This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Openbsd First view 1997-08-24
Product Openbsd Last view 2020-07-28
Version * Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:openbsd:openbsd

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
9.8 2020-07-28 CVE-2020-16088

iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches.

7.8 2019-12-12 CVE-2019-19726

OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.

7.5 2019-08-26 CVE-2019-8460

OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service.

6.5 2017-06-19 CVE-2017-1000373

The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions.

9.8 2017-06-19 CVE-2017-1000372

A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions.

9.3 2011-08-19 CVE-2011-2895

The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.

5 2011-05-24 CVE-2011-2168

Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPEND and GLOB_DOOFFS flags, a different issue than CVE-2011-0418.

7.2 2011-05-09 CVE-2011-1013

Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument.

4.9 2009-03-09 CVE-2009-0537

Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.

7.1 2008-10-20 CVE-2008-4609

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

5 2007-01-17 CVE-2007-0343

OpenBSD before 20070116 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via certain IPv6 ICMP (aka ICMP6) echo request packets.

6.6 2006-12-26 CVE-2006-6730

OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local users with root privileges to reduce securelevel by replacing the System Management Mode (SMM) handler via a write to an SMRAM address within /dev/xf86 (aka the video card memory-mapped I/O range), and then launching the new handler via a System Management Interrupt (SMI), as demonstrated by a write to Programmed I/O port 0xB2.

4.4 2006-12-07 CVE-2006-6397

** DISPUTED ** Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is not a vulnerability.

4.3 2005-12-31 CVE-2005-4351

The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running.

10 2004-08-06 CVE-2004-0492

Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.

10 2004-08-06 CVE-2004-0418

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.

5 2004-08-06 CVE-2004-0417

Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.

10 2004-08-06 CVE-2004-0416

Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.

10 2004-08-06 CVE-2004-0414

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.

5 2004-05-04 CVE-2004-0222

Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via certain ISAKMP packets, as demonstrated by the Striker ISAKMP Protocol Test Suite.

5 2004-05-04 CVE-2004-0221

isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a delete payload containing a large number of SPIs, which triggers an out-of-bounds read error, as demonstrated by the Striker ISAKMP Protocol Test Suite.

10 2004-05-04 CVE-2004-0220

isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker ISAKMP Protocol Test Suite.

5 2004-05-04 CVE-2004-0219

isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a malformed IPSEC SA payload, as demonstrated by the Striker ISAKMP Protocol Test Suite.

5 2004-05-04 CVE-2004-0218

isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (infinite loop) via an ISAKMP packet with a zero-length payload, as demonstrated by the Striker ISAKMP Protocol Test Suite.

4.6 2004-03-03 CVE-2004-0114

The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges.

CWE : Common Weakness Enumeration

%idName
30% (3) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
20% (2) CWE-189 Numeric Errors
10% (1) CWE-787 Out-of-bounds Write
10% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
10% (1) CWE-287 Improper Authentication
10% (1) CWE-269 Improper Privilege Management
10% (1) CWE-16 Configuration

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-47 Buffer Overflow via Parameter Expansion

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
74927 X.Org libXfont src/fontfile/decompress.c BufCompressedFill() Function LZW Dec...
74379 OpenBSD libc glob GLOB_APPEND / GLOB_DOOFFS Flags Crafted String Multiple Ove...
73291 OpenBSD Kernel DRM Subsystem sys/dev/pci/drm/drm_irq.c drm_modeset_ctl Functi...
73290 Linux Kernel DRM Subsystem drivers/gpu/drm/drm_irq.c drm_modeset_ctl Function...
62144 F5 Multiple Products TCP/IP Implementation Queue Connection Saturation TCP St...
61133 Citrix Multiple Products TCP/IP Implementation Queue Connection Saturation TC...
59482 Blue Coat Multiple Products TCP/IP Implementation Queue Connection Saturation...
58614 McAfee Email and Web Security Appliance TCP/IP Implementation Queue Connectio...
58321 Check Point Multiple Products TCP/IP Implementation Queue Connection Saturati...
58189 Yamaha RT Series Routers TCP/IP Implementation Queue Connection Saturation TC...
57993 Solaris TCP/IP Implementation Queue Connection Saturation TCP State Table Rem...
57795 Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State...
57794 Multiple BSD TCP/IP Implementation Queue Connection Saturation TCP State Tabl...
57793 Multiple Linux TCP/IP Implementation Queue Connection Saturation TCP State Ta...
55345 Microsoft libc src/lib/libc/gen/fts.c fts_build() Function fts Nested Directo...
52463 OpenBSD libc src/lib/libc/gen/fts.c fts_build() Function fts Nested Directory...
50286 Cisco TCP/IP Implementation Queue Connection Saturation TCP State Table Remot...
40805 Multiple BSD X.Org /dev/xf86 device Local securelevel Reduction
32935 OpenBSD Crafted IPv6 ICMP Echo Request DoS
31954 Multiple BSD banner Local Overflow
22397 Multiple Vendor Securelevels Immutable Flag Bypass
8751 Multiple Vendor rpc.mountd File Existence Information Disclosure
7557 OpenBSD TSS Handling Kernel DoS
6839 Apache HTTP Server mod_proxy Content-Length Overflow
6836 CVS CVSROOT Configuration File Empty Line Underflow

ExploitDB Exploits

id Description
8163 Multiple Vendors libc:fts_*() - Local Denial of Service Exploit

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-07-30 Name : CentOS Update for freetype CESA-2011:1161 centos4 x86_64
File : nvt/gb_CESA-2011_1161_freetype_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for xorg-x11 CESA-2011:1155 centos4 x86_64
File : nvt/gb_CESA-2011_1155_xorg-x11_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for libXfont CESA-2011:1154 centos5 x86_64
File : nvt/gb_CESA-2011_1154_libXfont_centos5_x86_64.nasl
2012-06-06 Name : RedHat Update for kernel RHSA-2011:0498-01
File : nvt/gb_RHSA-2011_0498-01_kernel.nasl
2012-05-18 Name : Mac OS X Multiple Vulnerabilities (2012-002)
File : nvt/gb_macosx_su12-002.nasl
2012-02-12 Name : FreeBSD Ports: FreeBSD
File : nvt/freebsd_FreeBSD14.nasl
2012-02-06 Name : Mac OS X Multiple Vulnerabilities (2012-001)
File : nvt/gb_macosx_su12-001.nasl
2011-11-08 Name : Mandriva Update for gimp MDVSA-2011:167 (gimp)
File : nvt/gb_mandriva_MDVSA_2011_167.nasl
2011-10-21 Name : Mandriva Update for libxfont MDVSA-2011:153 (libxfont)
File : nvt/gb_mandriva_MDVSA_2011_153.nasl
2011-10-16 Name : FreeBSD Security Advisory (FreeBSD-SA-11:04.compress.asc)
File : nvt/freebsdsa_compress.nasl
2011-10-14 Name : Mandriva Update for cups MDVSA-2011:146 (cups)
File : nvt/gb_mandriva_MDVSA_2011_146.nasl
2011-09-23 Name : CentOS Update for libXfont CESA-2011:1154 centos5 i386
File : nvt/gb_CESA-2011_1154_libXfont_centos5_i386.nasl
2011-09-21 Name : Debian Security Advisory DSA 2293-1 (libxfont)
File : nvt/deb_2293_1.nasl
2011-09-21 Name : FreeBSD Ports: libXfont
File : nvt/freebsd_libXfont.nasl
2011-09-16 Name : Ubuntu Update for linux-ti-omap4 USN-1202-1
File : nvt/gb_ubuntu_USN_1202_1.nasl
2011-09-16 Name : Ubuntu Update for linux-fsl-imx51 USN-1204-1
File : nvt/gb_ubuntu_USN_1204_1.nasl
2011-08-19 Name : CentOS Update for freetype CESA-2011:1161 centos4 i386
File : nvt/gb_CESA-2011_1161_freetype_centos4_i386.nasl
2011-08-18 Name : CentOS Update for xorg-x11 CESA-2011:1155 centos4 i386
File : nvt/gb_CESA-2011_1155_xorg-x11_centos4_i386.nasl
2011-08-18 Name : Ubuntu Update for libxfont USN-1191-1
File : nvt/gb_ubuntu_USN_1191_1.nasl
2011-08-18 Name : RedHat Update for freetype RHSA-2011:1161-01
File : nvt/gb_RHSA-2011_1161-01_freetype.nasl
2011-08-12 Name : Ubuntu Update for linux-lts-backport-maverick USN-1187-1
File : nvt/gb_ubuntu_USN_1187_1.nasl
2011-08-12 Name : RedHat Update for libXfont RHSA-2011:1154-01
File : nvt/gb_RHSA-2011_1154-01_libXfont.nasl
2011-08-12 Name : RedHat Update for xorg-x11 RHSA-2011:1155-01
File : nvt/gb_RHSA-2011_1155-01_xorg-x11.nasl
2011-07-18 Name : Ubuntu Update for linux-mvl-dove USN-1159-1
File : nvt/gb_ubuntu_USN_1159_1.nasl
2011-07-18 Name : Ubuntu Update for linux USN-1167-1
File : nvt/gb_ubuntu_USN_1167_1.nasl

Snort® IPS/IDS

Date Description
2019-08-06 OpenBSD ISAKMP denial of service attempt
RuleID : 50901-community - Type : SERVER-OTHER - Revision : 1
2019-09-05 OpenBSD ISAKMP denial of service attempt
RuleID : 50901 - Type : SERVER-OTHER - Revision : 1
2014-01-10 CVS Max-dotdot integer overflow attempt
RuleID : 2583-community - Type : SERVER-OTHER - Revision : 9
2014-01-10 CVS Max-dotdot integer overflow attempt
RuleID : 2583 - Type : SERVER-OTHER - Revision : 9
2014-01-10 server negative Content-Length attempt
RuleID : 2580-community - Type : SERVER-WEBAPP - Revision : 11
2014-01-10 server negative Content-Length attempt
RuleID : 2580 - Type : SERVER-WEBAPP - Revision : 11
2014-01-10 Microsoft Windows TCP stack zero window size exploit attempt
RuleID : 16294 - Type : OS-WINDOWS - Revision : 15
2014-01-10 CVS Argumentx command double free attempt
RuleID : 15971 - Type : SERVER-OTHER - Revision : 5
2014-01-10 TCP window closed before receiving data
RuleID : 15912 - Type : OS-WINDOWS - Revision : 10

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-10-03 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_13.nasl - Type: ACT_GATHER_INFO
2016-10-13 Name: The remote device is affected by multiple vulnerabilities.
File: appletv_9_1.nasl - Type: ACT_GATHER_INFO
2015-12-11 Name: The remote host is missing a Mac OS X update that fixes multiple security vul...
File: macosx_SecUpd2015-008.nasl - Type: ACT_GATHER_INFO
2015-12-10 Name: The remote host is missing a Mac OS X update that fixes multiple security vul...
File: macosx_10_11_2.nasl - Type: ACT_GATHER_INFO
2015-03-27 Name: The remote Fedora host is missing a security update.
File: fedora_2015-3964.nasl - Type: ACT_GATHER_INFO
2015-03-27 Name: The remote Fedora host is missing a security update.
File: fedora_2015-3948.nasl - Type: ACT_GATHER_INFO
2015-03-23 Name: The remote Fedora host is missing a security update.
File: fedora_2015-3953.nasl - Type: ACT_GATHER_INFO
2014-10-10 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL10509.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_libpciaccess0-110905.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_kernel-110726.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_kernel-110426.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_libpciaccess0-110905.nasl - Type: ACT_GATHER_INFO
2014-02-23 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201402-23.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2011-1161.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2011-1155.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2011-2015.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2011-0498.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2011-1154.nasl - Type: ACT_GATHER_INFO
2013-01-24 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2011-1834.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20110510_kernel_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20110811_libXfont_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20110811_xorg_x11_on_SL4_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20110815_freetype_on_SL4_x.nasl - Type: ACT_GATHER_INFO
2012-05-10 Name: The remote host is missing a Mac OS X update that fixes several security issues.
File: macosx_10_7_4.nasl - Type: ACT_GATHER_INFO
2012-02-02 Name: The remote host is missing a Mac OS X update that fixes several security vuln...
File: macosx_10_7_3.nasl - Type: ACT_GATHER_INFO