FreeBSD Security Advisory FreeBSD-SA-01:59 - The infrequently used rmuser command exposes the master.passwd file to all users for an instant.
45d58a81cf33c8b0c5bbeb03f86e5520d0c454827c9ad2b0ea45917766b6295fFreeBSD Security Advisory FreeBSD-SA-01:58 - Users on the local machine or on remote systems which are allowed to access the local line printer daemon may be able to cause a buffer overflow. Submitting a specially-crafted incomplete print job and subsequently requesting a display of the printer queue, a static buffer overflow may be triggered, causing arbitrary code to be executed on the machine as root. In order to remotely exploit this vulnerability, the remote machine must be given access to the local printer daemon via a hostname entry in /etc/hosts.lpd or /etc/hosts.equiv. lpd is not enabled on FreeBSD by default.
840cb12218a791d933dd62c507535a88975344fe0b8c5ee583d5b7dd5bcfc089FreeBSD Security Advisory FreeBSD-SA-01:57 - Sendmail contains an input validation error which may lead to the execution of arbitrary code as root by local users. Upgrade to 8.11.6.
bed188af5bfdd7efb668c67329a344bdb8e00d1441d38cbf72f74b9170f6eafbFreeBSD Security Advisory FreeBSD-SA-01:56 - Tcp_wrappers PARANOID option was not properly implemented and did not provide any more protection than regular host ACL's. This allows an attacker that can influence the results of reverse DNS lookups to get away with providing false information in his dns server.
ad80e6faf5a6c9ffb38faa496b3545f0d0fe76f6e412914ac56ca0b2f075ab46FreeBSD Security Advisory FreeBSD-SA-01:55 - The FreeBSD procfs can leak the memory of protected programs, including password hashes. The procfs code checks for gid kmem privilege when granting access to the /proc/<pid>/mem file - however, the code which is used to allow read-only access via the kmem group was incorrect, and inappropriately granted read access to the caller as long as they already had an open file descriptor for the procfs mem file. All released versions of FreeBSD 4.x including FreeBSD 4.3-RELEASE are vulnerable to this problem if the procfs filesystem is in use.
0a288600619eeb1888a92b14ed7fd19618b8ff990063c47f632e1cbb3627cff2FreeBSD Security Advisory FreeBSD-SA-01:54 - Three optional 3rd party telnetd daemons included in the FreeBSD ports collection have remote root vulnerabilities. They are MIT Kerberos V (security/krb5) prior to version 1.2.2_2, Heimdal (security/heimdal) prior to version 0.4b_1, and SSLtelnet (net/SSLtelnet) (not fixed yet).
e5956729554912a4ae3d2e89e5e280809207c76fef37e6bedae7efacadce2c90FreeBSD Security Advisory FreeBSD-SA-01:53 - Ipfw "me" rules sometimes pass more packets than the administrator realizes when used in conjunction with point-to-point interfaces. Do not use ipfw me, instead give explicit IP addresses.
a2d87cb7ab8f828d0959d0a851d6ddc776013123d5d1775133168ef5b53cc05dFreeBSD Security Advisory FreeBSD-SA-01:40 - The fts routines are vulnerable to a race condition when ascending a file hierarchy, which allows an attacker who has control over part of the hierarchy into which fts is descending to cause the application to ascend beyond the starting point of the file traversal, and enter other parts of the filesystem. If the fts routines are being used by an application to perform operations on the filesystem hierarchy, such as find(1) with a keyword such as -exec or -delete, or rm(1) with the -r flag, these operations can be incorrectly applied to files outside the intended hierarchy, which may result in system damage or compromise. All versions of FreeBSD prior to the correction date including 4.3-RELEASE are vulnerable to this problem.
1087d9a7ee3c61a0c63ce3f436fd87e2a0503f1603655ffc14376ef19a967eb0FreeBSD Security Advisory FreeBSD-SA-01:52 - Remote users may be able to prevent a FreeBSD system from communicating with other systems on the network by transmitting large numbers of fragmented IPv4 datagrams. For the attack to be effective, the attacker must have a high-bandwidth connection to the target system. IP datagram fragments destined to the target system will be queued for 30 seconds, to allow fragmented datagrams to be reassembled. There was no upper limit in the number of reassembly queues. Therefore, a malicious party may be able to transmit a lot of bogus fragmented datagrams (with different IPv4 identification field) and cause the target system to exhaust its mbuf pool, preventing further network traffic processing or generation while the starvation condition continues.
2972addf4a608d78056fb160604edc584e28bdaa94b04465877d6a8a8703c371FreeBSD Security Advisory FreeBSD-SA-01_50 - The windowmaker ports, versions prior to windowmaker-0.65.0_2 and windowmaker-i18n-0.65.0_1, contain a potentially exploitable buffer overflow when displaying a very long window title in the window list menu. Since programs such as web browsers will include the contents of a webpage's title tag in window titles, this problem may allow authors of malicious webpages to cause windowmaker to crash and potentially execute arbitrary code as the user running windowmaker.
f5f9cbaff9ebb65ced3a13b3c86bdd040d1610658fabba9d5dff8d9042bfe8e7FreeBSD Security Advisory FreeBSD-SA-01:49 - An overflowable buffer was found in the version of telnetd included with FreeBSD. Due to incorrect bounds checking of data buffered for output to the remote client, an attacker can cause the telnetd process to overflow the buffer and crash, or execute arbitrary code as the user running telnetd, usually root. A valid user account and password is not required to exploit this vulnerability, only the ability to connect to a telnetd server. The telnetd service is enabled by default on all FreeBSD installations if the 'high' security setting is not selected at install-time. This vulnerability is known to be exploitable, and is being actively exploited in the wild. All released versions of FreeBSD prior to the correction date including 3.5.1-RELEASE and 4.3-RELEASE are vulnerable to this problem.
9c1445cec7a0d6ec09dada59a4d65d65632fc6cb6348d8ffeb707e4260bb06b7FreeBSD Security Advisory FreeBSD-SA-01:48 - An overflowable buffer was found in the version of tcpdump included with FreeBSD 4.x. Due to incorrect string length handling in the decoding of AFS RPC packets, a remote user may be able to overflow a buffer causing the local tcpdump process to crash. In addition, it may be possible to execute arbitrary code with the privileges of the user running tcpdump, often root.
9a822bec0fcd7051f39647d8d5f8c4fdefd0fa597a5a930cbfe8581b2738de6fFreeBSD Security Advisory FreeBSD-SA-01:47 - The xinetd port, versions prior to xinetd-2.3.0, contains a potentially exploitable buffer overflow in the logging routines. If xinetd is configured to log the userid of remote clients obtained via the RFC1413 ident service, a remote user may be able to cause xinetd to crash by returning a specially-crafted ident response. This may also potentially execute arbitrary code as the user running xinetd, normally root.
eccfcea8d2ee4eab56c39fb1af4bb79cb8e037169f4831c3514d687c16af83b4FreeBSD Security Advisory FreeBSD-SA-01:46 - The w3m port, versions prior to w3m-0.2.1_1, contains a buffer overflow in the parsing of MIME headers. A malicious server which is visited by a user with the w3m browser can exploit the browser security holes in order to execute arbitrary code on the local machine as the local user.
e0a43372bad9d7749bdcf363380729a9a5451d15ef8149646d3b8984982832b2FreeBSD Security Advisory FreeBSD-SA-01_45 - The samba ports, versions prior to samba-2.0.10, samba-devel-2.2.0a, and ja-samba-2.0.9.j1.0_1, fail to properly validate NetBIOS names. Sending a specially crafted NetBIOS name containing unix path characters, a remote user may be able to cause the samba server to write the log files to arbitrary locations on the local filesystems.
c3e99512614ab0dff34a38b9cfb9ed1f616023df53de84a83f02728b336d9ec3FreeBSD Security Advisory FreeBSD-SA-01:44 - The gnupg port, versions prior to gnupg-1.0.6, contains a format string vulnerability. If gnupg attempts to decrypt a file whose filename does not end in '.gpg', the filename is copied to the prompt string, allowing a user-supplied format string. This may allow a malicious user to cause arbitrary code to be executed as the user running gnupg.
30fcf073612ca484650733359c5dc934eb0bca1ab927c014077ef1b77b09da2fFreeBSD Security Advisory FreeBSD-SA-01:43 - The fetchmail port, versions prior to fetchmail-5.8.6, contains a potentially exploitable buffer overflow when rewriting headers longer than 512 bytes. This problem may allow remote users to cause fetchmail to crash and potentially execute arbitrary code as the user running fetchmail.
0ce42eb29df0ee11755da8eb304904f95adb31e6e6856b57c3c372a659305744FreeBSD Security Advisory FreeBSD-SA-01:42 - A flaw exists in FreeBSD signal handler clearing that would allow for some signal handlers to remain in effect after the exec. Most of the signals were cleared, but some signal handlers were not. This allowed an attacker to execute arbitrary code in the context of a setuid binary. All versions of 4.x prior to the correction date including and 4.3-RELEASE are vulnerable to this problem.
e5355fe831c6a5d26c53474d7ecbf52ae5441d2812933d8a8e46f1f1e1730760FreeBSD Security Advisory FreeBSD-SA-01:41 - The hanterm binary is installed with setuid root permissions, but contains insecure code which allows unprivileged local users to obtain root access on the local system.
61c26ff5be9c094bd4598f02b374f1f3a82a7d93409d3b8d57c3e0d82b1d810cFreeBSD Security Advisory FreeBSD-SA-01:51.openssl - OpenSSL prior to v0.9.6b contains random number errors which allow the key to be computed. An attack taking advantage of this flaw has been identified that can recover the complete state of the PRNG from the output of one carefully sized PRNG request followed by a few hundred consecutive 1-byte PRNG requests.
241b617fae5c8dd7ddf0074d818f8e3e8a95d8944af97aa6cf25faa8b300157eFreeBSD Security Advisory FreeBSD-SA-01:39.tcp-isn - FreeBSD systems prior to 4.3-RELEASE contain vulnerabilities in the TCP ISN's. Protocols which authenticate solely based on IP address are vulnerable to blind spoofing attacks.
700f3059198dd27dcf3b53b265bad6f0fc17a276e98cf8ee1f2a96aa3ccd7ba9FreeBSD Security Advisory FreeBSD-SA-01:38.sudo - The sudo port, versions prior to sudo-1.6.3.7, contains a local command-line buffer overflow allowing local users to gain root privileges on the local system.
ee17e318cbfabdca5e6419afbcd93bf8c6e4b3fa76924d4ad7175977535f0963FreeBSD Security Advisory FreeBSD-SA-01:37.slrn - The slrn port, versions prior to slrn-0.9.7.0, contains a buffer overflow in the wrapping/unwrapping functions of message header parsing. If a sufficiently long header is parsed, a buffer may overflow allowing the execution of arbitrary code contained in a message header as the user running the slrn program.
10eadabec9a8b1d16ad4939869c7126222596ddd4abf6d163d490a36532df582FreeBSD Security Advisory FreeBSD-SA-01:36.samba - The samba ports, versions prior to samba-2.0.8 and samba-devel-2.2.0, contain /tmp races that may allow local users to cause arbitrary files and devices to be overwritten. Due to easily predictable printer queue cache file names, local users may create symbolic links to any file or device causing it to be corrupted when a remote user accesses a printer. In addition, the file will be left with world writable permission allowing any user to enter their own data.
83fe638951363ccd0063fc9691856f2ac00bfa75e1104a56acf4148f8d68d5c3FreeBSD Security Advisory FreeBSD-SA-01:35.licq - The licq port, versions prior to 1.0.3, contains a vulnerability in URL parsing. URLs received by the licq program are passed to the web browser using the system() function. Since licq performs no sanity checking, a remote attacker will be able to pipe commands contained in the URL causing the client to execute arbitrary commands.
aaa396a811cf768bab9589ce4c8251c23bc9dac97e476c3e35b94efa6a51e522
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed