Openbsd: Security Vulnerabilities
readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files.
CVSS Score
2.1
EPSS Score
0.003
Published
2001-06-27
OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.
CVSS Score
7.5
EPSS Score
0.022
Published
2001-06-19
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.
CVSS Score
10.0
EPSS Score
0.193
Published
2001-06-18
IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port.
CVSS Score
7.5
EPSS Score
0.024
Published
2001-06-18
Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork.
CVSS Score
1.2
EPSS Score
0.003
Published
2001-06-02
The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address.
CVSS Score
7.2
EPSS Score
0.006
Published
2001-05-03
Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option.
CVSS Score
10.0
EPSS Score
0.031
Published
2001-05-03
The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service.
CVSS Score
2.1
EPSS Score
0.003
Published
2001-03-12
IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets.
CVSS Score
5.0
EPSS Score
0.012
Published
2001-03-12
cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron's fake popen function.
CVSS Score
7.2
EPSS Score
0.005
Published
2001-03-12