BsdiCVEs & Vulnerabilities

39 CVEs affecting Bsdi products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

bsd os 72gauntlet 1
CVE-2008-4609HIGH

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

20 Oct 2008
7.1
CVSS
CVE-2001-1541HIGH

Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI BSD/OS 3.0 through 4.2 allows local users to execute arbitrary code via a long command line argument.

31 Dec 2001
7.2
CVSS
CVE-2001-1154MEDIUM

Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients.

30 Aug 2001
5.0
CVSS
CVE-2001-1133LOWpoc

Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users to cause a denial of service (reboot) in the kernel via a particular sequence of instructions.

21 Aug 2001
2.1
CVSS
CVE-2000-1103HIGHpoc

rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows local attackers to gain privileges by specifying an alternate Trojan horse script on the command line.

9 Jan 2001
7.2
CVSS
CVE-1999-0001MEDIUM

ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.

30 Dec 1999
5.0
CVSS
CVE-1999-1047HIGH

When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular order, Gauntlet allows remote attackers to bypass firewall access restrictions, and does not log the activities.

18 Oct 1999
7.5
CVSS
CVE-1999-0880MEDIUM

Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly.

1 Oct 1999
5.0
CVSS
CVE-1999-0879CRITICALpoc

Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file.

1 Oct 1999
10.0
CVSS
CVE-1999-0704CRITICALpoc

Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others.

16 Sep 1999
9.3
CVSS
CVE-1999-0747LOW

Denial of service in BSDi Symmetric Multiprocessing (SMP) when an fstat call is made when the system has a high CPU load.

18 Aug 1999
2.1
CVSS
CVE-1999-0703LOW

OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.

3 Aug 1999
3.6
CVSS
CVE-1999-0798CRITICAL

Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.

4 Dec 1998
10.0
CVSS
CVE-1999-0052HIGH

IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.

4 Nov 1998
7.5
CVSS
CVE-1999-0002CRITICALpoc

Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.

12 Oct 1998
10.0
CVSS
CVE-1999-0009CRITICALpoc

Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

8 Apr 1998
10.0
CVSS
CVE-1999-0323CRITICAL

FreeBSD mmap function allows users to modify append-only or immutable files.

20 Feb 1998
10.0
CVSS
CVE-1999-0304HIGH

mmap function in BSD allows local attackers in the kmem group to modify memory through devices.

1 Feb 1998
7.2
CVSS
CVE-1999-0305MEDIUM

The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections.

1 Feb 1998
5.0
CVSS
CVE-1999-0061MEDIUM

File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).

2 Oct 1997
5.1
CVSS
CVE-1999-0024MEDIUM

DNS cache poisoning via BIND, by predictable query IDs.

13 Aug 1997
5.0
CVSS
CVE-1999-0034HIGHpoc

Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.

29 May 1997
7.2
CVSS
CVE-1999-0040HIGHpoc

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

1 May 1997
7.2
CVSS
CVE-1999-0038HIGHpoc

Buffer overflow in xlock program allows local users to execute commands as root.

26 Apr 1997
8.4
CVSS
CVE-1999-0042CRITICALpoc

Buffer overflow in University of Washington's implementation of IMAP and POP servers.

7 Apr 1997
10.0
CVSS
CVE-1999-0165CRITICAL

NFS cache poisoning.

1 Mar 1997
10.0
CVSS
CVE-1999-0046CRITICALpoc

Buffer overflow of rlogin program using TERM environmental variable.

6 Feb 1997
10.0
CVSS
CVE-1999-0047CRITICAL

MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.

28 Jan 1997
10.0
CVSS
CVE-1999-0297HIGH

Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable.

12 Dec 1996
7.2
CVSS
CVE-1999-0096MEDIUM

Sendmail decode alias can be used to overwrite sensitive files.

10 Dec 1996
5.0
CVSS
CVE-1999-0043CRITICAL

Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.

4 Dec 1996
9.8
CVSS
CVE-1999-0129MEDIUM

Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.

3 Dec 1996
4.6
CVSS
CVE-1999-0130HIGHpoc

Local users can start Sendmail in daemon mode and gain root privileges.

16 Nov 1996
7.2
CVSS
CVE-1999-0032HIGHpoc

Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.

25 Oct 1996
7.2
CVSS
CVE-1999-0131HIGH

Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.

11 Sep 1996
7.2
CVSS
CVE-1999-0023HIGHpoc

Local user gains root privileges via buffer overflow in rdist, via lookup() function.

24 Jul 1996
7.2
CVSS
CVE-1999-0022HIGH

Local user gains root privileges via buffer overflow in rdist, via expstr() function.

3 Jul 1996
7.8
CVSS
CVE-1999-0078LOW

pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.

18 Apr 1996
1.9
CVSS
CVE-1999-0099CRITICAL

Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.

19 Oct 1995
10.0
CVSS
← PrevPage 1 / 1Next →