Openbsd

Openbsd

201 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.31%
  • Veröffentlicht 31.12.2002 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:00:38

Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.

Exploit
  • EPSS 0.61%
  • Veröffentlicht 31.12.2002 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:00:47

The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error.

  • EPSS 0.32%
  • Veröffentlicht 31.12.2002 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:00:48

OpenBSD before 3.2 allows local users to cause a denial of service (kernel crash) via a call to getrlimit(2) with invalid arguments, possibly due to an integer signedness error.

  • EPSS 1.23%
  • Veröffentlicht 31.12.2002 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:00:52

isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and in OpenBSD 3.1, allows remote attackers to cause a denial of service (crash) by sending Internet Key Exchange (IKE) payloads out of sequence.

  • EPSS 0.28%
  • Veröffentlicht 31.12.2002 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:01:00

syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server.

  • EPSS 2.78%
  • Veröffentlicht 23.12.2002 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:59:08

Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.

  • EPSS 12.32%
  • Veröffentlicht 29.11.2002 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:58:57

Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).

  • EPSS 9.6%
  • Veröffentlicht 29.11.2002 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:58:57

BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.

  • EPSS 7.57%
  • Veröffentlicht 29.11.2002 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:58:57

BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.

  • EPSS 0.37%
  • Veröffentlicht 12.08.2002 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:53:23

Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call.