This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Openbsd First view 2005-12-31
Product Openbsd Last view 2020-07-28
Version 3.8 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:openbsd:openbsd

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2020-07-28 CVE-2020-16088

iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches.

7.8 2019-12-12 CVE-2019-19726

OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.

7.5 2019-08-26 CVE-2019-8460

OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service.

6.5 2017-06-19 CVE-2017-1000373

The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions.

9.8 2017-06-19 CVE-2017-1000372

A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions.

5 2011-05-24 CVE-2011-2168

Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPEND and GLOB_DOOFFS flags, a different issue than CVE-2011-0418.

7.2 2011-05-09 CVE-2011-1013

Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument.

4.9 2009-03-09 CVE-2009-0537

Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.

7.1 2008-10-20 CVE-2008-4609

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

5 2007-01-17 CVE-2007-0343

OpenBSD before 20070116 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via certain IPv6 ICMP (aka ICMP6) echo request packets.

4.6 2006-10-10 CVE-2006-5218

Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in systrace in OpenBSD 3.9 and NetBSD 3 allows local users to cause a denial of service (crash), gain privileges, or read arbitrary kernel memory via large numeric arguments to the systrace ioctl.

5 2006-08-28 CVE-2006-4436

isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates Security Associations (SA) with a replay window of size 0 when isakmpd acts as a responder during SA negotiation, which allows remote attackers to replay IPSec packets and bypass the replay protection.

4.9 2006-08-28 CVE-2006-4435

OpenBSD 3.8, 3.9, and possibly earlier versions allows context-dependent attackers to cause a denial of service (kernel panic) by allocating more semaphores than the default.

10 2006-08-23 CVE-2006-4304

Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver.

4.6 2006-01-06 CVE-2006-0098

The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3.8 allows local users to re-open arbitrary files by using setuid programs to access file descriptors using /dev/fd/.

4.3 2005-12-31 CVE-2005-4351

The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running.

CWE : Common Weakness Enumeration

%idName
28% (2) CWE-189 Numeric Errors
14% (1) CWE-787 Out-of-bounds Write
14% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
14% (1) CWE-287 Improper Authentication
14% (1) CWE-269 Improper Privilege Management
14% (1) CWE-16 Configuration

Open Source Vulnerability Database (OSVDB)

id Description
74379 OpenBSD libc glob GLOB_APPEND / GLOB_DOOFFS Flags Crafted String Multiple Ove...
73291 OpenBSD Kernel DRM Subsystem sys/dev/pci/drm/drm_irq.c drm_modeset_ctl Functi...
73290 Linux Kernel DRM Subsystem drivers/gpu/drm/drm_irq.c drm_modeset_ctl Function...
62144 F5 Multiple Products TCP/IP Implementation Queue Connection Saturation TCP St...
61133 Citrix Multiple Products TCP/IP Implementation Queue Connection Saturation TC...
59482 Blue Coat Multiple Products TCP/IP Implementation Queue Connection Saturation...
58614 McAfee Email and Web Security Appliance TCP/IP Implementation Queue Connectio...
58321 Check Point Multiple Products TCP/IP Implementation Queue Connection Saturati...
58189 Yamaha RT Series Routers TCP/IP Implementation Queue Connection Saturation TC...
57993 Solaris TCP/IP Implementation Queue Connection Saturation TCP State Table Rem...
57795 Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State...
57794 Multiple BSD TCP/IP Implementation Queue Connection Saturation TCP State Tabl...
57793 Multiple Linux TCP/IP Implementation Queue Connection Saturation TCP State Ta...
55345 Microsoft libc src/lib/libc/gen/fts.c fts_build() Function fts Nested Directo...
52463 OpenBSD libc src/lib/libc/gen/fts.c fts_build() Function fts Nested Directory...
50286 Cisco TCP/IP Implementation Queue Connection Saturation TCP State Table Remot...
32935 OpenBSD Crafted IPv6 ICMP Echo Request DoS
29570 Multiple BSD systrace systrace_preprepl() Function Overflow
28195 OpenBSD sempahores Manipulation Kernel Panic Local DoS
28194 OpenBSD isakmpd IPSec Packet Replay
28176 FreeBSD ppp LCP Packet Option Processing Remote Overflow
22397 Multiple Vendor Securelevels Immutable Flag Bypass
22231 OpenBSD suid Programs /dev/fd File Re-Open Issue

ExploitDB Exploits

id Description
8163 Multiple Vendors libc:fts_*() - Local Denial of Service Exploit

OpenVAS Exploits

id Description
2012-06-06 Name : RedHat Update for kernel RHSA-2011:0498-01
File : nvt/gb_RHSA-2011_0498-01_kernel.nasl
2011-09-16 Name : Ubuntu Update for linux-ti-omap4 USN-1202-1
File : nvt/gb_ubuntu_USN_1202_1.nasl
2011-09-16 Name : Ubuntu Update for linux-fsl-imx51 USN-1204-1
File : nvt/gb_ubuntu_USN_1204_1.nasl
2011-08-12 Name : Ubuntu Update for linux-lts-backport-maverick USN-1187-1
File : nvt/gb_ubuntu_USN_1187_1.nasl
2011-07-18 Name : Ubuntu Update for linux-mvl-dove USN-1159-1
File : nvt/gb_ubuntu_USN_1159_1.nasl
2011-07-18 Name : Ubuntu Update for linux USN-1167-1
File : nvt/gb_ubuntu_USN_1167_1.nasl
2011-07-08 Name : Ubuntu Update for linux USN-1160-1
File : nvt/gb_ubuntu_USN_1160_1.nasl
2011-07-08 Name : Ubuntu Update for linux-mvl-dove USN-1162-1
File : nvt/gb_ubuntu_USN_1162_1.nasl
2011-06-24 Name : Fedora Update for kernel FEDORA-2011-6447
File : nvt/gb_fedora_2011_6447_kernel_fc13.nasl
2011-06-06 Name : Ubuntu Update for linux USN-1141-1
File : nvt/gb_ubuntu_USN_1141_1.nasl
2009-09-10 Name : Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723)
File : nvt/secpod_ms09-048.nasl
2009-03-07 Name : Ubuntu USN-727-2 (network-manager)
File : nvt/ubuntu_727_2.nasl
2009-03-07 Name : Ubuntu USN-727-1 (network-manager-applet)
File : nvt/ubuntu_727_1.nasl
2009-03-07 Name : Ubuntu USN-726-2 (curl)
File : nvt/ubuntu_726_2.nasl
2009-03-07 Name : Ubuntu USN-726-1 (curl)
File : nvt/ubuntu_726_1.nasl
2008-09-04 Name : FreeBSD Security Advisory (FreeBSD-SA-06:18.ppp.asc)
File : nvt/freebsdsa_ppp.nasl
2008-01-17 Name : Debian Security Advisory DSA 1175-1 (isakmpd)
File : nvt/deb_1175_1.nasl

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Windows TCP stack zero window size exploit attempt
RuleID : 16294 - Type : OS-WINDOWS - Revision : 15
2014-01-10 TCP window closed before receiving data
RuleID : 15912 - Type : OS-WINDOWS - Revision : 10

Nessus® Vulnerability Scanner

id Description
2017-10-03 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_13.nasl - Type: ACT_GATHER_INFO
2014-10-10 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL10509.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_kernel-110426.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_kernel-110726.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2011-0498.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2011-2015.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20110510_kernel_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2011-09-14 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-1204-1.nasl - Type: ACT_GATHER_INFO
2011-09-14 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-1202-1.nasl - Type: ACT_GATHER_INFO
2011-08-09 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-1187-1.nasl - Type: ACT_GATHER_INFO
2011-07-14 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1159-1.nasl - Type: ACT_GATHER_INFO
2011-07-14 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-1167-1.nasl - Type: ACT_GATHER_INFO
2011-07-06 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1162-1.nasl - Type: ACT_GATHER_INFO
2011-06-29 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-1160-1.nasl - Type: ACT_GATHER_INFO
2011-06-22 Name: The remote Fedora host is missing a security update.
File: fedora_2011-6447.nasl - Type: ACT_GATHER_INFO
2011-06-13 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-1141-1.nasl - Type: ACT_GATHER_INFO
2011-05-11 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2011-0498.nasl - Type: ACT_GATHER_INFO
2011-04-28 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_kernel-110415.nasl - Type: ACT_GATHER_INFO
2011-04-28 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_kernel-110414.nasl - Type: ACT_GATHER_INFO
2010-09-01 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20090908-tcp24http.nasl - Type: ACT_GATHER_INFO
2009-09-08 Name: Multiple vulnerabilities in the Windows TCP/IP implementation could lead to d...
File: smb_nt_ms09-048.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1175.nasl - Type: ACT_GATHER_INFO