Openbsd Security Vulnerabilities
ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.
9.2AI Score
0.004EPSS
A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service.
7AI Score
0.002EPSS
7AI Score
0.04EPSS
6.9AI Score
0.038EPSS
7AI Score
0.001EPSS
7.2AI Score
0.001EPSS
7AI Score
0.002EPSS
The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.
6.7AI Score
0.0004EPSS
OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.
6.9AI Score
0.001EPSS
Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir() function.
7.3AI Score
0.0004EPSS
6.7AI Score
0.012EPSS
The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.
6.6AI Score
0.0004EPSS
The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service.
6.6AI Score
0.0004EPSS
IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets.
6.9AI Score
0.003EPSS
cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron's fake popen function.
7AI Score
0.0004EPSS
Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations.
6.6AI Score
0.0004EPSS
FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers.
7.1AI Score
0.001EPSS
Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name.
8.2AI Score
0.009EPSS
mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.
7.8AI Score
0.092EPSS
OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests.
7AI Score
0.012EPSS
The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of service.
7AI Score
0.008EPSS
Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.
6.9AI Score
0.0004EPSS
Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable.
7AI Score
0.0004EPSS
Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name.
7.2AI Score
0.001EPSS
Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell.
7.1AI Score
0.001EPSS
Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges.
7.3AI Score
0.001EPSS
Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters.
7.5AI Score
0.001EPSS
Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters.
7.6AI Score
0.005EPSS
Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call.
6.5AI Score
0.001EPSS
One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges.
7.4AI Score
0.026EPSS
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.
7.7AI Score
0.019EPSS
The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target t...
7AI Score
0.001EPSS
Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option.
8.5AI Score
0.005EPSS
readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files.
6.3AI Score
0.0004EPSS
IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port.
6.9AI Score
0.026EPSS
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
7.4AI Score
0.009EPSS
Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.
7.8AI Score
0.199EPSS
Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor t...
6.6AI Score
0.0004EPSS
fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories...
6.8AI Score
0.001EPSS
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network tra...
7.1AI Score
0.012EPSS
vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes.
6.8AI Score
0.0004EPSS
The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference.
5.5CVSS
6.5AI Score
0.001EPSS
The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address.
7.1AI Score
0.002EPSS
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
9.8CVSS
9.9AI Score
0.85EPSS
KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets.
6.9AI Score
0.004EPSS
PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL.
7AI Score
0.003EPSS
mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron.
7AI Score
0.0004EPSS
Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an incorrect call to auth_approval().
7.2AI Score
0.007EPSS
FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to ...
6AI Score
0.0004EPSS
ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges.
6.5AI Score
0.001EPSS