what you don't know can hurt you
Showing 1 - 25 of 254 RSS Feed

Files

FreeBSD Security Advisory 2006.23
Posted Oct 4, 2006
Authored by The FreeBSD Project | Site security.FreeBSD.org

FreeBSD Security Advisory: Multiple problems in crypto(3) [revised]

tags | crypto
systems | freebsd
MD5 | 60c7185cf42783788adfe98d69d8c473
FreeBSD-SA-06-23.openssl.txt
Posted Oct 4, 2006
Site freebsd.org

FreeBSD Security Advisory: Multiple problems in crypto(3)

tags | crypto
systems | freebsd
MD5 | d6e58d7e1bd57fb91fc562d092c9cb67
FreeBSD-SA-06-20.bind.txt
Posted Sep 8, 2006
Site freebsd.org

FreeBSD Security Advisory - BIND 9 suffers from multiple denial of service vulnerabilities.

tags | denial of service, vulnerability
systems | freebsd
advisories | CVE-2006-4095, CVE-2006-4096
MD5 | 8417e3c29fcdaa164cdf36aa7fc72fa1
FreeBSD-SA-06-19.openssl.txt
Posted Sep 8, 2006
Site freebsd.org

FreeBSD Security Advisory - When verifying a PKCS#1 version 1.5 signature, OpenSSL ignores any bytes which follow the cryptographic hash being signed. In a valid signature there will be no such bytes.

systems | freebsd
advisories | CVE-2006-4339
MD5 | 566eca5458df286607558cd7ea7fe723
FreeBSD-SA-06-08.ppp.txt
Posted Aug 28, 2006
Site freebsd.org

FreeBSD Security Advisory - While processing Link Control Protocol (LCP) configuration options received from the remote host, ppp fails to correctly validate option lengths. This may result in data being read or written beyond the allocated kernel memory buffer.

tags | remote, kernel, protocol
systems | freebsd
advisories | CVE-2006-4304
MD5 | e2f563d2dd4b544cc0d5325972985e5e
FreeBSD-SA-06-16.smbfs.txt
Posted Jun 1, 2006
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-06:16.smbfs: smbfs does not properly sanitize paths containing a backslash character; in particular the directory name '..\' is interpreted as the parent directory by the SMB/CIFS server, but smbfs handles it in the same manner as any other directory.

systems | freebsd
MD5 | 6b5fe29e9c5f65d1e385ac5d1c9cce4b
FreeBSD-SA-06-15.ypserv.txt
Posted Jun 1, 2006
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-06:15.ypserv: There are two documented methods of restricting access to NIS maps through ypserv(8): through the use of the /var/yp/securenets file, and through the /etc/hosts.allow file. While both mechanisms are implemented in the server, a change in the build process caused the "securenets" access restrictions to be inadvertently disabled.

systems | freebsd
MD5 | 29a262f243bd13cb49baa342002bac1c
FreeBSD-SA-06-14.fpu.txt
Posted Apr 26, 2006
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-06:14.fpu - FPU information disclosure: On affected processors, a local attacker can monitor the execution path of a process which uses floating-point operations. This may allow an attacker to steal cryptographic keys or other sensitive information.

tags | local, info disclosure
systems | freebsd
MD5 | d416397c0cde6ec1455f60ec239ed5c6
FreeBSD-SA-06-13.sendmail.txt
Posted Mar 23, 2006
Site freebsd.org

FreeBSD-SA-06:13.sendmail - A remote attacker may be able to execute arbitrary code with the privileges of the user running sendmail, typically root.

tags | remote, arbitrary, root
systems | freebsd
MD5 | 6c86c0c2dcd02084ebd0b9cb562865c3
FreeBSD-SA-06-12.opie.txt
Posted Mar 23, 2006
Site freebsd.org

FreeBSD-SA-06:12.opie - The opiepasswd(1) program uses getlogin(2) to identify the user calling opiepasswd(1). In some circumstances getlogin(2) will return "root" even when running as an unprivileged user. This causes opiepasswd(1) to allow an unpriviled user to configure OPIE authentication for the root user.

tags | root
systems | freebsd
MD5 | a879cb7f04f38109a9c6770703b3deab
FreeBSD-SA-06-11.ipsec.txt
Posted Mar 23, 2006
Site freebsd.org

FreeBSD-SA-06:11.ipsec - An attacker able to to intercept IPSec packets can replay them. If higher level protocols which do not provide any protection against packet replays (e.g., UDP) are used, this may have a variety of effects.

tags | udp, protocol
systems | freebsd
MD5 | 00eb28e85d0a0489882135b4ee99b007
FreeBSD-SA-06-07.pf.txt
Posted Jan 26, 2006
Site freebsd.org

FreeBSD-SA-06:07.pf - IP fragment handling panic in pf(4)

systems | freebsd
MD5 | f2ff92106829bc72041425d6489cb82d
FreeBSD-SA-06-06.kmem.txt
Posted Jan 26, 2006
Site freebsd.org

FreeBSD-SA-06:06.kmem - Local kernel memory disclosure.

tags | kernel, local
systems | freebsd
MD5 | c0be0dc046041baf3b8db0b2bb86d1ba
FreeBSD-SA-06-05.txt
Posted Jan 25, 2006
Site freebsd.org

FreeBSD-SA-06:05.80211 - An integer overflow in the handling of corrupt IEEE 802.11 beacon or probe response frames when scanning for existing wireless networks can result in the frame overflowing a buffer.

tags | overflow
systems | freebsd
MD5 | 4d1a3110984d5ddd807e56852b3fd6ba
FreeBSD-SA-05-20.cvsbug.txt
Posted Sep 8, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05-20.cvsbug - A temporary file is created, used, deleted, and then re-created with the same name. This creates a window during which an attacker could replace the file with a link to another file.

systems | freebsd
advisories | CVE-2005-2693
MD5 | 144795693624779ec7d30b825746ea02
FreeBSD-SA-05-04.iconf.txt
Posted Apr 24, 2005
Site freebsd.org

The SIOCGIFCONF ioctl, used to request the kernel to produce a list of interfaces, can be exploited to reveal 12 bytes of memory. It is not at all guaranteed that this memory will contain anything interesting.

tags | kernel
systems | freebsd
MD5 | 66eb4676bc3cd1b2175f219366017011
FreeBSD Security Advisory 2003.18
Posted Oct 21, 2003
Authored by The FreeBSD Project | Site freebsd.org

OpenSSL below v0.9.7c contain remotely exploitable vulnerabilities. More information available here.

tags | vulnerability
systems | freebsd
MD5 | ed545da67a8f598d19279038ec39de28
FreeBSD Security Advisory 2003.7
Posted Apr 1, 2003
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-03:07 - A second remotely exploitable overflow was found in Sendmail header parsing. Upgrade to 8.12.9 to fix the vulnerability. Patch available here.

tags | overflow
systems | freebsd
MD5 | 454fb0ba212f0f2c02a50a53699667f4
FreeBSD Security Advisory 2003.4
Posted Mar 3, 2003
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail - ISS has identified a buffer overflow that may occur during header parsing in all versions of sendmail after version 5.79 through v8.12.7. Patch available here.

tags | overflow
systems | freebsd
MD5 | 282a5839a77da73bf290adf649ac1a1c
FreeBSD Security Advisory 2003.2
Posted Feb 26, 2003
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-03:02 Version 1.1 - OpenSSL v0.9.6h and below contains a timing-based vulnerability in CBC ciphersuites in SSL and TLS which can recover fixed plaintext blocks, like a password.

Changes: Updated patches; corrected URLs.
systems | freebsd
MD5 | 8c581cda70ad432693cef8f9ee3def2e
FreeBSD Security Advisory 2003.3
Posted Feb 25, 2003
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-03:03 - The FreeBSD syncookie implementation uses keys that are only 32 bits in length, allowing remote attackers to recover the ISN, which can be valid for up to four seconds, allowing ACL's to be bypassed and TCP connections forged. syncookies may be disabled using the 'net.inet.tcp.syncookies' sysctl(8) by running the following command as root: "sysctl net.inet.tcp.syncookies=0".

tags | remote, root, tcp
systems | freebsd
MD5 | c63d88b8c3ba56ae9ba89de75ec0918e
FreeBSD Security Advisory 2003.1
Posted Feb 5, 2003
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-03:01 - It has been found that the CVS server can be tricked to free memory more then once, which can be used for remote code execution. Additionally, the CVS server allowed clients with write access to specify arbitrary commands to execute as part of an update (update-prog) or commit (checkin-prog). This behavior has been restricted. This affects all FreeBSD versions prior to 4.6-RELEASE-p7, 4.7-RELEASE-p4 and 5.0-RELEASE-p1.

tags | remote, arbitrary, code execution
systems | freebsd
MD5 | ccd2161dff5274f9b0a3ec177c73b23e
FreeBSD Security Advisory 2002.44
Posted Jan 9, 2003
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-02:44 - FreeBSD 4.3 and later is vulnerable to a local denial service attack due to a bug in the fpathconf system call which crashes the system by repeatedly calling fpathconf on a file descriptor until the reference count wraps to a negative value, then closing the file descriptor. See Pine-cert-20030101.txt for more information.

tags | local
systems | freebsd
MD5 | afc45e10c1049f4c6192cae828f02f2d
FreeBSD Security Advisory 2002.43
Posted Nov 19, 2002
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-02:43.bind - BIND 8 has two vulnerabilities. The BIND SIG Cached RR overflow allows a remote attacker to force a server with recursion enabled to execute arbitrary code with the privileges of the name server process. The BIND OPT DoS and BIND SIG Expiry Time DoS may cause a remote name server to crash.

tags | remote, overflow, arbitrary, vulnerability
systems | freebsd
MD5 | 692cf77764884df59e8d5338ab9fa59f
FreeBSD Security Advisory 2002.41
Posted Nov 17, 2002
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-02:41 - The sendmail Restricted Shell command (smrsh) contains errors in the handling of command arguments with "||" or spaces which allow the execution of commands outside of those in its target directory. Since command arguments may be specified in local users' .forward' files, the smrsh restrictions may be bypassed using such files that are specially crafted.

tags | shell, local
systems | freebsd
MD5 | 56bc24cb1514d9e5c1f70e9ad3458284
Page 1 of 11
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Millions Of High Security Crypto Keys Crippled By Newly Discovered Flaw
Posted Oct 16, 2017

tags | headline, flaw, cryptography
Pizza Hut Latest To Be Hit In Card Data Breach
Posted Oct 16, 2017

tags | headline, hacker, privacy, bank, cybercrime, data loss, fraud
Artificial Intelligence - Hype, Hope, And Fear
Posted Oct 16, 2017

tags | headline, botnet, cyberwar
KRACK Attacks: Breaking WPA2 By Forcing Nonce Reuse
Posted Oct 16, 2017

tags | headline, privacy, phone, wireless, flaw, cryptography
Even Pokemon Go Was Used By Russia To Meddle In The Election
Posted Oct 13, 2017

tags | headline, government, usa, russia, cyberwar
US Voices Frustration With Warrant-Proof Encryption
Posted Oct 13, 2017

tags | headline, government, privacy, usa, cryptography
An Unknown Hacker Stole Sensitive Data On Australia's War Planes
Posted Oct 13, 2017

tags | headline, hacker, government, australia, data loss, cyberwar
Legacy Office Feature Used In Novel Document Attacks
Posted Oct 13, 2017

tags | headline, hacker, malware, microsoft, flaw
Equifax Rival TransUnion Also Sends Site Visitors To Malicious Pages
Posted Oct 12, 2017

tags | headline, malware
The Myth Of Responsible Encryption: Experts Say It Can't Work
Posted Oct 12, 2017

tags | headline, government, backdoor, cryptography
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close