FreeBSD, NetBSD Security Vulnerabilities

CVE-2006-6165

ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is...

CVE-2006-6397

Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is...

Debian DLA-1664-1 : golang security update

It was discovered that there was a denial of service vulnerability or possibly even the ability to conduct private key recovery attacks within in the elliptic curve cryptography handling in the Go programming language libraries. For Debian 8 'Jessie', this issue has been fixed in golang version...

Operating System (OS) Detection (NTP)

Network Time Protocol (NTP) server based Operating System (OS) ...

Unix Operating System Unsupported Version Detection

According to its self-reported version number, the Unix operating system running on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security...

Debian DLA-1749-1 : golang security update

It was discovered that there was a CRLF injection attack in the Go programming language runtime library. Passing \r\n to http.NewRequest could allow execution of arbitrary HTTP headers or Redis commands. For Debian 8 'Jessie', this issue has been fixed in golang version 2:1.3.3-1+deb8u2. We...

tnftpd 'ftp://' CSRF Vulnerability

tnftpd server is prone to a cross-site request forgery (CSRF)...

Operating System (OS) Detection (ICMP)

ICMP based OS fingerprinting /...

Unix Software Discovery Command Checks

Nessus plugins run OS commands locally on the target host to discover and characterize software that is not managed by the target operating system. This plugin runs those commands over SSH to determine whether there is any problem that might prevent the successful discovery of unmanaged software...

Operating System (OS) Detection (SNMP)

SNMP sysDescr based Operating System (OS)...

CVE-2022-39028

telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd...

CVE-2006-6397

Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is...

CVE-2006-6165

ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is...

CVE-2009-0601

Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment...

Operating System (OS) Detection (Telnet)

Telnet banner based Operating System (OS)...

SUSE: Security Advisory (SUSE-SU-2024:1508-1)

The remote host is missing an update for...

whoami stack buffer overflow on several Unix platforms

With versions of the whoami crate >= 0.5.3 and < 1.5.0, calling any of these functions leads to an immediate stack buffer overflow on illumos and Solaris: whoami::username whoami::realname whoami::username_os whoami::realname_os With versions of the whoami crate >= 0.5.3 and < 1.0.1, ca...

Stack buffer overflow with whoami on several Unix platforms

With versions of the whoami crate >= 0.5.3 and < 1.5.0, calling any of these functions leads to an immediate stack buffer overflow on illumos and Solaris: whoami::username whoami::realname whoami::username_os whoami::realname_os With versions of the whoami crate >= 0.5.3 and < 1.0.1, ca...

NewStart CGSL CORE 5.04 / MAIN 5.04 : openssh Multiple Vulnerabilities (NS-SA-2019-0036)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssh packages installed that are affected by multiple vulnerabilities: scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are...

whoami stack buffer overflow on several Unix platforms

With versions of the whoami crate >= 0.5.3 and < 1.5.0, calling any of these functions leads to an immediate stack buffer overflow on illumos and Solaris: whoami::username whoami::realname whoami::username_os whoami::realname_os With versions of the whoami crate >= 0.5.3 and < 1.0.1, ca...

Operating System (OS) Detection (FTP)

FTP banner based Operating System (OS)...

Operating System (OS) Detection (HTTP)

HTTP based OS detection from the HTTP/PHP banner or default test ...

CVE-2008-2476

The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows...

CVE-2011-0419

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android,...

PlayStation: Remote vulnerabilities in spp

Summary A malicious PPPoE server can cause denial-of-service or potentially remote code execution in kernel context on the PS4/PS5. Heap buffer overwrite and overread in sppp_lcp_RCR and sppp_ipcp_RCR For some reason, the PS4/PS5 is vulnerable to CVE-2006-4304. By having invalid options, it is...

EulerOS 2.0 SP2 : libXfont (EulerOS-SA-2019-2357)

According to the versions of the libXfont package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2)...

OpenSSH < 5.9 Multiple DoS

According to its banner, the version of OpenSSH running on the remote host is prior to version 5.9. Such versions are affected by multiple denial of service vulnerabilities : A denial of service vulnerability exists in the gss-serv.c 'ssh_gssapi_parse_ename' function. A remote attacker...

Post-scan OS Identification

This plugin processes and reports on system information about the remote host detected by other plugins. This information is used by Tenable products for informational and tracking purposes. The main asset attributes processed in this plugin include: - OS - DNS Names - IP Address - MAC...

Determine OS and list of installed packages via SSH login

This script will, if given a userid/password or key to the remote system, login to that system, determine the OS it is running, and for supported systems, extract the list of installed...

Linux kernel on Intel systems is susceptible to Spectre v2 attacks

Overview A new cross-privilege Spectre v2 vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. CPU hardware utilizing speculative execution that are vulnerable to Spectre v2 branch history injection (BHI) are likely affected. An unauthenticated.....

RHEL 5 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c ...

IKEv1 Main Mode vulnerable to brute force attacks

Overview Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Description The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. (CVE-2018-5389) It is well known, that the aggressive mode of IKEv1 PSK is...

CVE-2002-1915

tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog...

CVE-2009-3563

ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two...

CVE-2009-3563

ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two...

SUSE SLES12 Security Update : python-cffi, python-cryptography, python-xattr (SUSE-SU-2020:0790-1)

This update for python-cffi, python-cryptography and python-xattr fixes the following issues : Security issue fixed : CVE-2018-10903: Fixed GCM tag forgery via truncated tag in finalize_with_tag API (bsc#1101820). Non-security issues fixed : python-cffi was updated to 1.11.2 (bsc#1138748,...

HTTP/2 CONTINUATION frames can be utilized for DoS attacks

Overview HTTP allows messages to include named fields in both header and trailer sections. These header and trailer fields are serialised as field blocks in HTTP/2, so that they can be transmitted in multiple fragments to the target implementation. Many HTTP/2 implementations do not properly limit....

RHEL 6 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver (CVE-2017-12762) kernel: lack of port...

OS Identification : Unix uname

This script attempts to identify the Operating System type and version by looking at the data returned by 'uname...

Mandriva Security Advisory MDVSA-2009:330 (kdelibs)

The remote host is missing an update to kdelibs announced via advisory...

FTPD glob Heap Corruption

The FTPD glob vulnerability manifests itself in handling of the glob command. The problem is not a typical buffer overflow or format string vulnerability, but a combination of two bugs: an implementation of the glob command that does not properly return an error condition when interpreting...