exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 4 of 4

Files from Reno Robert

FreeBSD Security Advisory - FreeBSD-SA-19:21.bhyve

Posted Aug 6, 2019

Authored by Reno Robert | Site security.freebsd.org

FreeBSD Security Advisory - The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload ("TSO"). The e1000 device model uses an on-stack buffer to generate the modified packet header when simulating these modifications on transmitted packets. When TCP segmentation offload is requested for a transmitted packet, the e1000 device model used a guest-provided value to determine the size of the on-stack buffer without validation. The subsequent header generation could overflow an incorrectly sized buffer or indirect a pointer composed of stack garbage. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host.

tags | advisory, overflow, tcp

systems | freebsd

advisories | CVE-2019-5609

SHA-256 | 5e5c704f8d1d9d95ef61652110af66385c6af7587e83674bd336e945b3308d47

Download | Favorite | View

FreeBSD Security Advisory - FreeBSD-SA-19:16.bhyve

Posted Jul 25, 2019

Authored by Reno Robert | Site security.freebsd.org

FreeBSD Security Advisory - The pci_xhci_device_doorbell() function does not validate the 'epid' and 'streamid' provided by the guest, leading to an out-of-bounds read. A misbehaving bhyve guest could crash the system or access memory that it should not be able to.

tags | advisory

systems | freebsd, bsd

advisories | CVE-2019-5604

SHA-256 | 22ddae49f77be04a48b0ef2c715801539b562f34653337c23b52f4f5dfa1668b

Download | Favorite | View

FreeBSD Security Advisory - FreeBSD-SA-18:15.bootpd

Posted Dec 20, 2018

Authored by Reno Robert | Site security.freebsd.org

FreeBSD Security Advisory - Due to insufficient validation of network-provided data it may be possible for a malicious attacker to craft a bootp packet which could cause a stack buffer overflow. It is possible that the buffer overflow could lead to a Denial of Service or remote code execution.

tags | advisory, remote, denial of service, overflow, code execution

systems | freebsd

advisories | CVE-2018-17161

SHA-256 | c02904f0ef3015af27b497e26383079f1472a0876e7c3cbb2cc3a462525449df

Download | Favorite | View

FreeBSD Security Advisory - FreeBSD-SA-18:14.bhyve

Posted Dec 6, 2018

Authored by Reno Robert | Site security.freebsd.org

FreeBSD Security Advisory - Insufficient bounds checking in one of the device models provided by bhyve(8) can permit a guest operating system to overwrite memory in the bhyve(8) processing possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root.

tags | advisory, arbitrary, root, code execution

systems | freebsd, bsd

advisories | CVE-2018-17160

SHA-256 | 71b98c82206083a2417dbe32f786c2f87d53bf1da55a9b730d6093f5565c2c24

Download | Favorite | View