This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Netbsd First view 2001-07-07
Product Netbsd Last view 2020-02-20
Version 1.5.1 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:netbsd:netbsd

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2020-02-20 CVE-2012-5365

The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.

7.5 2020-02-20 CVE-2012-5363

The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393.

9.8 2017-06-19 CVE-2017-1000378

The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects NetBSD 7.1 and possibly earlier versions.

9.8 2017-06-19 CVE-2017-1000375

NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions.

9.8 2017-06-19 CVE-2017-1000374

A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. This affects NetBSD 7.1 and possibly earlier versions.

7.2 2012-06-12 CVE-2012-0217

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.

3.3 2011-05-23 CVE-2011-1920

The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk.

4.9 2010-09-29 CVE-2010-2530

Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call.

4.6 2009-09-18 CVE-2009-2793

The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits.

7.1 2008-10-20 CVE-2008-4609

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

2.6 2006-10-10 CVE-2006-5215

The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.

2.1 2004-12-16 CVE-2004-1323

Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow local users to cause a denial of service (kernel crash) via a large signal number to (1) xxx_sys_kill, (2) xxx_sys_sigaction, and possibly other translation functions.

5 2004-08-18 CVE-2004-0230

TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.

7.5 2003-10-20 CVE-2003-0730

Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks.

10 2003-10-06 CVE-2003-0694

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

7.5 2003-10-06 CVE-2003-0681

A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.

5 2003-08-27 CVE-2003-0653

The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier does not use a BSD-required "PKTHDR" mbuf when sending certain error responses to the sender of an OSI packet, which allows remote attackers to cause a denial of service (kernel panic or crash) via certain OSI packets.

10 2003-08-27 CVE-2003-0466

Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.

4.6 2003-04-22 CVE-2002-1476

Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh.

7.2 2003-04-02 CVE-2002-1500

Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD 1.4.x through 1.6 allows local users to gain privileges by executing the programs after filling the file descriptor tables, which produces file descriptors larger than FD_SETSIZE, which are not checked by FD_SET().

2.1 2003-04-02 CVE-2002-1490

NetBSD 1.4 through 1.6 beta allows local users to cause a denial of service (kernel panic) via a series of calls to the TIOCSCTTY ioctl, which causes an integer overflow in a structure counter and sets the counter to zero, which frees memory that is still in use by other processes.

4.6 2003-03-31 CVE-2002-1543

Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users to gain privileges via long keyboard input.

4.6 2003-03-18 CVE-2003-0102

Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).

10 2003-03-07 CVE-2002-1337

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

5 2003-01-17 CVE-2003-0001

Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.

CWE : Common Weakness Enumeration

%idName
30% (3) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
20% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
10% (1) CWE-264 Permissions, Privileges, and Access Controls
10% (1) CWE-200 Information Exposure
10% (1) CWE-189 Numeric Errors
10% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')
10% (1) CWE-16 Configuration

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-25 Forced Deadlock
CAPEC-42 MIME Conversion
CAPEC-44 Overflow Binary Resource File
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-67 String Format Overflow in syslog()
CAPEC-92 Forced Integer Overflow
CAPEC-100 Overflow Buffers
CAPEC-123 Buffer Attacks

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
74934 KAME IPSEC Implementations Spoofed ESP Packet DoS
73859 pmake Make Include Files /tmp/_depend* Temporary File Symlink Arbitrary File ...
68291 NetBSD Kernel netsmb Module smb_subr.c /dev/nsmb IOCTL Operation Integer Sign...
62144 F5 Multiple Products TCP/IP Implementation Queue Connection Saturation TCP St...
61133 Citrix Multiple Products TCP/IP Implementation Queue Connection Saturation TC...
59910 SuSE Linux tip acculog File Lock Local DoS
59909 Multiple BSD tip acculog File Lock Local DoS
59482 Blue Coat Multiple Products TCP/IP Implementation Queue Connection Saturation...
58614 McAfee Email and Web Security Appliance TCP/IP Implementation Queue Connectio...
58321 Check Point Multiple Products TCP/IP Implementation Queue Connection Saturati...
58198 NetBSD x86 IRET Instruction Pre-Commit Failure Local Privilege Escalation
58189 Yamaha RT Series Routers TCP/IP Implementation Queue Connection Saturation TC...
57993 Solaris TCP/IP Implementation Queue Connection Saturation TCP State Table Rem...
57795 Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State...
57794 Multiple BSD TCP/IP Implementation Queue Connection Saturation TCP State Tabl...
57793 Multiple Linux TCP/IP Implementation Queue Connection Saturation TCP State Ta...
50286 Cisco TCP/IP Implementation Queue Connection Saturation TCP State Table Remot...
29579 Multiple Vendor X Display Manager Xsession Script Symlink Arbitrary File Over...
20409 NetBSD compat Translation Function Local DoS
19475 Multiple BSD exec Race Condition Process Debugger Privilege Escalation
13619 SCO UnixWare / OpenServer TCP RST Injection DoS
10385 Multiple TCP Implementation Mismatched MSS DoS
10249 XFree Font Libraries Multiple Unspecified Local Overflows
9305 Sendmail Consortium smrsh Special Character Restriction Bypass
7570 NetBSD trek Keyboard Input Overflow

ExploitDB Exploits

id Description
26076 Cisco ASA < 8.4.4.6|8.2.5.32 Ethernet Information Leak
22131 Linux Kernel 2.0.x/2.2.x/2.4.x,FreeBSD 4.x Network Device Driver Frame Paddin...
3555 Ethernet Device Drivers Frame Padding - Info Leakage Exploit (Etherleak)

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-18 Name : Fedora Update for xen FEDORA-2012-19828
File : nvt/gb_fedora_2012_19828_xen_fc16.nasl
2012-12-14 Name : Fedora Update for xen FEDORA-2012-19717
File : nvt/gb_fedora_2012_19717_xen_fc17.nasl
2012-12-13 Name : SuSE Update for xen openSUSE-SU-2012:0886-1 (xen)
File : nvt/gb_suse_2012_0886_1.nasl
2012-11-23 Name : Fedora Update for xen FEDORA-2012-18242
File : nvt/gb_fedora_2012_18242_xen_fc17.nasl
2012-11-23 Name : Fedora Update for xen FEDORA-2012-18249
File : nvt/gb_fedora_2012_18249_xen_fc16.nasl
2012-11-15 Name : Fedora Update for xen FEDORA-2012-17408
File : nvt/gb_fedora_2012_17408_xen_fc16.nasl
2012-11-15 Name : Fedora Update for xen FEDORA-2012-17204
File : nvt/gb_fedora_2012_17204_xen_fc17.nasl
2012-09-22 Name : Fedora Update for xen FEDORA-2012-13434
File : nvt/gb_fedora_2012_13434_xen_fc17.nasl
2012-09-22 Name : Fedora Update for xen FEDORA-2012-13443
File : nvt/gb_fedora_2012_13443_xen_fc16.nasl
2012-08-30 Name : Fedora Update for xen FEDORA-2012-11755
File : nvt/gb_fedora_2012_11755_xen_fc17.nasl
2012-08-30 Name : Fedora Update for xen FEDORA-2012-11182
File : nvt/gb_fedora_2012_11182_xen_fc17.nasl
2012-08-30 Name : Fedora Update for xen FEDORA-2012-9386
File : nvt/gb_fedora_2012_9386_xen_fc17.nasl
2012-08-24 Name : Fedora Update for xen FEDORA-2012-11785
File : nvt/gb_fedora_2012_11785_xen_fc16.nasl
2012-08-10 Name : Debian Security Advisory DSA 2508-1 (kfreebsd-8)
File : nvt/deb_2508_1.nasl
2012-08-10 Name : FreeBSD Ports: FreeBSD
File : nvt/freebsd_FreeBSD16.nasl
2012-08-10 Name : Debian Security Advisory DSA 2501-1 (xen)
File : nvt/deb_2501_1.nasl
2012-08-06 Name : Fedora Update for xen FEDORA-2012-11190
File : nvt/gb_fedora_2012_11190_xen_fc16.nasl
2012-07-30 Name : CentOS Update for kernel CESA-2012:0721 centos5
File : nvt/gb_CESA-2012_0721_kernel_centos5.nasl
2012-06-28 Name : Fedora Update for xen FEDORA-2012-9399
File : nvt/gb_fedora_2012_9399_xen_fc16.nasl
2012-06-28 Name : Fedora Update for xen FEDORA-2012-9430
File : nvt/gb_fedora_2012_9430_xen_fc15.nasl
2012-06-15 Name : RedHat Update for kernel RHSA-2012:0721-01
File : nvt/gb_RHSA-2012_0721-01_kernel.nasl
2012-06-13 Name : Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167)
File : nvt/secpod_ms12-042.nasl
2012-03-01 Name : TCP Sequence Number Approximation Reset Denial of Service Vulnerability
File : nvt/secpod_tcp_sequence_approx_dos_vuln.nasl
2011-11-21 Name : Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerab...
File : nvt/secpod_ms_windows_ip_validation_code_exec_vuln.nasl
2009-09-10 Name : Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723)
File : nvt/secpod_ms09-048.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2012-A-0136 Multiple Vulnerabilities in Juniper Network Management Products
Severity: Category I - VMSKEY: V0033662

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 RCPT TO overflow
RuleID : 654-community - Type : SERVER-MAIL - Revision : 28
2014-01-10 RCPT TO overflow
RuleID : 654 - Type : SERVER-MAIL - Revision : 28
2014-01-10 BGP spoofed connection reset attempt
RuleID : 2523-community - Type : SERVER-OTHER - Revision : 15
2014-01-10 BGP spoofed connection reset attempt
RuleID : 2523 - Type : SERVER-OTHER - Revision : 15
2014-01-10 RETR overflow attempt
RuleID : 2392-community - Type : PROTOCOL-FTP - Revision : 22
2014-01-10 RETR overflow attempt
RuleID : 2392 - Type : PROTOCOL-FTP - Revision : 22
2014-01-10 APPE overflow attempt
RuleID : 2391-community - Type : PROTOCOL-FTP - Revision : 17
2014-01-10 APPE overflow attempt
RuleID : 2391 - Type : PROTOCOL-FTP - Revision : 17
2014-01-10 STOU overflow attempt
RuleID : 2390-community - Type : PROTOCOL-FTP - Revision : 12
2014-01-10 STOU overflow attempt
RuleID : 2390 - Type : PROTOCOL-FTP - Revision : 12
2014-01-10 RNTO overflow attempt
RuleID : 2389-community - Type : PROTOCOL-FTP - Revision : 21
2014-01-10 RNTO overflow attempt
RuleID : 2389 - Type : PROTOCOL-FTP - Revision : 21
2014-01-10 Sendmail RCPT TO prescan too long addresses overflow
RuleID : 2270-community - Type : SERVER-MAIL - Revision : 18
2014-01-10 Sendmail RCPT TO prescan too long addresses overflow
RuleID : 2270 - Type : SERVER-MAIL - Revision : 18
2014-01-10 Sendmail RCPT TO prescan too many addresses overflow
RuleID : 2269-community - Type : SERVER-MAIL - Revision : 15
2014-01-10 Sendmail RCPT TO prescan too many addresses overflow
RuleID : 2269 - Type : SERVER-MAIL - Revision : 15
2014-01-10 Sendmail MAIL FROM prescan too many addresses overflow
RuleID : 2267-community - Type : SERVER-MAIL - Revision : 15
2014-01-10 Sendmail MAIL FROM prescan too many addresses overflow
RuleID : 2267 - Type : SERVER-MAIL - Revision : 15
2014-01-10 Sendmail SOML FROM prescan too many addresses overflow
RuleID : 2265-community - Type : SERVER-MAIL - Revision : 14
2014-01-10 Sendmail SOML FROM prescan too many addresses overflow
RuleID : 2265 - Type : SERVER-MAIL - Revision : 14
2014-01-10 Sendmail SAML FROM prescan too many addresses overflow
RuleID : 2263-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SAML FROM prescan too many addresses overflow
RuleID : 2263 - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SEND FROM prescan too many addresses overflow
RuleID : 2261-community - Type : SERVER-MAIL - Revision : 16
2014-01-10 Sendmail SEND FROM prescan too many addresses overflow
RuleID : 2261 - Type : SERVER-MAIL - Revision : 16
2014-01-10 VRFY overflow attempt
RuleID : 2260-community - Type : SERVER-MAIL - Revision : 17

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-02-21 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-0494-1.nasl - Type: ACT_GATHER_INFO
2017-02-10 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-0437-1.nasl - Type: ACT_GATHER_INFO
2017-01-31 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-0333-1.nasl - Type: ACT_GATHER_INFO
2017-01-20 Name: The remote device is affected by a memory disclosure vulnerability.
File: juniper_jsa10773.nasl - Type: ACT_GATHER_INFO
2016-08-12 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_729c4a9f600711e6a6c314dae9d210b8.nasl - Type: ACT_GATHER_INFO
2015-01-23 Name: The remote Solaris system is missing a security patch from CPU jan2015.
File: solaris_jan2015_SRU11_1_11_4_0.nasl - Type: ACT_GATHER_INFO
2015-01-23 Name: The remote Solaris system is missing a security patch from CPU jan2015.
File: solaris_jan2015_SRU11_1_15_4_0.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2012-0020.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2012-0021.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2012-0022.nasl - Type: ACT_GATHER_INFO
2014-10-10 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL10509.nasl - Type: ACT_GATHER_INFO
2014-07-26 Name: The remote Solaris system is missing a security patch from CPU oct2012.
File: solaris_oct2012_SRU10_5.nasl - Type: ACT_GATHER_INFO
2014-07-15 Name: The remote device is missing a vendor-supplied security patch.
File: juniper_jsa10638.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-403.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-404.nasl - Type: ACT_GATHER_INFO
2013-11-22 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2013-271.nasl - Type: ACT_GATHER_INFO
2013-10-29 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201310-17.nasl - Type: ACT_GATHER_INFO
2013-09-28 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201309-24.nasl - Type: ACT_GATHER_INFO
2013-09-15 Name: The remote host is missing Sun Security Patch number 125907-02
File: solaris10_x86_125907.nasl - Type: ACT_GATHER_INFO
2013-09-13 Name: The remote host is affected by multiple vulnerabilities.
File: juniper_nsm_2012_1.nasl - Type: ACT_GATHER_INFO
2013-07-16 Name: The remote device is missing a vendor-supplied security patch.
File: juniper_jsa10579.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2012-0721-1.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2012-0721.nasl - Type: ACT_GATHER_INFO
2013-01-25 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_xen-201206-120606.nasl - Type: ACT_GATHER_INFO
2013-01-24 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2012-0720.nasl - Type: ACT_GATHER_INFO