The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk.
Max CVSS
3.3
EPSS Score
0.04%
Published
2011-05-23
Updated
2017-08-17
The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2, and NetBSD-current before 20070728, allow local users to cause a denial of service (panic) via a (1) negative or (2) large value in an ioctl call, as demonstrated by the vga_allocattr function.
Max CVSS
2.1
EPSS Score
0.04%
Published
2007-09-17
Updated
2017-07-29
The if_clone_list function in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read potentially sensitive, uninitialized stack memory via unspecified vectors.
Max CVSS
2.1
EPSS Score
0.04%
Published
2006-12-20
Updated
2008-09-05
Unspecified vulnerability in ptrace in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read kernel memory and obtain sensitive information via certain manipulations of a PT_LWPINFO request, which leads to a memory leak and information leak.
Max CVSS
2.1
EPSS Score
0.04%
Published
2006-12-20
Updated
2008-09-05
Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. NOTE: this issue has been labeled as an integer overflow, but it is more like an integer signedness error.
Max CVSS
2.1
EPSS Score
0.06%
Published
2006-11-21
Updated
2018-10-17
The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.
Max CVSS
2.6
EPSS Score
0.04%
Published
2006-10-10
Updated
2018-10-30
The audio_write function in NetBSD 3.0 allows local users to cause a denial of service (kernel crash) by using the audiosetinfo ioctl to change the sample rate of an audio device.
Max CVSS
2.1
EPSS Score
0.04%
Published
2006-05-05
Updated
2013-09-05
Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the presence of the pchb interface, which will cause it to always generate the same random number, which allows remote attackers to more easily crack encryption keys generated from the interface.
Max CVSS
2.6
EPSS Score
0.91%
Published
2006-04-19
Updated
2017-07-20
NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a denial of service (memory exhaustion) by using the sysctl system call to lock a large buffer into physical memory.
Max CVSS
2.1
EPSS Score
0.06%
Published
2006-04-18
Updated
2017-07-20
The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory.
Max CVSS
2.1
EPSS Score
0.04%
Published
2006-04-03
Updated
2017-07-20
NetBSD 1.6 up to 3.0, when a user has "set record" in .mailrc with the default umask set, creates the record file with 0644 permissions, which allows local users to read the record file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2006-04-03
Updated
2017-07-20
kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not check for a negative offset when reading the message buffer, which allows local users to read arbitrary kernel memory.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-12-31
Updated
2008-09-05
verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with UIO_USERSPACE rather than UID_SYSSPACE, which removes the functionality of the verified exec kernel subsystem and might allow local users to execute Trojan horse programs.
Max CVSS
3.6
EPSS Score
0.04%
Published
2005-12-31
Updated
2008-09-05
imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, certain versions of X.Org, and certain versions of XFree86 allows local users to overwrite arbitrary files via a symlink attack on the temporary file for the file.0 target, which is used for a pre-formatted manual page.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-12-31
Updated
2008-09-05
The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap."
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-12-31
Updated
2018-10-19
The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow local users to cause a denial of service (kernel crash) by using the set-parameters ioctl on an audio device to change the block size and set the pause state to "unpaused" in the same ioctl, which causes a divide-by-zero error.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-07-05
Updated
2008-09-10
Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow local users to cause a denial of service (kernel crash) via a large signal number to (1) xxx_sys_kill, (2) xxx_sys_sigaction, and possibly other translation functions.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-12-16
Updated
2017-07-11
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.
Max CVSS
3.7
EPSS Score
0.04%
Published
2002-12-31
Updated
2017-12-19
NetBSD 1.4 through 1.6 beta allows local users to cause a denial of service (kernel panic) via a series of calls to the TIOCSCTTY ioctl, which causes an integer overflow in a structure counter and sets the counter to zero, which frees memory that is still in use by other processes.
Max CVSS
2.1
EPSS Score
0.04%
Published
2003-04-02
Updated
2008-09-05
sendmsg function in NetBSD 1.3 through 1.5 allows local users to cause a denial of service (kernel trap or panic) via a msghdr structure with a large msg_controllen length.
Max CVSS
2.1
EPSS Score
0.04%
Published
2001-07-24
Updated
2017-10-10
FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers.
Max CVSS
2.1
EPSS Score
0.07%
Published
1999-09-05
Updated
2017-10-10
ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot and does not chroot the specified users, which allows those users to access other files outside of their home directory.
Max CVSS
2.1
EPSS Score
0.05%
Published
2000-05-28
Updated
2008-09-10
The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.
Max CVSS
2.1
EPSS Score
0.04%
Published
2000-05-29
Updated
2008-09-10
NetBSD 1.4.2 and earlier allows local users to cause a denial of service by repeatedly running certain system calls in the kernel which do not yield the CPU, aka "cpu-hog".
Max CVSS
2.1
EPSS Score
0.04%
Published
2000-05-28
Updated
2008-09-10
The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail.
Max CVSS
2.1
EPSS Score
0.04%
Published
1998-07-03
Updated
2016-10-18
29 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!