Users login

Create an account »


Users login

Home » Security Advisories » NetBSD

NetBSD Security Advisories

Here you'll find the latest security advisories from NetBSD. Our database currently contains 49 NetBSD security advisories.
Page: 1 2 out of 2

Sendmail malformed multipart MIME messages | 2006-017 | June 14, 2006
Sendmail is vulnerable to a denial of service condition in the handling of malformed multipart MIME messages. This may allow a remote attacker to launch a denial of service attack against the sendmail
» CVE-2006-1173 Low: Sendmail before 8.13.7 allows remote a (0.00)

IPv6 socket options crash | 2006-016 | June 08, 2006
Insufficient validation when parsing IPv6 socket options can lead to a system crash. This can be triggered by a local non-privileged user.

FPU info leak with AMD CPUs | 2006-015 | June 08, 2006
Due to the documented behavior of AMD processors when running amd64, i386 and Xen NetBSD kernels, processors using floating point operations can leak information. This may allow a local attacker to ga
» CVE-2006-1056 Low: The Linux kernel before and t (0.00)

Audio subsystem race condition | 2006-014 | April 27, 2006
A system crash can occur if a user changes the sample rate of an audio device during playback.

Sysctl local denial of service | 2006-013 | April 12, 2006
The user supplied buffer where results of the sysctl call are stored is locked into physical memory without checking its size. This way, a malicious user can cause a system lockup by allocating all a

Local user system crash | 2006-012 | April 12, 2006
A system crash can occur if a user attempts to gather information on a non-existent alias of a network interface via the SIOCGIFALIAS ioctl.

IPSec replay attack | 2006-011 | April 12, 2006
A vulnerability was found in the fast_ipsec stack that renders the IPSec anti-replay service ineffective under certain circumstances. If the upper layer protocol doesn't provide any anti-packet repla
» CVE-2006-0905 Low: A "programming error" in fast_ipsec in (0.00)

False detection of Intel hardware RNG | 2006-009 | April 12, 2006
The driver for Intel's random number generator may incorrectly detect the presence of the device on some hardware. This can lead to the driver feeding a constant stream into the entropy pool.

Sendmail arbitrary code execution | 2006-010 | March 28, 2006
Sendmail is vulnerable to a race condition in the handling of asynchronous signals. This may allow a remote attacker to execute arbitrary code with the privileges of the sendmail user.
» CVE-2006-0058 Low: Signal handler race condition in Sendm (0.00)

Malformed ELF interpreter system crash | 2006-008 | March 28, 2006
A malformed copy of ld.elf_so, or any other elf interpreter, can cause a NULL pointer deference in the kernel.

Mail information disclosure | 2006-007 | March 28, 2006
When mail creates the users record file it currently does so using the default umask of 0644. This may leave the record file of a users email readable by other users of the system.

Bridge memory disclosure | 2006-005 | March 28, 2006
The bridge ioctl calls did not zero out the stack memory used to temporarily store the results of the ioctl requests before copying them back to the requesting process. Thus portions of the kernel

pf denial of service | 2006-004 | March 28, 2006
There is a logical bug in pf's scrub fragment cache, which in certain configurations may lead to a remotely exploitable denial of service attack.
» CVE-2006-0381 Low: A logic error in the IP fragment cache (0.00)

Racoon multiple denial of services | 2006-003 | March 28, 2006
There are three vulnerabilities that are a result of two code paths in the source which allow a malicious attacker to crash the racoon daemon.

Ptrace privilege escalation and injection of code | 2005-013 | November 08, 2005
Processes running with alternate privileges gained from setuid and setgid executables are prevented from debugger attachment by their original owner (via ptrace). However, if these processes exec'd

SO_LINGER local denial of service | 2005-012 | November 08, 2005
The SO_LINGER socket option can be passed negative a linger time, which can be used by an unprivileged user to trigger a kernel assertion panic if the kernel is compiled with "options DIAGNOSTIC".

Ntpd privilege escalation | 2005-011 | November 08, 2005
When started with the -u parameter, and passed a group to run as, ntpd will use the primary group of the user and not the provided group.

OpenSSL information leak | 2005-010 | November 08, 2005
A vulnerability in OpenSSL allowed a malicious man-in-the-middle to force two endpoints of an SSL connection to negotiate using SSL 2.0, which is known to have severe cryptographic weaknesses.

Make arbitrary files overwrite | 2005-009 | November 08, 2005
Malicious users can pre-generate symlinks to point to important files (so they will be overwritten) and possibly cause a local denial of service if the make process is run with elevated privileges.

FreeBSD compat local root compromise | 2005-008 | November 08, 2005
Due to insufficient length checking in FreeBSD compatibility code, it is possible for a user to cause an integer overflow, resulting in a local denial of service and potentially local root compromise.

AES-XCBC-MAC algorithm incorrect key | 2005-007 | November 08, 2005
Machines using IPsec [RFC2401] with AH and AES-XCBC-MAC algorithm [RFC3566] incorrectly used a fixed key instead of the provided one. Because a known key is used, affected Security Associations lack i

CVS multiple vulnerabilities | 2005-006 | November 08, 2005
CVS has multiple vulnerabilities, ranging from remote execution of arbitrary code to denial of service. Most of the issues are when the CVS server is running in pserver mode.

Cgd key destruction | 2005-005 | November 08, 2005
When a cgd(4) pseudo-device is unconfigured, the driver does not clear memory containing key material before freeing it back to other kernel use. A process may later allocate kernel memory and receive

MIT Kerberos 5 remote code execution | 2005-004 | November 08, 2005
The telnet client program in NetBSD, supporting MIT Kerberos 5 authentication, contains several buffer overflows that can be triggered when connecting to a malicious telnet server. When exploited, th

F_CLOSEM local denial of service | 2005-003 | November 08, 2005
A bug in the way the file descriptor table of a process is manipulated can be triggered by calling the F_CLOSEM fnctl() with the parameter 0, which means "close all opened file descriptors".

Page: 1 2 out of 2

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »