Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.
Max CVSS
3.7
EPSS Score
0.04%
Published
2002-12-31
Updated
2017-12-19
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.
Max CVSS
3.7
EPSS Score
0.13%
Published
2005-05-02
Updated
2017-10-11
The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs instance to a file in a different instance.
Max CVSS
3.7
EPSS Score
0.04%
Published
2013-09-23
Updated
2013-10-24
OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.
Max CVSS
3.6
EPSS Score
0.06%
Published
1999-08-03
Updated
2008-09-09
Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop.
Max CVSS
3.6
EPSS Score
0.06%
Published
2003-12-31
Updated
2018-10-19
Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk.
Max CVSS
3.6
EPSS Score
0.04%
Published
2004-08-18
Updated
2017-07-11
The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly validate a process argument vector, which allows local users to cause a denial of service (panic) or read portions of kernel memory. NOTE: this candidate might be SPLIT into 2 separate items in the future.
Max CVSS
3.6
EPSS Score
0.04%
Published
2005-01-10
Updated
2017-07-11
FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on the SIOCSIFINFO_IN6 IOCTL, which allows local users to modify or disable IPv6 network interfaces, as demonstrated by modifying the MTU.
Max CVSS
3.6
EPSS Score
0.04%
Published
2009-06-25
Updated
2017-08-17
jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U root" options are omitted, does not properly restrict access to the current working directory, which might allow local users to read, modify, or create arbitrary files via standard filesystem operations.
Max CVSS
3.3
EPSS Score
0.04%
Published
2010-05-28
Updated
2010-06-01
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information of the kernel stack of the thread is possible from the debugger. As a result, some bytes from the kernel stack of the thread using ptrace (PT_LWPINFO) call can be observed in userspace.
Max CVSS
3.3
EPSS Score
0.05%
Published
2017-11-16
Updated
2017-12-02
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace.
Max CVSS
3.3
EPSS Score
0.05%
Published
2017-11-16
Updated
2017-12-02
In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r354735, and 11.3-RELEASE before 11.3-RELEASE-p6, due to incorrect initialization of a stack data structure, core dump files may contain up to 20 bytes of kernel data previously stored on the stack.
Max CVSS
3.3
EPSS Score
0.04%
Published
2020-02-18
Updated
2020-03-04
12 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!