NetBSD SHA2实现存在缓冲区溢出漏洞

Bugraq ID: 35853 NetBSD是一款基于BSD的操作系统。 NetBSD SHA2实现存在边界错误，本地攻击者可以利用漏洞触发缓冲区溢出，可能以应用程序权限执行任意指令。 程序使用sys/sha2.h中的SHA2实现，链接libcrypto库可被4或者8个字节的固定内容溢出。溢出发生于HASH INIT函数调用过程中如SHA256Init，init函数传递错误的上下文大小作为memset参数，可在之后的拷贝过程中覆盖缓冲区之后的4 字节内容。 NetBSD NetBSD 4.0.2 NetBSD NetBSD 4.0.1 NetBSD NetBSD 5.0 NetBSD...

CVE-2009-2482

The pamunix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group...

CVE-2009-2482

The pamunix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 before 5.0.1 allows local users to change the current root password if it is already known, even when they are not in the wheel group...

CVE-2009-2483

libprop/propobject.c in proplib in NetBSD 4.0 and 4.0.1 allows local users to cause a denial of service NULL pointer dereference and kernel panic via a malformed externalized plist XML form containing an undefined element...

CVE-2009-2483

The CVE-2009-2483 entry affects NetBSD 4.0 and 4.0.1 via libprop/prop_object.c in proplib. A local attacker can trigger a denial of service by supplying a malformed externalized plist (XML form) containing an undefined element, causing a NULL pointer dereference and kernel panic. The connected do...

CVE-2008-4247

ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery CSRF attacks and execute arbitrary FTP commands via a long ftp:// URI...

Denial of service

The mldinput function in sys/netinet6/mld6.c in the kernel in NetBSD 4.0, FreeBSD, and KAME, when INET6 is enabled, allows remote attackers to cause a denial of service divide-by-zero error and panic via a malformed ICMPv6 Multicast Listener Discovery MLD query with a certain Maximum Response Del...

CVE-2008-2464

The mldinput function in sys/netinet6/mld6.c in the kernel in NetBSD 4.0, FreeBSD, and KAME, when INET6 is enabled, allows remote attackers to cause a denial of service divide-by-zero error and panic via a malformed ICMPv6 Multicast Listener Discovery MLD query with a certain Maximum Response Del...

NetBSD PPPoE发现脚本远程拒绝服务漏洞

BUGTRAQ ID:30838 CNCAN ID：CNCAN-2008082706 NetBSD是一款基于BSD的操作系统。 NetBSD包含的pppoe4代码处理恶意报文存在问题，远程攻击者可以利用漏洞触发内核访问越界内容而导致内核崩溃，造成拒绝服务攻击。 在客户端和访问集中器之间的会话连接之前，处理PPPoE连接的早期状态的关键代码存在问题。在"discovery"阶段的报文由多个可变长度"tags"装载同一个PPPoE报文中，每个标签将被检查，而且针对全部报文大小的长度进行了验证。不过在长度检查过程中存在一个缺陷，允许把下一个TAG的指针越界移动到报文后最多4字节的位置。...

多个BSD平台'strfmon()'函数整数溢出漏洞

BUGTRAQ ID: 28479 CVE ID:CVE-2008-1391 CNCVE ID:CNCVE-20081391 多个BSD平台'strfmon'函数处理存在整数溢出，可能以受影响应用程序上下文执行任意代码。失败的尝试可导致拒绝服务。 问题代码类似如下： include monetary.h ssizet strfmonchar restrict s, sizet maxsize, const char restrict format, ...; - --- 1. /usr/src/lib/libc/stdlib/strfmon.c -整数溢出...