FreeBSD Security Advisory FreeBSD-SA-01:34 - The hylafax port, versions prior to hylafax-4.1.b2_2, contains a format string bug in the hfaxd program. A local user may execute the hfaxd program with command-line arguments containing format string characters, gaining root privileges on the local system.
e2e3043bd622200fe9ab2ce74472e03447529ab973b612d2bc4f89be0afbfad5FreeBSD Security Advisory FreeBSD-SA-01:33 - The glob() function contains buffer overflows that are exploitable through the FTP daemon. If a directory with a name of a certain length is present, a remote user specifying a pathname using globbing characters may cause arbitrary code to be executed on the FTP server as user running ftpd, usually root. Additionally, when given a path containing numerous globbing characters, the glob() functions may consume significant system resources when expanding the path. This can be controlled by setting user limits via /etc/login.conf and setting limits on globbing expansion.
8aea5ad4592fa0042500e15dc47d91bc6db21f66c3891d0fd68df72d09b94fe3FreeBSD Security Advisory FreeBSD-SA-01:32.ipfilter - When matching a packet fragment, insufficient checks were performed to ensure the fragment is valid. In addition, the fragment cache is checked before any rules are checked. Even if all fragments are blocked with a rule, fragment cache entries can be created by packets that match currently held state information. Because of these discrepancies, certain packets may bypass filtering rules. All versions of FreeBSD prior to the correction date, including FreeBSD 3.5.1 and 4.2, contain this problem.
676d7b34644214514010b70aa759e96c9a540b745e87d5da8d0d7e0854b95fb7FreeBSD Security Advisory FreeBSD-SA-01:31.ntpd - An overflowable buffer exists in the ntpd daemon related to the building of a response for a query with a large readvar argument. Due to insufficient bounds checking, a remote attacker may be able to cause arbitrary code to be executed as the user running the ntpd daemon, usually root. All versions of FreeBSD prior to the correction date, including FreeBSD 3.5.1 and 4.2, and versions of the ntpd port prior to ntp-4.0.99k_2 contain this problem.
db62a64df5fc4a1f4b35e133e3e769d11a44d1101cdb9842fc7edcb3682a6e2cFreeBSD Security Advisory FreeBSD-SA-01:30.ufs-ext2fs - A bug in the UFS filesystem allows users to obtain access to areas of the filesystem containing data from deleted files. The filesystem code is supposed to ensure that all filesystem blocks are zeroed before becoming available to user processes, but in a certain specific case this zeroing does not occur, and unzeroed blocks are passed to the user with their previous contents intact. Thus, if the block contains data which used to be part of a file or directory to which the user did not have access, the operation results in unauthorized access of data.
28062553c3721f91be4f08810986bf91bc9a87a82efa87d05c91000b3619552cFreeBSD Security Advisory FreeBSD-SA-01:29.rwhod - Malformed packets sent to the rwhod daemon via UDP port 513 could cause it to crash, thereby denying service to clients.
d0e5626fc0a114aca4d206ed884b059d29eb84f5db39bad6f452ffdbbdb3ec07FreeBSD Security Advisory FreeBSD-SA-01:28 - Malformed packets sent to the timed daemon on UDP port 525 could cause it to crash, thereby denying service to clients.
4b53ee36f6fd34c4b54d687a1dac18792fc95ea30d370ff8f2d80275bbbe55ffFreeBSD Security Advisory FreeBSD-SA-01:27 - The cfengine port, versions prior to 1.6.1, contained several format string vulnerabilities which allow a remote attacker to execute arbitrary code on the local system as the user running cfengine, usually user root.
a7f47cec624617cb484ffc0d9e3ccf954f580bd00348310894bd1aac303a4cd2FreeBSD Security Advisory FreeBSD-SA-01:26 - The interbase port has a hard coded backdoor which has full read and write access to databases stored on the server, and also gives the ability to write to arbitrary files on the server as the user running the interbase server (usually user root). Remote attackers may connect to the database on TCP port 3050.
a541aa5579236a77051e5dcbc2246ce72182fdea0f95eaace89c3acbd18ad1efFreeBSD Security Advisory FreeBSD-SA-01:23 - The icecast port, versions prior to 1.3.7_1, contains multiple format string vulnerabilities, which allow a remote attacker to execute arbitrary code as the user running icecast, usually the root user.
e32a64dc0b3ab0cbabbdccc9b1c5ab6d87888e20dac4061a5944907543de4e36FreeBSD Security Advisory FreeBSD-SA-01:25 - Systems which have installed the optional Kerberos IV distribution are vulnerable to attacks via the telnet daemon due to an overflow in the libkrb KerberosIV authentication library and improper filtering of environmental variables by the KerberosIV-adapted telnet daemon.
f9a7aa773a778f96ba38dd1ff4ca14f8f41dbeeb995305ea23832d652efb4616FreeBSD Security Advisory FreeBSD-SA-01:24 - OpenSSH prior to v2.3.0p1 contains remote vulnerabilities.
c8d01ec11d4656a2768dbc2a418fdabf47ce3f917951c88bacd99e7807798064FreeBSD Security Advisory FreeBSD-SA-01:22 - The dc20ctrl port, versions prior to 0.4_1, contains a locally exploitable buffer overflow. Because the dc20ctrl program is also setgid dialer, unprivileged local users may gain gid dialer on the local system. This may allow the users to gain unauthorized access to the serial port devices.
0b247d5f97114dcbe7da125fd3e8270ef6b0e8f6fe5c722c4ea4d9364d807536FreeBSD Security Advisory FreeBSD-SA-01:21 - The ja-elvis and ko-helvis ports, versions prior to ja-elvis-1.8.4_1 and ko-helvis-1.8h2_1, contain an exploitable buffer overflow in the elvrec utility. Because elvrec is setuid root, unprivileged local users may gain root privileges on the local system.
1a869b62905af8904b8403041846cf5d771ff31293af4c383220241db9779734FreeBSD Security Advisory FreeBSD-SA-01:20 - The mars_nwe port, versions prior to 0.99.b19_1, contains a remote format string vulnerability. Because of this vulnerability, a malicious remote user sending specially-crafted packets may be able to execute arbitrary code on the local system, gaining root access.
82dc603952f8799c8d452e6428abd2aef95221b5e642ce2ef35c1ff993c0c960FreeBSD Security Advisory FreeBSD-SA-01:19 - The ja-xklock port, versions 2.7.1 and earlier, contains an exploitable buffer overflow. Because the xklock program is also setuid root, unprivileged local users may gain root privileges on the local system.
3c6cd6aa00e8cf396936b0c72ab70929ad0b9c020f6adcef73f20aabb1587858FreeBSD Security Advisory FreeBSD-SA-01:11 - The ident server included with FreeBSD inetd contains a vulnerability which allows remote users to read the first 16 bytes of files which are accessible by group wheel. The inetd internal ident server is not enabled by default - if you have not enabled the ident portion of inetd, you are not vulnerable.
6273536180124ce566ee041fbe174c87037903e5135ad44363d389827459892eFreeBSD Security Advisory FreeBSD-SA-01:08 - A vulnerability in ipfw and ip6fw allows bypassing of firewalls which make use of the 'established' qualifier, such as "allow tcp from any to any established". Due to overloading of the TCP reserved flags field, ipfw incorrectly treats all TCP packets with the ECE flag set as being part of an established TCP connection, which will therefore match a corresponding ipfw rule containing the 'established' qualifier, even if the packet is not part of an established connection. The ECE flag is part of an experimental extension to TCP. At least one other major operating system will emit TCP packets with the ECE flag set under certain operating conditions. All released versions of FreeBSD prior to the correction date including FreeBSD 3.5.1 and FreeBSD 4.2 are vulnerable.
a86476e1628aed06b3b85bb5a0723201799197b19fa72a9457265207364bde18FreeBSD Security Advisory FreeBSD-SA-01:10 - A vulnerability exists with the bind nameserver prior to v8.2.3-REL which allows remote attackers to execute arbitrary code as root.
d045fe7d70cc4c35244fc03cf6f26e6408e42a804a5cb6915ef7e3e3aa2fa584FreeBSD Security Advisory FreeBSD-SA-01:18 - An overflowable buffer related to the processing of transaction signatures (TSIG) exists in all versions of BIND prior to 8.2.3-RELEASE. The vulnerability is exploitable regardless of configuration options and affects both recursive and non-recursive DNS servers.
5e91111bb54539b59b65f448d0e27bdf893cd206dcbc161e9c6cb098614fea12FreeBSD Security Advisory FreeBSD-SA-01:17 - The exmh2 port, versions prior to 2.3.1, contains a local temp file vulnerability at startup.
96e5fe291b7642d9f29512df60460e31d894dace776d62f0a211213e29fe1b65FreeBSD Security Advisory FreeBSD-SA-01:16 - The mysql323-server port, versions prior to 3.23.22, and all mysql322-server ports contain remote vulnerabilities. Due to a buffer overflow, a malicious remote user can access to all databases and have the ability to leverage other local attacks as the mysqld user.
5042f4f9576393ff5bc422e393f0fbdaa672752e9ceb13bc6bcfd9a7faf4f68fFreeBSD Security Advisory FreeBSD-SA-01:15 - The tinyproxy port, versions prior to 1.3.3a, contains remote vulnerabilities: due to a heap overflow, malicious remote users can cause arbitrary code to be executed as the user running tinyproxy.
8ab124d8f193e2fd06bc0b8a238ccead0da8be819e9e440d63812f0b175b987fFreeBSD Security Advisory FreeBSD-SA-01:14 - The micq port, versions prior to 0.4.6.1, contains a remote vulnerability: due to a buffer overflow, a malicious remote user sending specially-crafted packets may be able to execute arbitrary code on the local system with the privileges of the micq process.
691e5322ca5bbc8ac5680820e80dcfdccf4028b1db7857e4b583b367041adc19FreeBSD Security Advisory FreeBSD-SA-01:07 - The XFree86-3.3.6 port, versions prior to 3.3.6_1, has multiple vulnerabilities that may allow local or remote users to cause a denial of service attack against a vulnerable X server. Additionally, local users can often obtain elevated privileges. A malformed packet to TCP port 6000 causes the X server to freeze for several minutes. Due to various coding flaws in libX11, privileged programs linked against libX11 allow local users to obtain privileged access. In addition, any application using libICE to listen on a network port can be crashed due to inadequate bounds checking in libICE.
f38b8c5e38dd0bfd7f6a70b76bcfecc7bdd44b20ce9d030ccf9afb74f2db810d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed