Summary
Detail | |||
---|---|---|---|
Vendor | Openbsd | First view | 1998-08-03 |
Product | Openbsd | Last view | 2020-07-28 |
Version | 2.3 | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:openbsd:openbsd |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
9.8 | 2020-07-28 | CVE-2020-16088 | iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches. |
7.8 | 2019-12-12 | CVE-2019-19726 | OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root. |
7.5 | 2019-08-26 | CVE-2019-8460 | OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service. |
6.5 | 2017-06-19 | CVE-2017-1000373 | The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions. |
9.8 | 2017-06-19 | CVE-2017-1000372 | A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions. |
9.3 | 2011-08-19 | CVE-2011-2895 | The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896. |
5 | 2011-05-24 | CVE-2011-2168 | Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPEND and GLOB_DOOFFS flags, a different issue than CVE-2011-0418. |
7.2 | 2011-05-09 | CVE-2011-1013 | Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument. |
4.9 | 2009-03-09 | CVE-2009-0537 | Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise. |
7.1 | 2008-10-20 | CVE-2008-4609 | The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. |
5 | 2007-01-17 | CVE-2007-0343 | OpenBSD before 20070116 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via certain IPv6 ICMP (aka ICMP6) echo request packets. |
4.3 | 2005-12-31 | CVE-2005-4351 | The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running. |
5 | 2005-01-13 | CVE-2005-0740 | The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout. |
5 | 2004-05-04 | CVE-2004-0222 | Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via certain ISAKMP packets, as demonstrated by the Striker ISAKMP Protocol Test Suite. |
5 | 2004-05-04 | CVE-2004-0221 | isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a delete payload containing a large number of SPIs, which triggers an out-of-bounds read error, as demonstrated by the Striker ISAKMP Protocol Test Suite. |
10 | 2004-05-04 | CVE-2004-0220 | isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker ISAKMP Protocol Test Suite. |
5 | 2004-05-04 | CVE-2004-0219 | isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a malformed IPSEC SA payload, as demonstrated by the Striker ISAKMP Protocol Test Suite. |
5 | 2004-05-04 | CVE-2004-0218 | isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (infinite loop) via an ISAKMP packet with a zero-length payload, as demonstrated by the Striker ISAKMP Protocol Test Suite. |
4.6 | 2004-03-03 | CVE-2004-0114 | The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges. |
3.3 | 2003-12-31 | CVE-2003-1366 | chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information. |
10 | 2003-08-27 | CVE-2003-0466 | Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. |
7.2 | 2003-03-31 | CVE-2003-0144 | Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name. |
7.5 | 2003-03-25 | CVE-2003-0028 | Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. |
6.8 | 2002-12-31 | CVE-2002-2180 | The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error. |
3.7 | 2002-12-31 | CVE-2002-2092 | Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
16% (2) | CWE-189 | Numeric Errors |
16% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
8% (1) | CWE-787 | Out-of-bounds Write |
8% (1) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
8% (1) | CWE-287 | Improper Authentication |
8% (1) | CWE-269 | Improper Privilege Management |
8% (1) | CWE-200 | Information Exposure |
8% (1) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
8% (1) | CWE-20 | Improper Input Validation |
8% (1) | CWE-16 | Configuration |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-25 | Forced Deadlock |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
74927 | X.Org libXfont src/fontfile/decompress.c BufCompressedFill() Function LZW Dec... |
74379 | OpenBSD libc glob GLOB_APPEND / GLOB_DOOFFS Flags Crafted String Multiple Ove... |
73291 | OpenBSD Kernel DRM Subsystem sys/dev/pci/drm/drm_irq.c drm_modeset_ctl Functi... |
73290 | Linux Kernel DRM Subsystem drivers/gpu/drm/drm_irq.c drm_modeset_ctl Function... |
62144 | F5 Multiple Products TCP/IP Implementation Queue Connection Saturation TCP St... |
61133 | Citrix Multiple Products TCP/IP Implementation Queue Connection Saturation TC... |
60351 | OpenBSD chpass Temporary File Hardlink Arbitrary File Fragment Disclosure |
60108 | OpenBSD setitimer(2) System Call Local Privilege Escalation |
59910 | SuSE Linux tip acculog File Lock Local DoS |
59909 | Multiple BSD tip acculog File Lock Local DoS |
59482 | Blue Coat Multiple Products TCP/IP Implementation Queue Connection Saturation... |
59341 | Multiple Unix bootpd hwinfolist Table htype Handling Overflow |
58614 | McAfee Email and Web Security Appliance TCP/IP Implementation Queue Connectio... |
58321 | Check Point Multiple Products TCP/IP Implementation Queue Connection Saturati... |
58189 | Yamaha RT Series Routers TCP/IP Implementation Queue Connection Saturation TC... |
57993 | Solaris TCP/IP Implementation Queue Connection Saturation TCP State Table Rem... |
57795 | Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State... |
57794 | Multiple BSD TCP/IP Implementation Queue Connection Saturation TCP State Tabl... |
57793 | Multiple Linux TCP/IP Implementation Queue Connection Saturation TCP State Ta... |
55345 | Microsoft libc src/lib/libc/gen/fts.c fts_build() Function fts Nested Directo... |
52463 | OpenBSD libc src/lib/libc/gen/fts.c fts_build() Function fts Nested Directory... |
50286 | Cisco TCP/IP Implementation Queue Connection Saturation TCP State Table Remot... |
32935 | OpenBSD Crafted IPv6 ICMP Echo Request DoS |
22397 | Multiple Vendor Securelevels Immutable Flag Bypass |
19475 | Multiple BSD exec Race Condition Process Debugger Privilege Escalation |
ExploitDB Exploits
id | Description |
---|---|
8163 | Multiple Vendors libc:fts_*() - Local Denial of Service Exploit |
OpenVAS Exploits
id | Description |
---|---|
2012-07-30 | Name : CentOS Update for freetype CESA-2011:1161 centos4 x86_64 File : nvt/gb_CESA-2011_1161_freetype_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for xorg-x11 CESA-2011:1155 centos4 x86_64 File : nvt/gb_CESA-2011_1155_xorg-x11_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for libXfont CESA-2011:1154 centos5 x86_64 File : nvt/gb_CESA-2011_1154_libXfont_centos5_x86_64.nasl |
2012-06-06 | Name : RedHat Update for kernel RHSA-2011:0498-01 File : nvt/gb_RHSA-2011_0498-01_kernel.nasl |
2012-05-18 | Name : Mac OS X Multiple Vulnerabilities (2012-002) File : nvt/gb_macosx_su12-002.nasl |
2012-02-12 | Name : FreeBSD Ports: FreeBSD File : nvt/freebsd_FreeBSD14.nasl |
2012-02-06 | Name : Mac OS X Multiple Vulnerabilities (2012-001) File : nvt/gb_macosx_su12-001.nasl |
2011-11-08 | Name : Mandriva Update for gimp MDVSA-2011:167 (gimp) File : nvt/gb_mandriva_MDVSA_2011_167.nasl |
2011-10-21 | Name : Mandriva Update for libxfont MDVSA-2011:153 (libxfont) File : nvt/gb_mandriva_MDVSA_2011_153.nasl |
2011-10-16 | Name : FreeBSD Security Advisory (FreeBSD-SA-11:04.compress.asc) File : nvt/freebsdsa_compress.nasl |
2011-10-14 | Name : Mandriva Update for cups MDVSA-2011:146 (cups) File : nvt/gb_mandriva_MDVSA_2011_146.nasl |
2011-09-23 | Name : CentOS Update for libXfont CESA-2011:1154 centos5 i386 File : nvt/gb_CESA-2011_1154_libXfont_centos5_i386.nasl |
2011-09-21 | Name : FreeBSD Ports: libXfont File : nvt/freebsd_libXfont.nasl |
2011-09-21 | Name : Debian Security Advisory DSA 2293-1 (libxfont) File : nvt/deb_2293_1.nasl |
2011-09-16 | Name : Ubuntu Update for linux-ti-omap4 USN-1202-1 File : nvt/gb_ubuntu_USN_1202_1.nasl |
2011-09-16 | Name : Ubuntu Update for linux-fsl-imx51 USN-1204-1 File : nvt/gb_ubuntu_USN_1204_1.nasl |
2011-08-19 | Name : CentOS Update for freetype CESA-2011:1161 centos4 i386 File : nvt/gb_CESA-2011_1161_freetype_centos4_i386.nasl |
2011-08-18 | Name : Ubuntu Update for libxfont USN-1191-1 File : nvt/gb_ubuntu_USN_1191_1.nasl |
2011-08-18 | Name : CentOS Update for xorg-x11 CESA-2011:1155 centos4 i386 File : nvt/gb_CESA-2011_1155_xorg-x11_centos4_i386.nasl |
2011-08-18 | Name : RedHat Update for freetype RHSA-2011:1161-01 File : nvt/gb_RHSA-2011_1161-01_freetype.nasl |
2011-08-12 | Name : Ubuntu Update for linux-lts-backport-maverick USN-1187-1 File : nvt/gb_ubuntu_USN_1187_1.nasl |
2011-08-12 | Name : RedHat Update for libXfont RHSA-2011:1154-01 File : nvt/gb_RHSA-2011_1154-01_libXfont.nasl |
2011-08-12 | Name : RedHat Update for xorg-x11 RHSA-2011:1155-01 File : nvt/gb_RHSA-2011_1155-01_xorg-x11.nasl |
2011-07-18 | Name : Ubuntu Update for linux USN-1167-1 File : nvt/gb_ubuntu_USN_1167_1.nasl |
2011-07-18 | Name : Ubuntu Update for linux-mvl-dove USN-1159-1 File : nvt/gb_ubuntu_USN_1159_1.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2019-09-24 | OpenBSD TCP Timestamp handling denial of service attempt RuleID : 51219 - Type : OS-OTHER - Revision : 1 |
2019-08-06 | OpenBSD ISAKMP denial of service attempt RuleID : 50901-community - Type : SERVER-OTHER - Revision : 1 |
2019-09-05 | OpenBSD ISAKMP denial of service attempt RuleID : 50901 - Type : SERVER-OTHER - Revision : 1 |
2014-01-10 | bootp x86 linux overflow RuleID : 319 - Type : EXPLOIT - Revision : 7 |
2014-01-10 | RETR overflow attempt RuleID : 2392-community - Type : PROTOCOL-FTP - Revision : 22 |
2014-01-10 | RETR overflow attempt RuleID : 2392 - Type : PROTOCOL-FTP - Revision : 22 |
2014-01-10 | APPE overflow attempt RuleID : 2391-community - Type : PROTOCOL-FTP - Revision : 17 |
2014-01-10 | APPE overflow attempt RuleID : 2391 - Type : PROTOCOL-FTP - Revision : 17 |
2014-01-10 | STOU overflow attempt RuleID : 2390-community - Type : PROTOCOL-FTP - Revision : 12 |
2014-01-10 | STOU overflow attempt RuleID : 2390 - Type : PROTOCOL-FTP - Revision : 12 |
2014-01-10 | RNTO overflow attempt RuleID : 2389-community - Type : PROTOCOL-FTP - Revision : 21 |
2014-01-10 | RNTO overflow attempt RuleID : 2389 - Type : PROTOCOL-FTP - Revision : 21 |
2014-01-10 | portmap proxy integer overflow attempt TCP RuleID : 2093-community - Type : PROTOCOL-RPC - Revision : 13 |
2014-01-10 | portmap proxy integer overflow attempt TCP RuleID : 2093 - Type : PROTOCOL-RPC - Revision : 13 |
2014-01-10 | portmap proxy integer overflow attempt UDP RuleID : 2092-community - Type : PROTOCOL-RPC - Revision : 14 |
2014-01-10 | portmap proxy integer overflow attempt UDP RuleID : 2092 - Type : PROTOCOL-RPC - Revision : 14 |
2014-01-10 | bootp invalid hardware type RuleID : 1940-community - Type : SERVER-OTHER - Revision : 9 |
2014-01-10 | bootp invalid hardware type RuleID : 1940 - Type : SERVER-OTHER - Revision : 9 |
2014-01-10 | bootp hardware address length overflow RuleID : 1939-community - Type : SERVER-OTHER - Revision : 10 |
2014-01-10 | bootp hardware address length overflow RuleID : 1939 - Type : SERVER-OTHER - Revision : 10 |
2014-01-10 | Microsoft Windows TCP stack zero window size exploit attempt RuleID : 16294 - Type : OS-WINDOWS - Revision : 15 |
2014-01-10 | TCP window closed before receiving data RuleID : 15912 - Type : OS-WINDOWS - Revision : 10 |
2014-01-10 | bsd exploit client finishing RuleID : 1253-community - Type : PROTOCOL-TELNET - Revision : 24 |
2014-01-10 | bsd exploit client finishing RuleID : 1253 - Type : PROTOCOL-TELNET - Revision : 24 |
2014-01-10 | bsd telnet exploit response RuleID : 1252-community - Type : PROTOCOL-TELNET - Revision : 25 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2017-10-03 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_13.nasl - Type: ACT_GATHER_INFO |
2016-10-13 | Name: The remote device is affected by multiple vulnerabilities. File: appletv_9_1.nasl - Type: ACT_GATHER_INFO |
2015-12-11 | Name: The remote host is missing a Mac OS X update that fixes multiple security vul... File: macosx_SecUpd2015-008.nasl - Type: ACT_GATHER_INFO |
2015-12-10 | Name: The remote host is missing a Mac OS X update that fixes multiple security vul... File: macosx_10_11_2.nasl - Type: ACT_GATHER_INFO |
2015-03-27 | Name: The remote Fedora host is missing a security update. File: fedora_2015-3964.nasl - Type: ACT_GATHER_INFO |
2015-03-27 | Name: The remote Fedora host is missing a security update. File: fedora_2015-3948.nasl - Type: ACT_GATHER_INFO |
2015-03-23 | Name: The remote Fedora host is missing a security update. File: fedora_2015-3953.nasl - Type: ACT_GATHER_INFO |
2014-10-10 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL10509.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_3_libpciaccess0-110905.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_3_kernel-110726.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_4_kernel-110426.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_4_libpciaccess0-110905.nasl - Type: ACT_GATHER_INFO |
2014-02-23 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201402-23.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2011-0498.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2011-1154.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2011-1155.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2011-1161.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2011-2015.nasl - Type: ACT_GATHER_INFO |
2013-01-24 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2011-1834.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2003-080.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2003-059.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20110815_freetype_on_SL4_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20110510_kernel_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20110811_libXfont_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20110811_xorg_x11_on_SL4_x.nasl - Type: ACT_GATHER_INFO |