FreeBSD Security Advisory FreeBSD-SA-02:44 - FreeBSD 4.3 and later is vulnerable to a local denial service attack due to a bug in the fpathconf system call which crashes the system by repeatedly calling fpathconf on a file descriptor until the reference count wraps to a negative value, then closing the file descriptor. See Pine-cert-20030101.txt for more information.
aacf0c83903b87562681466b20bcaa250cf0fb40cfd75e49cd68e3de7dbd5952
FreeBSD Security Advisory FreeBSD-SA-02:43.bind - BIND 8 has two vulnerabilities. The BIND SIG Cached RR overflow allows a remote attacker to force a server with recursion enabled to execute arbitrary code with the privileges of the name server process. The BIND OPT DoS and BIND SIG Expiry Time DoS may cause a remote name server to crash.
c6ffc36a671f6f5c4df06000d02ae9e77bad3e00ca4d79496cd912a7b2c3ff54
FreeBSD Security Advisory FreeBSD-SA-02:41 - The sendmail Restricted Shell command (smrsh) contains errors in the handling of command arguments with "||" or spaces which allow the execution of commands outside of those in its target directory. Since command arguments may be specified in local users' .forward' files, the smrsh restrictions may be bypassed using such files that are specially crafted.
6f435e71ca899851ba23f0f5dac3c950a42b07a1bbd6700c4fab2e2199250a74
FreeBSD Security Advisory FreeBSD-SA-02:42 - Several libc functions --- including getaddrinfo(), gethostbyname(), getnetbyname(), and others --- utilize the DNS resolver functions res_search, res_query, and/or res_send which contain buffer overflow vulnerabilities which allow remote denial of service attacks against many applications.
1cdf791d166fa98998ba12602cfd1fd958f9553e41b786d6a8431d56df284d9b
FreeBSD Security Advisory FreeBSD-SA-02:40 - The Kerberos administrative servers, kadmind and k5admind contain stack overflows that allow remote code execution as root from non-authenticated attackers. According to the MIT security team, there is evidence that this bug is being actively exploited.
a53b924c7f8aa4c605768a128d5b3a18c94db514f6e304190e2a87c9e3175aef
FreeBSD Security Advisory FreeBSD-SA-02:39 - The kvm(3) library, which provides a uniform interface for accessing kernel virtual memory images, leaves open file descriptors to /dev/mem and /dev/kmem, allowing other processes to read kernel memory and disclose sensitive information. Affected applications include asmon, ascpu, bubblemon, wmmon, and wmnet2.
f72b00ab99acc2936edb12f08a3e65add79a59f5621825156f3b6c59c5e8ac0d
FreeBSD Security Advisory FreeBSD-SA-02:38 - Several FreeBSD system calls can be called with large negative arguments, causing the kernel to return a large portion of kernel memory. Such memory often contains sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way. Terminal buffers often include user entered passwords.
88ff433a239366f36acc2d774fe3b9e5da6d59cd8ec51ab272b0044ef9358119
FreeBSD Security Advisory FreeBSD-SA-02:37 - Local users can cause a kernel panic using the kqueue system. If a pipe was created with the pipe(2) system call, and one end of the pipe was closed, registering an EVFILT_WRITE filter on the other end would cause a kernel panic.
18ab150b52ce585a4c7a0ec2f65b535359a1e43a56079bd38c7a0cc792ed51b4
FreeBSD Security Advisory FreeBSD-SA-02:36 - A denial of service vulnerability has been discovered in FreeBSD NFS. A part of the NFS server code charged with handling incoming RPC messages had an error which, when the server received a message with a zero-length payload, would cause it to reference the payload from the previous message, creating a loop in the message chain. This would later cause an infinite loop in a different part of the NFS server code which tried to traverse the chain.
4fdb16c1217014bf315623bd4cf8b0cb08cc40ca829261bc2ec12ae5ef0b4aae
FreeBSD Security Advisory FreeBSD-SA-02:35 - FFS, the default FreeBSD filesystem has an overflow in the maximum permitted FFS file size which allows users to create files that are larger than FreeBSD's virtual memory system can handle. The integer overflows that result when such files are accessed can map filesystem metadata into the user file, permitting access to arbitrary filesystem blocks. The bug is encountered only on FFS filesystems with a block size of 16k or greater on the i386 architecture, or 32k or greater on the alpha architecture.
5382dcd140d23381121af16e97a58b46adf01d26b3ac54205c8672080fc63de3
FreeBSD Security Advisory FreeBSD-SA-02:33 - OpenSSL prior to v0.9.6e contains several remotely exploitable buffer overflows, including errors in the handling of the client master key in the SSL2 protocol implementation; the handling of the session ID in the SSL3 protocol; and in the handling of buffers used for representing integers in ASCII on 64-bit platforms. Disabling the SSL2 protocol in server applications should render server exploits harmless. There is no known workaround for client applications.
83bbc8a0b3d5053c48708c3bfd3faa3d4dc05476ff101ba705ac7e26925b6084
FreeBSD Security Advisory FreeBSD-SA-02:34 - All releases of FreeBSD up to and including 4.6.1-RELEASE-p5 contain an error in the the calculation of memory needed for unpacking arrays in the SunRPC XDR decoder results in a remotely exploitable heap overflow. Many rpc services are vulnerable, including NFS, the NIS server, rpc.statd and more.
76e33d674df2b311946bde6ac0d5ff86ca20d3bb6258a997eb245cdc6ed93f56
FreeBSD Security Advisory FreeBSD-SA-02:32 - The pppd program shipped with all releases of FreeBSD up to and including 4.6.1-RELEASE-p1 contains a race condition which can be exploited by local users to change the permissions of any file.
f09d3294360258453f1ac13605ed545115ba18426a55d3487333f205af45c75f
FreeBSD Security Advisory FreeBSD-SA-02:31 - OpenSSH included with FreeBSD-CURRENT between 2002-03-18 and 2002-06-25 has a remote root vulnerability because ChallengeResponseAuthentication is turned on by default.
95c8eacb9873f2fd53d933945c9f51ac0fb845249ac900809ad7f1f99002a160
FreeBSD Security Advisory FreeBSD-SA-02:29 - A buffer overflow has been found tcpdump v3.7.1 and below which can be triggered through specially crafted NFS packets. Since tcpdump typically runs with root privileges, exploitation of this vulnerability can be used to remotely execute code on systems that are affected.
e80b102939576bd0557c204c249e44d533520aa46fd213b0c8a7af8d017ca2bd
FreeBSD Security Advisory FreeBSD-SA-02:30 - It is possible for normal users to trace processes from setuid / setgid programs that dropped their privileges, leading to the disclosure of sensitive information obtained by the process from before the privileges where dropped. All releases prior to and including 4.6-RELEASE are affected.
3903dc01778d54fad0e514237a5847cdaf9e1713070ce70bff4f321a01df548b
FreeBSD Security Advisory FreeBSD-SA-02:28 - The resolver code in libc contains remotely exploitable buffer overflows which can be triggered by specially crafted DNS replies. Since practically all Internet applications utilize the resolver, the severity of this issue is high.
6b83374a39e412e4999a84b174fc3453b24b595ee4e431b7b09f863588791bbb
FreeBSD Security Advisory FreeBSD-SA-02:27 - The FreeBSD rc scripts allow users may remove the contents of arbitrary directories if the /tmp/.X11-unix directory does not already exist and the system can be enticed to reboot.
b4fbc7e2551b07468072eacaa7f05cac8d58f5064909295857e01e3c876cba04
FreeBSD Security Advisory FreeBSD-SA-02:26 - FreeBSD kernels compiled with accept() filters are vulnerable to a denial of service condition.
e19aca6cdf3a6b5d5e66fddf7410b68eacc39a4a11c4f26df42fe24f15409ddf
FreeBSD Security Advisory FreeBSD-SA-02:18 - A programming error in zlib may cause segments of dynamically allocated memory to be released more than once (double-freed), allowing attackers to send specially crafted data to applications that use zlib, crashing the application.
85e35fe5255d89e2e7899a233f71d3e506322b0209fc2a63fdfa86524f863db8
FreeBSD Security Advisory FreeBSD-SA-02:22 - Local users can cause the FreeBSD system to crash due to a bug in the virtual memory management system involving a failure to check for the existence of a VM object during page invalidation. This bug could be triggered by calling msync(2) on an anonymous, asynchronous memory map (i.e. created using the mmap flags MAP_ANON and MAP_NOSYNC) which had not been accessed previously, causing the system to crash.
2b5798f47b997adc1c458dfa79cf7e89c9a9e25de047108d39e3bd1df3fe48d5
FreeBSD Security Advisory FreeBSD-SA-02:23 - Setuid or setgid applications can be used for privilege elevation due to insecure handling of stdio file descriptors on FreeBSD releases up to and including 4.5-RELEASE. It is known that the 'keyinit' set-user-id program is exploitable using this method. This vulnerability was discovered by Joost Pol.
8f69bc483a1458f7d54a29d27b77175fcbf84e8323830e08f06dd00c8fae39cc
FreeBSD Security Advisory FreeBSD-SA-02:21 - A bug in the FreeBSD kernel's TCP/IP stack's processing of ICMP echo replies can be exploited to create new routing table entries which are never deallocated, using all available memory.
1b209ae5272e1c845302bb2943ef5557ae459d0b9bb2720c44291a59a7de1062
FreeBSD Security Advisory FreeBSD-SA-02:20 - Two denial of service vulnerabilities were found in the syn cookie implementation in FreeBSD. When a SYN was accepted via a syncookie, it used an uninitialized pointer to find the TCP options for the new socket. This pointer may be a null pointer, which will cause the machine to crash. In addition, restarting applications using syn cookie protected sockets can cause a reference to an old inpcb pointer, crashing the system.
8b6f4a7fd0cea3fb0298753657a3d2e32a940bde4640bc28a17a99e80f3479b2
FreeBSD Security Advisory FreeBSD-SA-02:19 - The squid port prior to version 2.4_9 contains a heap overflow in the DNS processing which can be triggered by a DNS server.
91374848fc4b60fd302d3d9e64d7e72562eb90b13c72f4cc24abe1d05f5dc737