exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 376 RSS Feed

Operating System: BSD

tc Tor Chat Client
Posted Jan 9, 2024
Authored by fausto

tc is a low-tech free software to chat anonymously and ciphered over Tor circuits in PGP. Use it to protected your communication end-to-end with RSA/DSA encryption and keep yourself anonymously reachable by anyone who only knows your .onion address and your public key. All this and more in 2400 lines of C code that compile and run on BSD and Linux systems with an IRC like GUI. As this is a rolling release and does not have an official build yet, the prior version on Packet Storm was replaced with this updated code base.

tags | tool
systems | linux, unix, bsd
SHA-256 | bae7c904763360a82e8b3a4a6720b31c22f9c49b63eca777df474d4383d39f97
Juniper SRX Firewall / EX Switch Remote Code Execution
Posted Oct 2, 2023
Authored by Ron Bowes, Jacob Baines, jheysel-r7 | Site metasploit.com

This Metasploit module exploits a PHP environment variable manipulation vulnerability affecting Juniper SRX firewalls and EX switches. The affected Juniper devices running FreeBSD and every FreeBSD process can access their stdin by opening /dev/fd/0. The exploit also makes use of two useful PHP features. The first being auto_prepend_file which causes the provided file to be added using the require function. The second PHP function is allow_url_include which allows the use of URL-aware fopen wrappers. By enabling allow_url_include, the exploit can use any protocol wrapper with auto_prepend_file. The module then uses data:// to provide a file inline which includes the base64 encoded PHP payload. By default this exploit returns a session confined to a FreeBSD jail with limited functionality. There is a datastore option JAIL_BREAK, that when set to true, will steal the necessary tokens from a user authenticated to the J-Web application, in order to overwrite the root password hash. If there is no user authenticated to the J-Web application this method will not work. The module then authenticates with the new root password over SSH and then rewrites the original root password hash to /etc/master.passwd.

tags | exploit, web, root, php, protocol
systems | freebsd, bsd, juniper
advisories | CVE-2023-36845
SHA-256 | 23552b23e1cc0e2022181944f8894c8f7203e6893e7d1127561c3ffd867b9517
BDS FreeBSD KLD Rootkit
Posted Sep 22, 2023
Authored by bluedragonsec | Site bluedragonsec.com

BDS Freebsd KLD rootkit for FreeBSD 13 that hides files, hides processes, hides ports, and has a bind shell backdoor.

tags | tool, shell, rootkit
systems | unix, freebsd, bsd
SHA-256 | 9f6dc7f9bcc4c0f52a39a3c80657272125ec54dc594b44cc36889b2ff724d07c
Outline 1.6.0 Unquoted Service Path
Posted Mar 30, 2023
Authored by Karsten Konig, Milad Karimi

Outline version 1.6.0 suffers from an unquoted service path vulnerability.

tags | exploit, local, root
systems | freebsd, bsd
SHA-256 | c7fdf86fb00365bd53d570e0ff758cfd8ba014d2dce9b75b8d6db96e15e882ee
Human Resource Management System 1.0 SQL Injection
Posted Mar 30, 2023
Authored by Karsten Konig, Matthijs Van der Vaart

Human Resource Management System version 1.0 suffers from an unauthenticated remote SQL injection vulnerability.

tags | exploit, local, root, vulnerability
systems | freebsd, bsd
SHA-256 | 4f80b588a513bbcbb3b08d9782eb8b87aa9be2291590ff110ec8d9d5b3b889e5
Red Hat Security Advisory 2022-7639-01
Posted Nov 8, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7639-01 - OpenBLAS is an optimized BLAS library based on GotoBLAS2 1.13 BSD version. Issues addressed include an out of bounds read vulnerability.

tags | advisory
systems | linux, redhat, bsd
advisories | CVE-2021-4048
SHA-256 | 697295b42737de997789856b0dbda93e0ac6f9f32a91fa8390afc800614e01ef
FreeBSD 13.0 aio_aqueue Kernel Refcount Local Privilege Escalation
Posted Aug 18, 2022
Authored by Chris J-D | Site accessvector.net

FreeBSD versions 11.0 through 13.0 suffers from a local privilege escalation vulnerability via an aio_aqueue kernel refcount bug. This research post goes into great depth on how the researcher traversed the logic flow and achieved exploitability.

tags | exploit, paper, kernel, local
systems | freebsd, bsd
advisories | CVE-2022-23090
SHA-256 | 326b5e8f7907c92be98ab7e3ac35bb7766ebdf09bf20a0f1659fef3debf9aa56
FreeBSD ip6_setpktopt Use-After-Free Privilege Escalation
Posted Jul 31, 2020
Authored by Brendan Coles, Andy Nguyen | Site metasploit.com

This Metasploit module exploits a race and use-after-free vulnerability in the FreeBSD kernel IPv6 socket handling. A missing synchronization lock in the IPV6_2292PKTOPTIONS option handling in setsockopt permits racing ip6_setpktopt access to a freed ip6_pktopts struct. This exploit overwrites the ip6po_pktinfo pointer of a ip6_pktopts struct in freed memory to achieve arbitrary kernel read/write.

tags | exploit, arbitrary, kernel
systems | freebsd, bsd
advisories | CVE-2020-7457
SHA-256 | 00b0e1e6a5651af403765318e00556b0c8953f9ef2bbda38acb929b269045b6a
Sony PS4 / FreeBSD ip6_setpktopt Local Privilege Escalation
Posted Jul 7, 2020
Authored by TheFloW

Sony PS4 versions prior to 7.02 and FreeBSD versions 9 and 12 ip6_setpktopt kernel local privilege escalation proof of concept exploit.

tags | exploit, kernel, local, proof of concept
systems | freebsd, bsd
SHA-256 | aa0c602e1d16bd1c07fd735367383c0e4038bf3d25ff79c8ec71ab25d9f2b9f2
FreeBSD Security Advisory - FreeBSD-SA-20:03.thrmisc
Posted Jan 28, 2020
Authored by Ilja van Sprundel | Site security.freebsd.org

FreeBSD Security Advisory - The kernel can create a core dump file when a process crashes that contains process state, for debugging. Due to incorrect initialization of a stack data structure, up to 20 bytes of kernel data stored previously stored on the stack will be exposed to a crashing user process. Sensitive kernel data may be disclosed.

tags | advisory, kernel
systems | freebsd, bsd
advisories | CVE-2019-15875
SHA-256 | 178d5992a84290ac4a8dc6947197a0096dd8c410a6b2c14c552637e40cf2ff97
FreeBSD Security Advisory - FreeBSD-SA-20:02.ipsec
Posted Jan 28, 2020
Authored by Jean-Francois HREN | Site security.freebsd.org

FreeBSD Security Advisory - A missing check means that an attacker can reinject an old packet and it will be accepted and processed by the IPsec endpoint. The impact depends on the higher-level protocols in use over IPsec. For example, an attacker who can capture and inject packets could cause an action that was intentionally performed once to be repeated.

tags | advisory, protocol
systems | freebsd, bsd
advisories | CVE-2019-5613
SHA-256 | e5c1b2cd25568643f6713e1fd53907b388b7c12585108e84595b0c0c2ac91c36
FreeBSD Security Advisory - FreeBSD-SA-20:01.libfetch
Posted Jan 28, 2020
Authored by Duncan Overbruck | Site security.freebsd.org

FreeBSD Security Advisory - A programming error allows an attacker who can specify a URL with a username and/or password components to overflow libfetch(3) buffers. An attacker in control of the URL to be fetched (possibly via HTTP redirect) may cause a heap buffer overflow, resulting in program misbehavior or malicious code execution.

tags | advisory, web, overflow, code execution
systems | freebsd, bsd
advisories | CVE-2020-7450
SHA-256 | 58eb688b18a5f5586d60c4a6d426da578c845550c391c45bbf4d3e093091639e
FreeBSD fd Privilege Escalation
Posted Dec 30, 2019
Authored by Karsten Konig

Local root exploit for the FreeBSD fd vulnerability as disclosed in FreeBSD-SA-19:02.fd.

tags | exploit, local, root
systems | freebsd, bsd
advisories | CVE-2019-5596
SHA-256 | 05adfc97defa9b66032601dddbc7174d89d7c42893b3449bce122d3043b86df0
FreeBSD mqueuefs Privilege Escalation
Posted Dec 30, 2019
Authored by Karsten Konig

Local root exploit for the FreeBSD mqueuefs vulnerability as disclosed in FreeBSD-SA-19:15.mqueuefs.

tags | exploit, local, root
systems | freebsd, bsd
SHA-256 | 90adbf6571ee419b5720c2c77c09ae73c0b991d5356d6bf9cdef1949b5a67b6d
macOS Kernel wait_for_namespace_event() Race Condition / Use-After-Free
Posted Dec 18, 2019
Authored by Google Security Research, bazad

In the macOS kernel, the XNU function wait_for_namespace_event() in bsd/vfs/vfs_syscalls.c releases a file descriptor for use by userspace but may then subsequently destroy that file descriptor using fp_free(), which unconditionally frees the fileproc and fileglob. This opens up a race window during which the process could manipulate those objects while they're being freed. Exploitation requires root privileges.

tags | exploit, kernel, root
systems | bsd
SHA-256 | 6d4e9cc704a5f5bbb4de66537161f105b64b583414a93c0e902c25bb793772b5
FreeBSD Security Advisory - FreeBSD-SA-19:26.mcu
Posted Nov 12, 2019
Authored by InTeL | Site security.freebsd.org

FreeBSD Security Advisory - From time to time Intel releases new CPU microcode to address functional issues and security vulnerabilities. Such a release is also known as a Micro Code Update (MCU), and is a component of a broader Intel Platform Update (IPU). FreeBSD distributes CPU microcode via the devcpu-data port and package.

tags | advisory, vulnerability
systems | freebsd, bsd
advisories | CVE-2017-5715, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11135, CVE-2019-11139
SHA-256 | 23eef89d8eeb80cd7f3d30fda491fafe5e3fa0290ff6e657bb63731a35babb3c
FreeBSD Security Advisory - FreeBSD-SA-19:24.mqueuefs
Posted Aug 21, 2019
Authored by Karsten Konig | Site security.freebsd.org

FreeBSD Security Advisory - System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. A local user can use this flaw to obtain access to files, directories, sockets, etc., opened by processes owned by other users. If obtained struct file represents a directory from outside of user's jail, it can be used to access files outside of the jail. If the user in question is a jailed root they can obtain root privileges on the host system.

tags | advisory, overflow, local, root
systems | freebsd, bsd
advisories | CVE-2019-5603
SHA-256 | b8976c51a157ffad5c715c1c5e8e3c4be69500c550b1d9f9a9862cd2b065c512
FreeBSD Security Advisory - FreeBSD-SA-19:20.bsnmp
Posted Aug 6, 2019
Authored by Guido Vranken | Site security.freebsd.org

FreeBSD Security Advisory - A function extracting the length from type-length-value encoding is not properly validating the submitted length. A remote user could cause, for example, an out-of-bounds read, decoding of unrelated data, or trigger a crash of the software such as bsnmpd resulting in a denial of service.

tags | advisory, remote, denial of service
systems | freebsd, bsd
advisories | CVE-2019-5610
SHA-256 | f03bcb9feddf2d950ed61f77228c3a12e63a2a09995ac33ae2fea33ab21e623b
FreeBSD Security Advisory - FreeBSD-SA-19:17.fd
Posted Jul 25, 2019
Authored by Mark Johnston | Site security.freebsd.org

FreeBSD Security Advisory - If a process attempts to transmit rights over a UNIX-domain socket and an error causes the attempt to fail, references acquired on the rights are not released and are leaked. This bug can be used to cause the reference counter to wrap around and free the corresponding file structure. A local user can exploit the bug to gain root privileges or escape from a jail.

tags | advisory, local, root
systems | unix, freebsd, bsd
advisories | CVE-2019-5607
SHA-256 | ed0e020ba12b1dc01aa8d83590ac696a40d1fccad60067e1fb8300dfbb889466
FreeBSD Security Advisory - FreeBSD-SA-19:16.bhyve
Posted Jul 25, 2019
Authored by Reno Robert | Site security.freebsd.org

FreeBSD Security Advisory - The pci_xhci_device_doorbell() function does not validate the 'epid' and 'streamid' provided by the guest, leading to an out-of-bounds read. A misbehaving bhyve guest could crash the system or access memory that it should not be able to.

tags | advisory
systems | freebsd, bsd
advisories | CVE-2019-5604
SHA-256 | 22ddae49f77be04a48b0ef2c715801539b562f34653337c23b52f4f5dfa1668b
FreeBSD Security Advisory - FreeBSD-SA-19:15.mqueuefs
Posted Jul 25, 2019
Authored by Mateusz Guzik | Site security.freebsd.org

FreeBSD Security Advisory - System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. A local user can use this flaw to obtain access to files, directories, sockets etc. opened by processes owned by other users. If obtained struct file represents a directory from outside of user's jail, it can be used to access files outside of the jail. If the user in question is a jailed root they can obtain root privileges on the host system.

tags | advisory, overflow, local, root
systems | freebsd, bsd
advisories | CVE-2019-5603
SHA-256 | 489c8ae54e5e9d5645a9286ff4c958fe29ebf8eb10cfad1509a4f8ce2b45cf9e
FreeBSD Security Advisory - FreeBSD-SA-19:14.freebsd32
Posted Jul 25, 2019
Authored by Ilja van Sprundel | Site security.freebsd.org

FreeBSD Security Advisory - Due to insufficient initialization of memory copied to userland in the components listed above small amounts of kernel memory may be disclosed to userland processes. A user who can invoke 32-bit FreeBSD ioctls may be able to read the contents of small portions of kernel memory. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way; for example, a terminal buffer might include a user-entered password.

tags | advisory, kernel
systems | freebsd, bsd
advisories | CVE-2019-5605
SHA-256 | 0e0df08026cdde81c94f8a176b172a71c19e15379445944e64ecdd04b7315690
FreeBSD Security Advisory - FreeBSD-SA-19:13.pts
Posted Jul 25, 2019
Authored by syzkaller | Site security.freebsd.org

FreeBSD Security Advisory - The code which handles a close(2) of a descriptor created by posix_openpt(2) fails to undo the configuration which causes SIGIO to be raised. This bug can lead to a write-after-free of kernel memory. The bug permits malicious code to trigger a write-after-free, which may be used to gain root privileges or escape a jail.

tags | advisory, kernel, root
systems | freebsd, bsd, osx
advisories | CVE-2019-5606
SHA-256 | c20e2ba9892c896b4cdba0602e7caccb54edd10e2ab74a179baf8dc75414522d
FreeBSD Security Advisory - FreeBSD-SA-19:12.telnet
Posted Jul 24, 2019
Authored by Juniper Networks | Site security.freebsd.org

FreeBSD Security Advisory - Insufficient validation of environment variables in the telnet client supplied in FreeBSD can lead to stack-based buffer overflows. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client. Inbound telnet sessions to telnetd(8) are not affected by this issue. These buffer overflows may be triggered when connecting to a malicious server, or by an active attacker in the network path between the client and server. Specially crafted TELNET command sequences may cause the execution of arbitrary code with the privileges of the user invoking telnet(1).

tags | advisory, remote, overflow, arbitrary
systems | freebsd, bsd
advisories | CVE-2019-0053
SHA-256 | a289c2b38135f9f6339c9294178d141344dcea0087e3ea2bfa204b3700f119d5
FreeBSD Security Advisory - FreeBSD-SA-19:10.ufs
Posted Jul 3, 2019
Authored by David G. Lawrence | Site security.freebsd.org

FreeBSD Security Advisory - A bug causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding. This data can be viewed by any user with read access to the directory. Additionally, a malicious user with write access to a directory can cause up to 254 bytes of kernel stack memory to be exposed. Some amount of the kernel stack is disclosed and written out to the filesystem.

tags | advisory, kernel
systems | freebsd, bsd
advisories | CVE-2019-5601
SHA-256 | e8b30a3f33319307ddd94571cda888074a86c142e47d6d2f8d215c8258b22fd2
Page 1 of 16
Back12345Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    18 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    12 Files
  • 29
    May 29th
    31 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close