Freebsd

Freebsd

503 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.7

CVE-2009-4358

  • EPSS 0.05%
  • Published 20.12.2009 02:30:00
  • Last modified 09.04.2025 00:30:58

freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) f...

7.2

CVE-2009-4147

Exploit
  • EPSS 12.58%
  • Published 02.12.2009 19:30:00
  • Last modified 09.04.2025 00:30:58

The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the (1) LD_LIBMAP, (2) LD_LIBRARY_PATH, (3) LD_LIBMAP_DISABLE, (4) LD_DEBUG, and (5) LD_ELF_HINTS_PATH environment variables, which...

7.2

CVE-2009-4146

Exploit
  • EPSS 18.17%
  • Published 02.12.2009 18:30:00
  • Last modified 09.04.2025 00:30:58

The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LD_PRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program wit...

6.9

CVE-2009-3527

Exploit
  • EPSS 0.07%
  • Published 06.10.2009 22:30:00
  • Last modified 09.04.2025 00:30:58

Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 allows local users to cause a denial of service (crash) or gain privileges via vectors related to kqueues, which triggers a use after free, leading to a NULL pointer dereference o...

4.7

CVE-2009-2649

  • EPSS 0.09%
  • Published 30.07.2009 19:30:00
  • Last modified 09.04.2025 00:30:58

The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev is available, allows local users to cause a denial of service (kernel panic) via a certain IOCTL request with a large count, which triggers a malloc call with a large value.

6.8

CVE-2009-0689

Exploit
  • EPSS 41.05%
  • Published 01.07.2009 13:00:01
  • Last modified 09.04.2025 00:30:58

Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD...

3.6

CVE-2009-2208

  • EPSS 0.04%
  • Published 25.06.2009 02:00:00
  • Last modified 09.04.2025 00:30:58

FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on the SIOCSIFINFO_IN6 IOCTL, which allows local users to modify or disable IPv6 network interfaces, as demonstrated by modifying the MTU.

4.9

CVE-2009-1935

Exploit
  • EPSS 0.07%
  • Published 18.06.2009 18:30:00
  • Last modified 09.04.2025 00:30:58

Integer overflow in the pipe_build_write_buffer function (sys/kern/sys_pipe.c) in the direct write optimization feature in the pipe implementation in FreeBSD 7.1 through 7.2 and 6.3 through 6.4 allows local users to bypass virtual-to-physical address...

4.9

CVE-2009-1436

Exploit
  • EPSS 0.19%
  • Published 27.04.2009 18:00:00
  • Last modified 09.04.2025 00:30:58

The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file.

7.2

CVE-2009-1041

Exploit
  • EPSS 0.09%
  • Published 26.03.2009 05:51:47
  • Last modified 09.04.2025 00:30:58

The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 allows local users to overwrite arbitrary kernel memory via an out-of-bounds timer value.