FreeBSD Security Advisory FreeBSD-SA-01:57 - Sendmail contains an input validation error which may lead to the execution of arbitrary code as root by local users. Upgrade to 8.11.6.
bed188af5bfdd7efb668c67329a344bdb8e00d1441d38cbf72f74b9170f6eafbFreeBSD Security Advisory FreeBSD-SA-01:56 - Tcp_wrappers PARANOID option was not properly implemented and did not provide any more protection than regular host ACL's. This allows an attacker that can influence the results of reverse DNS lookups to get away with providing false information in his dns server.
ad80e6faf5a6c9ffb38faa496b3545f0d0fe76f6e412914ac56ca0b2f075ab46FreeBSD Security Advisory FreeBSD-SA-01:55 - The FreeBSD procfs can leak the memory of protected programs, including password hashes. The procfs code checks for gid kmem privilege when granting access to the /proc/<pid>/mem file - however, the code which is used to allow read-only access via the kmem group was incorrect, and inappropriately granted read access to the caller as long as they already had an open file descriptor for the procfs mem file. All released versions of FreeBSD 4.x including FreeBSD 4.3-RELEASE are vulnerable to this problem if the procfs filesystem is in use.
0a288600619eeb1888a92b14ed7fd19618b8ff990063c47f632e1cbb3627cff2FreeBSD Security Advisory FreeBSD-SA-01:54 - Three optional 3rd party telnetd daemons included in the FreeBSD ports collection have remote root vulnerabilities. They are MIT Kerberos V (security/krb5) prior to version 1.2.2_2, Heimdal (security/heimdal) prior to version 0.4b_1, and SSLtelnet (net/SSLtelnet) (not fixed yet).
e5956729554912a4ae3d2e89e5e280809207c76fef37e6bedae7efacadce2c90FreeBSD Security Advisory FreeBSD-SA-01:53 - Ipfw "me" rules sometimes pass more packets than the administrator realizes when used in conjunction with point-to-point interfaces. Do not use ipfw me, instead give explicit IP addresses.
a2d87cb7ab8f828d0959d0a851d6ddc776013123d5d1775133168ef5b53cc05dFreeBSD Security Advisory FreeBSD-SA-01:40 - The fts routines are vulnerable to a race condition when ascending a file hierarchy, which allows an attacker who has control over part of the hierarchy into which fts is descending to cause the application to ascend beyond the starting point of the file traversal, and enter other parts of the filesystem. If the fts routines are being used by an application to perform operations on the filesystem hierarchy, such as find(1) with a keyword such as -exec or -delete, or rm(1) with the -r flag, these operations can be incorrectly applied to files outside the intended hierarchy, which may result in system damage or compromise. All versions of FreeBSD prior to the correction date including 4.3-RELEASE are vulnerable to this problem.
1087d9a7ee3c61a0c63ce3f436fd87e2a0503f1603655ffc14376ef19a967eb0FreeBSD Security Advisory FreeBSD-SA-01:51.openssl - OpenSSL prior to v0.9.6b contains random number errors which allow the key to be computed. An attack taking advantage of this flaw has been identified that can recover the complete state of the PRNG from the output of one carefully sized PRNG request followed by a few hundred consecutive 1-byte PRNG requests.
241b617fae5c8dd7ddf0074d818f8e3e8a95d8944af97aa6cf25faa8b300157eFreeBSD Security Advisory FreeBSD-SA-01:39.tcp-isn - FreeBSD systems prior to 4.3-RELEASE contain vulnerabilities in the TCP ISN's. Protocols which authenticate solely based on IP address are vulnerable to blind spoofing attacks.
700f3059198dd27dcf3b53b265bad6f0fc17a276e98cf8ee1f2a96aa3ccd7ba9FreeBSD Security Advisory FreeBSD-SA-01:38.sudo - The sudo port, versions prior to sudo-1.6.3.7, contains a local command-line buffer overflow allowing local users to gain root privileges on the local system.
ee17e318cbfabdca5e6419afbcd93bf8c6e4b3fa76924d4ad7175977535f0963FreeBSD Security Advisory FreeBSD-SA-01:37.slrn - The slrn port, versions prior to slrn-0.9.7.0, contains a buffer overflow in the wrapping/unwrapping functions of message header parsing. If a sufficiently long header is parsed, a buffer may overflow allowing the execution of arbitrary code contained in a message header as the user running the slrn program.
10eadabec9a8b1d16ad4939869c7126222596ddd4abf6d163d490a36532df582FreeBSD Security Advisory FreeBSD-SA-01:36.samba - The samba ports, versions prior to samba-2.0.8 and samba-devel-2.2.0, contain /tmp races that may allow local users to cause arbitrary files and devices to be overwritten. Due to easily predictable printer queue cache file names, local users may create symbolic links to any file or device causing it to be corrupted when a remote user accesses a printer. In addition, the file will be left with world writable permission allowing any user to enter their own data.
83fe638951363ccd0063fc9691856f2ac00bfa75e1104a56acf4148f8d68d5c3FreeBSD Security Advisory FreeBSD-SA-01:35.licq - The licq port, versions prior to 1.0.3, contains a vulnerability in URL parsing. URLs received by the licq program are passed to the web browser using the system() function. Since licq performs no sanity checking, a remote attacker will be able to pipe commands contained in the URL causing the client to execute arbitrary commands.
aaa396a811cf768bab9589ce4c8251c23bc9dac97e476c3e35b94efa6a51e522FreeBSD Security Advisory FreeBSD-SA-01:34 - The hylafax port, versions prior to hylafax-4.1.b2_2, contains a format string bug in the hfaxd program. A local user may execute the hfaxd program with command-line arguments containing format string characters, gaining root privileges on the local system.
e2e3043bd622200fe9ab2ce74472e03447529ab973b612d2bc4f89be0afbfad5FreeBSD Security Advisory FreeBSD-SA-01:33 - The glob() function contains buffer overflows that are exploitable through the FTP daemon. If a directory with a name of a certain length is present, a remote user specifying a pathname using globbing characters may cause arbitrary code to be executed on the FTP server as user running ftpd, usually root. Additionally, when given a path containing numerous globbing characters, the glob() functions may consume significant system resources when expanding the path. This can be controlled by setting user limits via /etc/login.conf and setting limits on globbing expansion.
8aea5ad4592fa0042500e15dc47d91bc6db21f66c3891d0fd68df72d09b94fe3FreeBSD Security Advisory FreeBSD-SA-01:32.ipfilter - When matching a packet fragment, insufficient checks were performed to ensure the fragment is valid. In addition, the fragment cache is checked before any rules are checked. Even if all fragments are blocked with a rule, fragment cache entries can be created by packets that match currently held state information. Because of these discrepancies, certain packets may bypass filtering rules. All versions of FreeBSD prior to the correction date, including FreeBSD 3.5.1 and 4.2, contain this problem.
676d7b34644214514010b70aa759e96c9a540b745e87d5da8d0d7e0854b95fb7FreeBSD Security Advisory FreeBSD-SA-01:31.ntpd - An overflowable buffer exists in the ntpd daemon related to the building of a response for a query with a large readvar argument. Due to insufficient bounds checking, a remote attacker may be able to cause arbitrary code to be executed as the user running the ntpd daemon, usually root. All versions of FreeBSD prior to the correction date, including FreeBSD 3.5.1 and 4.2, and versions of the ntpd port prior to ntp-4.0.99k_2 contain this problem.
db62a64df5fc4a1f4b35e133e3e769d11a44d1101cdb9842fc7edcb3682a6e2cFreeBSD Security Advisory FreeBSD-SA-01:30.ufs-ext2fs - A bug in the UFS filesystem allows users to obtain access to areas of the filesystem containing data from deleted files. The filesystem code is supposed to ensure that all filesystem blocks are zeroed before becoming available to user processes, but in a certain specific case this zeroing does not occur, and unzeroed blocks are passed to the user with their previous contents intact. Thus, if the block contains data which used to be part of a file or directory to which the user did not have access, the operation results in unauthorized access of data.
28062553c3721f91be4f08810986bf91bc9a87a82efa87d05c91000b3619552cFreeBSD Security Advisory FreeBSD-SA-01:29.rwhod - Malformed packets sent to the rwhod daemon via UDP port 513 could cause it to crash, thereby denying service to clients.
d0e5626fc0a114aca4d206ed884b059d29eb84f5db39bad6f452ffdbbdb3ec07FreeBSD Security Advisory FreeBSD-SA-01:28 - Malformed packets sent to the timed daemon on UDP port 525 could cause it to crash, thereby denying service to clients.
4b53ee36f6fd34c4b54d687a1dac18792fc95ea30d370ff8f2d80275bbbe55ffFreeBSD Security Advisory FreeBSD-SA-01:27 - The cfengine port, versions prior to 1.6.1, contained several format string vulnerabilities which allow a remote attacker to execute arbitrary code on the local system as the user running cfengine, usually user root.
a7f47cec624617cb484ffc0d9e3ccf954f580bd00348310894bd1aac303a4cd2FreeBSD Security Advisory FreeBSD-SA-01:26 - The interbase port has a hard coded backdoor which has full read and write access to databases stored on the server, and also gives the ability to write to arbitrary files on the server as the user running the interbase server (usually user root). Remote attackers may connect to the database on TCP port 3050.
a541aa5579236a77051e5dcbc2246ce72182fdea0f95eaace89c3acbd18ad1efFreeBSD Security Advisory FreeBSD-SA-01:23 - The icecast port, versions prior to 1.3.7_1, contains multiple format string vulnerabilities, which allow a remote attacker to execute arbitrary code as the user running icecast, usually the root user.
e32a64dc0b3ab0cbabbdccc9b1c5ab6d87888e20dac4061a5944907543de4e36FreeBSD Security Advisory FreeBSD-SA-01:25 - Systems which have installed the optional Kerberos IV distribution are vulnerable to attacks via the telnet daemon due to an overflow in the libkrb KerberosIV authentication library and improper filtering of environmental variables by the KerberosIV-adapted telnet daemon.
f9a7aa773a778f96ba38dd1ff4ca14f8f41dbeeb995305ea23832d652efb4616FreeBSD Security Advisory FreeBSD-SA-01:24 - OpenSSH prior to v2.3.0p1 contains remote vulnerabilities.
c8d01ec11d4656a2768dbc2a418fdabf47ce3f917951c88bacd99e7807798064FreeBSD Security Advisory FreeBSD-SA-01:22 - The dc20ctrl port, versions prior to 0.4_1, contains a locally exploitable buffer overflow. Because the dc20ctrl program is also setgid dialer, unprivileged local users may gain gid dialer on the local system. This may allow the users to gain unauthorized access to the serial port devices.
0b247d5f97114dcbe7da125fd3e8270ef6b0e8f6fe5c722c4ea4d9364d807536
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed