4 matches found
Design/Logic Flaw
The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values...
CVE-2006-4178
Integer signedness error in the i386setldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service crash via unspecified arguments that use negative signed integers to cause the bzero function to be called with a large length parameter, a...
CVE-2006-4172
Integer overflow vulnerability in the i386setldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-4178...
CVE-2006-4178
CVE-2006-4178 is a local denial-of-service vulnerability in FreeBSD’s i386_set_ldt implementation. The issue arises from signedness in the i386_ldt handling: user-controlled start and num are added into a signed i, and if i becomes negative, bzero is invoked with a very large length, allowing a k...