Openbsd Security Vulnerabilities

CVE-2001-0554

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv...

CVE-2001-1047

Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor.....

CVE-2001-0378

readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history...

CVE-2001-0402

IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted...

CVE-2001-0247

Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and...

CVE-2001-0284

Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4...

CVE-2001-0268

The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target.....

CVE-2000-0310

IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented...

CVE-2000-0313

Vulnerability in OpenBSD 2.6 allows a local user to change interface media...

CVE-2001-0053

One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root...

CVE-2000-0309

The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of...

CVE-2000-0312

cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron's fake popen...

CVE-2000-1010

Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format...

CVE-2000-0993

Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or...

CVE-2000-1004

Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting...

CVE-2000-0995

Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed...

CVE-2000-0996

Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed...

CVE-2000-0914

OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP...

CVE-2000-0962

The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of...

CVE-2000-0994

Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental...

CVE-2000-0997

Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root...

CVE-2000-0750

Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file...

CVE-2000-0751

mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary...

CVE-2000-0489

FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large...

CVE-2000-0092

The BSD make program allows local users to modify files via a symlink attack when the -j option is being...

CVE-1999-0727

A kernel leak in the OpenBSD kernel allows IPsec packets to be sent...

CVE-1999-0001

ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted...

CVE-1999-0724

Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir()...

CVE-1999-0703

OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block...

CVE-1999-0674

The BSD profil system call allows a local user to modify the internal data space of a program via profiling and...

CVE-1999-0485

Remote attackers can cause a system crash through ipintr() in ipq in...

CVE-1999-0482

OpenBSD kernel crash through TSS handling, as caused by the crashme...

CVE-1999-0481

Denial of service in "poll" in...

CVE-1999-0484

Buffer overflow in OpenBSD...

CVE-1999-0396

A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of...

CVE-1999-0483

OpenBSD crash using nlink value in FFS and EXT2FS...