrary code via long parameters to certain functions, as demonstrated by a long sockaddr structure argument to the clnp_route function.

The display driver allocattr functions in NetBS

The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2, and NetBSD-current before Saturday, July 28, 2007, allow local users to cause a denial of service (panic) via a (1) negative or (2) large value in an ioctl call, as demonstrated by the vga_allocattr function.

Software vulnerabilities results 1 to 20 of 104

Page: 12 3 4 5 6 ►

netbsd current software vulnerabilities

vulnerabilities.aspcode.net

Searching netbsd current software vulnerabilities