CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Openbsd » Openbsd » 2.5 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-2895 119 Exec Code Overflow 2011-08-19 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
2 CVE-2011-2168 189 Overflow 2011-05-24 2011-06-11
5.0
None Remote Low Not required None None Partial
Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPEND and GLOB_DOOFFS flags, a different issue than CVE-2011-0418.
3 CVE-2009-0537 189 DoS Overflow 2009-03-09 2018-10-11
4.9
None Local Low Not required None None Complete
Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.
4 CVE-2008-4609 16 DoS 2008-10-20 2021-07-07
7.1
None Remote Medium Not required None None Complete
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
5 CVE-2005-0740 DoS 2005-01-13 2008-09-05
5.0
None Remote Low Not required None None Partial
The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout.
6 CVE-2003-1366 200 +Info 2003-12-31 2017-07-29
3.3
None Local Medium Not required Partial Partial None
chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information.
7 CVE-2003-0466 Exec Code Overflow 2003-08-27 2018-05-03
10.0
None Remote Low Not required Complete Complete Complete
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
8 CVE-2003-0144 Overflow +Priv 2003-03-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.
9 CVE-2003-0028 Exec Code Overflow 2003-03-25 2020-01-21
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
10 CVE-2002-2180 +Priv 2002-12-31 2008-09-05
6.8
None Local Low ??? Complete Complete Complete
The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error.
11 CVE-2002-2092 +Priv 2002-12-31 2017-12-19
3.7
None Local High Not required Partial Partial Partial
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.
12 CVE-2002-1915 DoS 2002-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.
13 CVE-2001-0554 120 Exec Code Overflow 2001-08-14 2022-01-21
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
14 CVE-2001-0247 Exec Code Overflow 2001-06-18 2020-01-21
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.
15 CVE-2001-0053 Overflow +Priv 2001-02-12 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges.
16 CVE-2000-1010 Exec Code 2000-12-11 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters.
17 CVE-2000-1004 Exec Code 2000-12-11 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters.
18 CVE-2000-0997 +Priv 2000-12-19 2018-05-03
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges.
19 CVE-2000-0994 +Priv 2000-12-19 2018-05-03
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable.
20 CVE-2000-0993 +Priv 2000-12-19 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.
21 CVE-2000-0914 DoS 2000-12-19 2017-10-10
5.0
None Remote Low Not required None None Partial
OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests.
22 CVE-2000-0751 Exec Code 2000-10-20 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.
23 CVE-2000-0750 Exec Code Overflow 2000-10-20 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name.
24 CVE-2000-0489 DoS 1999-09-05 2017-10-10
2.1
None Local Low Not required None None Partial
FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers.
25 CVE-2000-0312 +Priv 2001-03-12 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron's fake popen function.
26 CVE-1999-0727 1999-08-06 2008-09-09
5.0
None Remote Low Not required Partial None None
A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted.
27 CVE-1999-0724 Overflow 1999-08-12 2008-09-09
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir() function.
28 CVE-1999-0703 1999-08-03 2008-09-09
3.6
None Local Low Not required None Partial Partial
OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.
29 CVE-1999-0674 1999-08-09 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.
Total number of vulnerabilities : 29   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.