The open() function in FreeBSD allows local attackers to write to arbitrary files.
Max CVSS
2.1
EPSS Score
0.06%
Published
1997-10-29
Updated
2008-09-09
KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.
Max CVSS
2.1
EPSS Score
0.04%
Published
1998-11-18
Updated
2016-10-18
FreeBSD gdc program allows local users to modify files via a symlink attack.
Max CVSS
2.1
EPSS Score
0.04%
Published
1999-12-01
Updated
2008-09-09
FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files.
Max CVSS
2.1
EPSS Score
0.04%
Published
1999-09-22
Updated
2008-09-09
The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.
Max CVSS
2.1
EPSS Score
0.04%
Published
1997-09-15
Updated
2017-10-10
Vulnerability in union file system in FreeBSD 2.2 and earlier, and possibly other operating systems, allows local users to cause a denial of service (system reload) via a series of certain mount_union commands.
Max CVSS
2.1
EPSS Score
0.04%
Published
1996-05-17
Updated
2008-09-10
The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.
Max CVSS
2.1
EPSS Score
0.04%
Published
1997-05-17
Updated
2018-10-30
FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes.
Max CVSS
2.1
EPSS Score
0.06%
Published
1999-09-02
Updated
2008-09-05
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
Max CVSS
2.1
EPSS Score
0.05%
Published
1996-07-16
Updated
2017-10-19
The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files.
Max CVSS
2.1
EPSS Score
0.06%
Published
2001-03-12
Updated
2008-09-10
The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.
Max CVSS
2.1
EPSS Score
0.04%
Published
2000-05-29
Updated
2008-09-10
FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers.
Max CVSS
2.1
EPSS Score
0.07%
Published
1999-09-05
Updated
2017-10-10
FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header.
Max CVSS
2.1
EPSS Score
0.04%
Published
2000-10-20
Updated
2017-10-10
procfs in FreeBSD and possibly other operating systems allows local users to cause a denial of service by calling mmap on the process' own mem file, which causes the kernel to hang.
Max CVSS
2.1
EPSS Score
0.04%
Published
2001-02-12
Updated
2017-10-10
sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly impacts security-sensitive scripts.
Max CVSS
2.1
EPSS Score
0.05%
Published
2001-06-02
Updated
2017-10-10
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2001-09-20
Updated
2017-10-10
ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges.
Max CVSS
2.1
EPSS Score
0.06%
Published
2002-07-23
Updated
2016-10-18
The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2002-08-12
Updated
2008-09-05
The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end.
Max CVSS
2.1
EPSS Score
0.04%
Published
2002-08-12
Updated
2016-10-18
FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory.
Max CVSS
2.1
EPSS Score
0.04%
Published
2002-09-24
Updated
2016-10-18
The virtual memory management system in FreeBSD 4.5-RELEASE and earlier does not properly check the existence of a VM object during page invalidation, which allows local users to cause a denial of service (crash) by calling msync on an unaccessed memory map created with MAP_ANON and MAP_NOSYNC flags.
Max CVSS
2.1
EPSS Score
0.04%
Published
2002-12-31
Updated
2017-07-11
pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation.
Max CVSS
2.1
EPSS Score
0.04%
Published
2002-12-31
Updated
2017-07-11
The setsockopt call in the KAME Project IPv6 implementation, as used in FreeBSD 5.2, does not properly handle certain IPv6 socket options, which could allow attackers to read kernel memory and cause a system panic.
Max CVSS
2.1
EPSS Score
0.06%
Published
2004-05-04
Updated
2017-07-11
The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local users to access kernel memory to gain privileges or cause a system panic.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-12-06
Updated
2017-07-11
FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service (crash) via an execve system call with an unaligned memory address as an argument.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-12-06
Updated
2017-07-11
40 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!