CVE-2000-0440
published 2000-05-01CVE-2000-0440: NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option.
PriorityP417medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
3.24%
86.7th percentile
NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| chrome_chrome | — | — | |
| netbsd | netbsd | — | — |
| netbsd | netbsd | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3fw7-2f85-c369: NetBSD 1
ghsa_unreviewed·2022-05-03
CVE-2000-0440 [MEDIUM] GHSA-3fw7-2f85-c369: NetBSD 1
NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option.
Chrome
Stable Channel Update for Desktop: CVE-2025-0440
vendor_chrome·2025-01-14·CVSS 6.5
CVE-2025-0440 [MEDIUM] Stable Channel Update for Desktop: CVE-2025-0440
Stable Channel Update for Desktop
CVE-2025-0440: Inappropriate implementation in Fullscreen. Reported by Umar Farooq on 2023-07-22 [$2000][ 368628042 ] Medium CVE-2025-0441: Inappropriate implementation in Fenced Frames
Reported by someoneverycurious on 2024-09-21 [$2000][ 40940854 ] Medium CVE-2025-0442: Inappropriate implementation in Payments
Severity: medium
No detection rules found.
Exploit-DB
LICQ 0.85/1.0.1/1.0.2 - Remote Buffer Overflow
exploitdb·2000-12-26
CVE-2001-0440 LICQ 0.85/1.0.1/1.0.2 - Remote Buffer Overflow
LICQ 0.85/1.0.1/1.0.2 - Remote Buffer Overflow
---
// source: https://www.securityfocus.com/bid/2406/info
At least one version of LICQ is vulnerable to a remote buffer overflow. By sending many characters (12000-16000) to the port on which LICQ is listening, an attacker can cause excessive data to be copied onto the stack and overwrite critical parts of the stack frame such as the calling functions' return address. Since this data is supplied by the user it can alter the program's flow of execution.
/*
* Name: Licqkill.c
* Author: Stan Bubrouski
* Date: December 26, 2000
* Description: Licq will crash when 16707 or more characters are sent to the port
* Licq is listening on. Finding the port Licq is running on is pretty
* simple because by default it starts using ports around 1100 or s
Exploit-DB
FreeBSD 3.4/4.0/5.0 / NetBSD 1.4 - Unaligned IP Option Denial of Service
exploitdb·2000-05-04
CVE-2000-0440 FreeBSD 3.4/4.0/5.0 / NetBSD 1.4 - Unaligned IP Option Denial of Service
FreeBSD 3.4/4.0/5.0 / NetBSD 1.4 - Unaligned IP Option Denial of Service
---
// source: https://www.securityfocus.com/bid/1173/info
A vulnerability exists in the 1.4.x NetBSD kernel that may allow remote attackers to cause the machine to kernel panic on certain architectures. By sending a packet to a machine running the Alpha or SPARC versions of NetBSD, with an unaligned IP timestamp option, it is possible to cause the kernel to perform an unaligned memory access. This will cause a panic, causing the machine to reboot.
x86 and arm32 platforms have a similar bug. However, as both of these architectures can perform unaligned memory accesses, this vulnerability does not cause them to panic.
It was later determined that FreeBSD, a 4.xBSD derivative like NetBSD, is also vulnerable to this
No writeups or analysis indexed.
ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-002.txt.aschttp://archives.neohapsis.com/archives/bugtraq/2000-05/0088.htmlhttp://www.securityfocus.com/bid/1173ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-002.txt.aschttp://archives.neohapsis.com/archives/bugtraq/2000-05/0088.htmlhttp://www.securityfocus.com/bid/1173
2000-05-01
Published