Twenty Year Anniversary
Showing 1 - 25 of 341 RSS Feed

Operating System: BSD

FreeBSD Security Advisory - FreeBSD-SA-18:12.elf
Posted Sep 13, 2018
Authored by Fraunhofer FKIE, Thomas Barabosch, Mark Johnston | Site security.freebsd.org

FreeBSD Security Advisory - Insufficient validation was performed in the ELF header parser, and malformed or otherwise invalid ELF binaries were not rejected as they should be. Execution of a malicious ELF binary may result in a kernel crash or may disclose kernel memory.

tags | advisory, kernel
systems | freebsd, bsd
advisories | CVE-2018-6924
MD5 | 00b792f169afd323a3ed205a6d9a506d
FreeBSD Security Advisory - FreeBSD-SA-18:10.ip
Posted Aug 15, 2018
Authored by Juha-Matti Tilli | Site security.freebsd.org

FreeBSD Security Advisory - A researcher has notified us of a DoS attack applicable to another operating system. While FreeBSD may not be vulnerable to that exact attack, we have identified several places where inadequate DoS protection could allow an attacker to consume system resources. It is not necessary that the attacker be able to establish two-way communication to carry out these attacks. These attacks impact both IPv4 and IPv6 fragment reassembly. In the worst case, an attacker could send a stream of crafted fragments with a low packet rate which would consume a substantial amount of CPU. Other attack vectors allow an attacker to send a stream of crafted fragments which could consume a large amount of CPU or all available mbuf clusters on the system. These attacks could temporarily render a system unreachable through network interfaces or temporarily render a system unresponsive. The effects of the attack should clear within 60 seconds after the attack stops.

tags | advisory
systems | freebsd, bsd
advisories | CVE-2018-6923
MD5 | 6d1a3e8fec6cb509fd14501d91ac75b5
FreeBSD Security Advisory - FreeBSD-SA-18:11.hostapd
Posted Aug 15, 2018
Authored by Mathy Vanhoef | Site security.freebsd.org

FreeBSD Security Advisory - When using WPA2, EAPOL-Key frames with the Encrypted flag and without the MIC flag set, the data field was decrypted first without verifying the MIC. When the dta field was encrypted using RC4, for example, when negotiating TKIP as a pairwise cipher, the unauthenticated but decrypted data was subsequently processed. This opened wpa_supplicant(8) to abuse by decryption and recovery of sensitive information contained in EAPOL-Key messages. All users of the WPA2 TKIP pairwise cipher are vulnerable to information, for example, the group key.

tags | advisory
systems | freebsd, bsd
advisories | CVE-2018-14526
MD5 | 6161d24d13a49c91a2677cc51cfcb2a2
FreeBSD Security Advisory - FreeBSD-SA-18:09.l1tf
Posted Aug 15, 2018
Site security.freebsd.org

FreeBSD Security Advisory - On certain Intel 64-bit x86 systems there is a period of time during terminal fault handling where the CPU may use speculative execution to try to load data. The CPU may speculatively access the level 1 data cache (L1D). Data which would otherwise be protected may then be determined by using side channel methods. This issue affects bhyve on FreeBSD/amd64 systems. An attacker executing user code, or kernel code inside of a virtual machine, may be able to read secret data from the kernel or from another virtual machine.

tags | advisory, x86, kernel
systems | freebsd, bsd
advisories | CVE-2018-3620, CVE-2018-3646
MD5 | d2d8d94bd9c95b68c83e957598d1c85c
FreeBSD Security Advisory - FreeBSD-SA-18:08.tcp
Posted Aug 7, 2018
Authored by Juha-Matti Tilli | Site security.freebsd.org

FreeBSD Security Advisory - One of the data structures that holds TCP segments uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system's network performance and/or consume excessive CPU by exploiting the inefficiency of TCP reassembly handling, with relatively small bandwidth cost.

tags | advisory, tcp
systems | freebsd, bsd
advisories | CVE-2018-6922
MD5 | 0bdd64abf1fb28bb2f9ee045a5e2a080
FreeBSD Security Advisory - FreeBSD-SA-18:07.lazyfpu
Posted Jun 21, 2018
Authored by Julian Stecklina | Site security.freebsd.org

FreeBSD Security Advisory - A subset of Intel processors can allow a local thread to infer data from another thread through a speculative execution side channel when Lazy FPU state restore is used. Any local thread can potentially read FPU state information from other threads running on the host. This could include cryptographic keys when the AES-NI CPU feature is present.

tags | advisory, local
systems | freebsd, bsd
advisories | CVE-2018-3665
MD5 | 1f6a78529b67d0c29228595a5402e4ec
rldns 1.2
Posted May 11, 2018
Authored by Ringlayer | Site ringlayer.net

rldns is an open source lightweight DNS server for linux, netbsd, freebsd, and openbsd. Runs on x86 and x86_64 architectures.

Changes: Various updates.
tags | tool, x86
systems | linux, netbsd, unix, freebsd, bsd, openbsd
MD5 | 5b3cb3b9e8efbdc698d6294abcbf309d
FreeBSD Security Advisory - FreeBSD-SA-18:06.debugreg
Posted May 8, 2018
Authored by Nick Peterson | Site security.freebsd.org

FreeBSD Security Advisory - The MOV SS and POP SS instructions inhibit debug exceptions until the instruction boundary following the next instruction. If that instruction is a system call or similar instruction that transfers control to the operating system, the debug exception will be handled in the kernel context instead of the user context. An authenticated local attacker may be able to read sensitive data in kernel memory, control low-level operating system functions, or may panic the system.

tags | advisory, kernel, local
systems | freebsd, bsd
advisories | CVE-2018-8897
MD5 | 05c71c8dc70ff40f5b7968260285a503
FreeBSD Security Advisory - FreeBSD-SA-18:03.speculative_execution
Posted Mar 14, 2018
Authored by Jann Horn, Yuval Yarom, Michael Schwarz, Mike Hamburg, Moritz Lipp, Paul Kocher, Werner Haas, Thomas Prescher, Stefan Mangard, Daniel Gruss, Daniel Genkin | Site security.freebsd.org

FreeBSD Security Advisory - A number of issues relating to speculative execution were found last year and publicly announced January 3rd. Two of these, known as Meltdown and Spectre V2, are addressed here.

tags | advisory
systems | freebsd, bsd
advisories | CVE-2017-5715, CVE-2017-5754
MD5 | a26c0e3e31cfe9f94c14cc22c3de9089
FreeBSD Update On Spectre / Meltdown Patching
Posted Jan 9, 2018
Authored by Gordon Tetlow

This is a note from the FreeBSD team that they were notified of the issue in late December and received a briefing under NDA with the original embargo date of January 9th. Since they received relatively late notice of the issue, their ability to provide fixes is delayed.

tags | advisory
systems | freebsd, bsd
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
MD5 | 3d8597163525c9232966500bae696d26
pfSense 2.1.3-RELEASE (amd64) Remote Command Execution
Posted Dec 28, 2017
Authored by wetw0rk, Jared Stephens | Site metasploit.com

pfSense, a free BSD based open source firewall distribution, versions 2.2.6 and below contain a remote command execution vulnerability post authentication in the _rrd_graph_img.php page. The vulnerability occurs via the graph GET parameter. A non-administrative authenticated attacker can inject arbitrary operating system commands and execute them as the root user. Verified against 2.1.3.

tags | exploit, remote, arbitrary, root, php
systems | bsd
MD5 | 9e31715f8e4cf15c616cd81794fa4e26
FreeBSD Security Advisory - FreeBSD-SA-17:12.openssl
Posted Dec 12, 2017
Site security.freebsd.org

FreeBSD Security Advisory - Invoking SSL_read()/SSL_write() while in an error state causes data to be passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. Various other issues were addressed.

tags | advisory
systems | freebsd, bsd
advisories | CVE-2017-3737, CVE-2017-3738
MD5 | 3475ce3c92c45de6eb4652ec337d3e53
FreeBSD Security Advisory - FreeBSD-SA-17:07.wpa
Posted Oct 19, 2017
Authored by Mathy Vanhoef | Site security.freebsd.org

FreeBSD Security Advisory - A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used.

tags | advisory, vulnerability
systems | freebsd, bsd
advisories | CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
MD5 | dd1ceecd8830ca90a5666d6a9425ade7
FreeBSD 10.3 Jail SHM Issue
Posted Aug 16, 2017
Authored by WhiteWinterWolf

FreeBSD jail incompletely protects the access to the IPC primitives. The 'allow.sysvipc' setting only affects IPC queues, leaving other IPC objects unprotected, making them reachable system-wide independently of the system configuration. Versions 7.0 through 10.3 are affected. Proof of concept included.

tags | exploit, proof of concept
systems | freebsd, bsd
MD5 | e7bb338f4932b0dcb05045dbf728194c
FreeBSD setrlimit Stack Clash Proof Of Concept
Posted Jun 29, 2017
Site qualys.com

FreeBSD setrlimit stack clash proof of concept exploit.

tags | exploit, proof of concept
systems | freebsd, bsd
advisories | CVE-2017-1085
MD5 | 6eba2939821ab24edba2b623a0df6a80
FreeBSD FGPE Stack Clash Proof Of Concept
Posted Jun 29, 2017
Site qualys.com

FreeBSD FGPE stack clash proof of concept exploit.

tags | exploit, proof of concept
systems | freebsd, bsd
advisories | CVE-2017-1084
MD5 | a5bf5e251c7b1182eb8d9d86a7cba5ec
FreeBSD FGPU Stack Clash Proof Of Concept
Posted Jun 29, 2017
Site qualys.com

FreeBSD FGPU stack clash proof of concept exploit.

tags | exploit, proof of concept
systems | freebsd, bsd
advisories | CVE-2017-1084
MD5 | 4df3d0a41e548c26a0c180b85a467afb
FreeBSD Security Advisory - FreeBSD-SA-17:03.ntp
Posted Apr 12, 2017
Authored by Network Time Foundation | Site security.freebsd.org

FreeBSD Security Advisory - A vulnerability was discovered in the NTP server's parsing of configuration directives. A vulnerability was found in NTP, in the parsing of packets from the DPTS Clock. A vulnerability was discovered in the NTP server's parsing of configuration directives. A vulnerability was found in NTP, affecting the origin timestamp check function. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message. A malicious device could send crafted messages, causing ntpd to crash. An attacker able to spoof messages from all of the configured peers could send crafted packets to ntpd, causing later replies from those peers to be discarded, resulting in denial of service.

tags | advisory, remote, denial of service, spoof
systems | freebsd, bsd
advisories | CVE-2016-9042, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464
MD5 | c169a99d362c1ddf8d4e9d7e28573bae
rldns 1.1
Posted Mar 23, 2017
Authored by Ringlayer | Site ringlayer.net

rldns is an open source lightweight DNS server for linux, netbsd, freebsd, and openbsd. Runs on x86 and x86_64 architectures.

Changes: Various updates.
tags | tool, x86
systems | linux, netbsd, unix, freebsd, bsd, openbsd
MD5 | fa1b4c747d0ea7b13c02993fbb0336e7
rldns 1.0
Posted Mar 13, 2017
Authored by Ringlayer | Site ringlayer.net

rldns is an open source lightweight DNS server for linux, netbsd, freebsd, and openbsd. Runs on x86 and x86_64 architectures.

tags | tool, x86
systems | linux, netbsd, unix, freebsd, bsd, openbsd
MD5 | 0ff54b024b64c4bf409da6fc84703fec
FreeBSD Security Advisory - FreeBSD-SA-17:02.openssl
Posted Feb 23, 2017
Site security.freebsd.org

FreeBSD Security Advisory - If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. Various other issues have also been identified.

tags | advisory
systems | freebsd, bsd
advisories | CVE-2016-7055, CVE-2017-3731, CVE-2017-3732
MD5 | 61e028674e75cf79a6ef2b0daf4f97e0
FreeBSD Security Advisory - FreeBSD-SA-17:01.openssh
Posted Jan 11, 2017
Site security.freebsd.org

FreeBSD Security Advisory - The ssh-agent(1) agent supports loading a PKCS#11 module from outside a trusted whitelist. An attacker can request loading of a PKCS#11 module across forwarded agent-socket. When privilege separation is disabled, forwarded Unix domain sockets would be created by sshd(8) with the privileges of 'root' instead of the authenticated user. A remote attacker who have control of a forwarded agent-socket on a remote system and have the ability to write files on the system running ssh-agent(1) agent can run arbitrary code under the same user credential. Because the attacker must already have some control on both systems, it is relatively hard to exploit this vulnerability in a practical attack. When privilege separation is disabled (on FreeBSD, privilege separation is enabled by default and has to be explicitly disabled), an authenticated attacker can potentially gain root privileges on systems running OpenSSH server.

tags | advisory, remote, arbitrary, root
systems | unix, freebsd, bsd
advisories | CVE-2016-10009, CVE-2016-10010
MD5 | 2022ff5492e80b6bf9eb7f85b3d2016f
FreeBSD Security Advisory - FreeBSD-SA-16.39.ntp
Posted Dec 21, 2016
Authored by Network Time Foundation | Site security.freebsd.org

FreeBSD Security Advisory - Multiple vulnerabilities have been discovered in the NTP suite.

tags | advisory, vulnerability
systems | freebsd, bsd
advisories | CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7431
MD5 | 758701c6c332f8937e8764717b895f4a
FreeBSD Security Advisory - FreeBSD-SA-16:24.ntp
Posted Jun 6, 2016
Site security.freebsd.org

FreeBSD Security Advisory - Multiple vulnerabilities have been discovered in the NTP suite.

tags | advisory, vulnerability
systems | freebsd, bsd
advisories | CVE-2016-4953, CVE-2016-4954, CVE-2016-4955, CVE-2016-4957
MD5 | fce94472a944196f57b09c666a948569
ImageMagick Delegate Arbitrary Command Execution
Posted May 6, 2016
Authored by wvu, Nikolay Ermishkin, hdm, stewie | Site metasploit.com

This Metasploit module exploits a shell command injection in the way "delegates" (commands for converting files) are processed in ImageMagick versions <= 7.0.1-0 and <= 6.9.3-9 (legacy). Since ImageMagick uses file magic to detect file format, you can create a .png (for example) which is actually a crafted SVG (for example) that triggers the command injection. Tested on Linux, BSD, and OS X. You'll want to choose your payload carefully due to portability concerns. Use cmd/unix/generic if need be.

tags | exploit, shell
systems | linux, unix, bsd, apple, osx
MD5 | 673c4b90719c9b8a377e4c72d8396c29
Page 1 of 14
Back12345Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    19 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close