Searching netbsd software vulnerabilities

Format string vulnerabilities in eeprom program

vulnerabilities | privileges | operating | attackers | possibly | OpenBSD | systems | program | allows | string | Format | NetBSD | eeprom | other | local | root | gain |

Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges.


The (1) dump and (2) dump_lfs commands in NetBS


The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable.


Multiple buffer overflows in rogue on NetBSD 1.

privileges | malformed | operating | overflows | possibly | Multiple | systems | "games" | entries | earlier | FreeBSD | allows | NetBSD | buffer | users | rogue | local | other | group | save | game | gain | file | via |

Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD 4.6, and possibly other operating systems, allows local users to gain "games" group privileges via malformed entries in a game save file.


Buffer overflow in talkd on NetBSD 1.6 and earl

arbitrary | attackers | operating | possibly | overflow | message | inbound | execute | systems | earlier | NetBSD | Buffer | remote | other | talkd | allow | long | code | may | via |

Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other operating systems, may allow remote attackers to execute arbitrary code via a long inbound message.


Race condition in exec in OpenBSD 4.0 and earli

condition | OpenBSD | earlier | NetBSD | Race | exec |

Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.


Multiple buffer overflows in NetBSD kernel may

privileges | arbitrary | overflows | Multiple | execute | buffer | NetBSD | kernel | users | allow | local | gain | code | may |

Multiple buffer overflows in NetBSD kernel may allow local users to execute arbitrary code and gain privileges.


imake in NetBSD before 2.0.3, NetBSD-current be

before | NetBSD | imake |

imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, certain versions of X.Org, and certain versions of XFree86 allows local users to overwrite arbitrary files via a symlink attack on the temporary file for the file.0 target, which is used for a pre-formatted manual page.


NetBSD 2.0 before 20050316 and NetBSD-current b

before | NetBSD |

NetBSD 2.0 before Wednesday, March 16, 2005 and NetBSD-current before Wednesday, January 12, 2005 allow local users to cause a denial of service (infinite loop and system hang) by calling the F_CLOSEM fcntl with a parameter value of 0.


verifiedexecioctl in verified_exec.c in NetBSD

verifiedexecioctl | verified_execc | NetBSD |

verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with UIO_USERSPACE rather than UID_SYSSPACE, which removes the functionality of the verified exec kernel subsystem and might allow local users to execute Trojan horse programs.


kernfs_xread in kernfs_vnops.c in NetBSD before

kernfs_vnopsc | kernfs_xread | before | NetBSD |

kernfs_xread in kernfs_vnops.c in NetBSD before Wednesday, August 31, 2005 does not check for a negative offset when reading the message buffer, which allows local users to read arbitrary kernel memory.


NetBSD 1.6 up to 3.0, when a user has "set reco

default | record" | creates | record | mailrc | NetBSD | umask | user | "set | file | has | set |

NetBSD 1.6 up to 3.0, when a user has "set record" in .mailrc with the default umask set, creates the record file with 0644 permissions, which allows local users to read the record file.


Buffer overflow in the glob implementation (glo

implementation | overflow | Buffer | glob |

Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before Wednesday, September 14, 2005, NetBSD 2.* and 3.* before Sunday, December 03, 2006, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion.


The accept function in NetBSD-current before 20

NetBSD-current | function | before | accept |

The accept function in NetBSD-current before Monday, October 23, 2006, NetBSD 3.0 and 3.0.1 before Tuesday, October 24, 2006, and NetBSD 2.x before Sunday, October 29, 2006 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka "a dangling socket").


The sendmsg function in NetBSD-current before 2

NetBSD-current | function | sendmsg | before |

The sendmsg function in NetBSD-current before Monday, October 23, 2006, NetBSD 3.0 and 3.0.1 before Tuesday, October 24, 2006, and NetBSD 2.x before Sunday, October 29, 2006, when run on a 64-bit architecture, allows attackers to cause a denial of service (kernel panic) via an invalid msg_controllen parameter to the sendit function.


The procfs implementation in NetBSD-current bef

NetBSD-current | implementation | before | procfs |

The procfs implementation in NetBSD-current before Monday, October 23, 2006, NetBSD 3.0 and 3.0.1 before Tuesday, October 24, 2006, and NetBSD 2.x before Sunday, October 29, 2006 allows local users to cause a denial of service (kernel panic) by attempting to access /emul/linux/proc/0/stat on a procfs filesystem that was mounted with mount_procfs -o linux, which results in a NULL pointer dereference.


Unspecified vulnerability in ptrace in NetBSD-c

NetBSD-current | vulnerability | Unspecified | before | ptrace |

Unspecified vulnerability in ptrace in NetBSD-current before Friday, October 27, 2006, NetBSD 3.0 and 3.0.1 before Friday, October 27, 2006, and NetBSD 2.x before Sunday, November 19, 2006 allows local users to read kernel memory and obtain sensitive information via certain manipulations of a PT_LWPINFO request, which leads to a memory leak and information leak.


The if_clone_list function in NetBSD-current be

NetBSD-current | if_clone_list | function | before |

The if_clone_list function in NetBSD-current before Friday, October 27, 2006, NetBSD 3.0 and 3.0.1 before Friday, October 27, 2006, and NetBSD 2.x before Sunday, November 19, 2006 allows local users to read potentially sensitive, uninitialized stack memory via unspecified vectors.


Integer overflow in the ktruser function in Net

NetBSD-current | function | overflow | Integer | ktruser | before |

Integer overflow in the ktruser function in NetBSD-current before Sunday, October 22, 2006, NetBSD 3 aand 3-0 before Tuesday, October 24, 2006, and NetBSD 2 before Friday, February 09, 2007, when the kernel is built with the COMPAT_FREEBSD or COMPAT_DARWIN option, allows local users to cause a denial of service and possibly gain privileges.


Multiple buffer overflows in the ISO network pr

NetBSD-current | overflows | protocol | 40_BETA2 | Multiple | through | support | network | before | buffer | kernel | NetBSD | ISO |

Multiple buffer overflows in the ISO network protocol support in the NetBSD kernel 2.0 through 4.0_BETA2, and NetBSD-current before Thursday, March 29, 2007, allow local users to execute arbitrary code via long parameters to certain functions, as demonstrated by a long sockaddr structure argument to the clnp_route function.


The display driver allocattr functions in NetBS

NetBSD-current | functions | allocattr | 40_BETA2 | through | display | before | driver | NetBSD |

The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2, and NetBSD-current before Saturday, July 28, 2007, allow local users to cause a denial of service (panic) via a (1) negative or (2) large value in an ioctl call, as demonstrated by the vga_allocattr function.


Software vulnerabilities results 1 to 20 of 53     
Page: 123