what you don't know can hurt you
Showing 1 - 25 of 1,239 RSS Feed

Operating System: FreeBSD

FreeBSD Security Advisory - FreeBSD-SA-20:03.thrmisc
Posted Jan 28, 2020
Authored by Ilja van Sprundel | Site security.freebsd.org

FreeBSD Security Advisory - The kernel can create a core dump file when a process crashes that contains process state, for debugging. Due to incorrect initialization of a stack data structure, up to 20 bytes of kernel data stored previously stored on the stack will be exposed to a crashing user process. Sensitive kernel data may be disclosed.

tags | advisory, kernel
systems | freebsd, bsd
advisories | CVE-2019-15875
MD5 | 7e92a03752692ff70b6e7dd6409f7f47
FreeBSD Security Advisory - FreeBSD-SA-20:02.ipsec
Posted Jan 28, 2020
Authored by Jean-Francois HREN | Site security.freebsd.org

FreeBSD Security Advisory - A missing check means that an attacker can reinject an old packet and it will be accepted and processed by the IPsec endpoint. The impact depends on the higher-level protocols in use over IPsec. For example, an attacker who can capture and inject packets could cause an action that was intentionally performed once to be repeated.

tags | advisory, protocol
systems | freebsd, bsd
advisories | CVE-2019-5613
MD5 | 37a3aeec30d9aab8277dcc9d5817d7c4
FreeBSD Security Advisory - FreeBSD-SA-20:01.libfetch
Posted Jan 28, 2020
Authored by Duncan Overbruck | Site security.freebsd.org

FreeBSD Security Advisory - A programming error allows an attacker who can specify a URL with a username and/or password components to overflow libfetch(3) buffers. An attacker in control of the URL to be fetched (possibly via HTTP redirect) may cause a heap buffer overflow, resulting in program misbehavior or malicious code execution.

tags | advisory, web, overflow, code execution
systems | freebsd, bsd
advisories | CVE-2020-7450
MD5 | db7e06ba955fcce711123c791d179c85
FreeBSD fd Privilege Escalation
Posted Dec 30, 2019
Authored by Karsten Konig

Local root exploit for the FreeBSD fd vulnerability as disclosed in FreeBSD-SA-19:02.fd.

tags | exploit, local, root
systems | freebsd, bsd
advisories | CVE-2019-5596
MD5 | 6426b023a6749568c0e3de1d4ba2531a
FreeBSD mqueuefs Privilege Escalation
Posted Dec 30, 2019
Authored by Karsten Konig

Local root exploit for the FreeBSD mqueuefs vulnerability as disclosed in FreeBSD-SA-19:15.mqueuefs.

tags | exploit, local, root
systems | freebsd, bsd
MD5 | fa32a042469b8505c6692ec2c13703e4
FreeBSD Security Advisory - FreeBSD-SA-19:25.mcepsc
Posted Nov 12, 2019
Authored by InTeL | Site security.freebsd.org

FreeBSD Security Advisory - Intel discovered a previously published erratum on some Intel platforms can be exploited by malicious software to potentially cause a denial of service by triggering a machine check that will crash or hang the system. Malicious guest operating systems may be able to crash the host.

tags | advisory, denial of service
systems | freebsd
advisories | CVE-2018-12207
MD5 | 16e31a62d192ef837fe70cb34d0748be
FreeBSD Security Advisory - FreeBSD-SA-19:26.mcu
Posted Nov 12, 2019
Authored by InTeL | Site security.freebsd.org

FreeBSD Security Advisory - From time to time Intel releases new CPU microcode to address functional issues and security vulnerabilities. Such a release is also known as a Micro Code Update (MCU), and is a component of a broader Intel Platform Update (IPU). FreeBSD distributes CPU microcode via the devcpu-data port and package.

tags | advisory, vulnerability
systems | freebsd, bsd
advisories | CVE-2017-5715, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11135, CVE-2019-11139
MD5 | 3f292061289055eb717818fe052c4a7b
FreeBSD Security Advisory - FreeBSD-SA-19:23.midi
Posted Aug 22, 2019
Authored by Peter Holm, Mark Johnston | Site security.freebsd.org

FreeBSD Security Advisory - The kernel driver for /dev/midistat implements a handler for read(2). This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat's data buffer. The races allow a program to read kernel memory within a 4GB window centered at midistat's data buffer. The buffer is allocated each time the device is opened, so an attacker is not limited to a static 4GB region of memory. On 32-bit platforms, an attempt to trigger the race may cause a page fault in kernel mode, leading to a panic.

tags | advisory, kernel
systems | freebsd
advisories | CVE-2019-5612
MD5 | 29b9c0f087b6c2dcd49d9c551ed487c4
FreeBSD Security Advisory - FreeBSD-SA-19:24.mqueuefs
Posted Aug 21, 2019
Authored by Karsten Konig | Site security.freebsd.org

FreeBSD Security Advisory - System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. A local user can use this flaw to obtain access to files, directories, sockets, etc., opened by processes owned by other users. If obtained struct file represents a directory from outside of user's jail, it can be used to access files outside of the jail. If the user in question is a jailed root they can obtain root privileges on the host system.

tags | advisory, overflow, local, root
systems | freebsd, bsd
advisories | CVE-2019-5603
MD5 | 9cfd72e9cfbe028258e3db3b70d85035
FreeBSD Security Advisory - FreeBSD-SA-19:23.midi
Posted Aug 21, 2019
Authored by Peter Holm, Mark Johnston | Site security.freebsd.org

FreeBSD Security Advisory - The kernel driver for /dev/midistat implements a handler for read(2). This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat's data buffer. The races allow a program to read kernel memory within a 4GB window centered at midistat's data buffer. The buffer is allocated each time the device is opened, so an attacker is not limited to a static 4GB region of memory. On 32-bit platforms, an attempt to trigger the race may cause a page fault in kernel mode, leading to a panic.

tags | advisory, kernel
systems | freebsd
advisories | CVE-2019-5612
MD5 | c9e90cd4eb3cd766c44e2948ca9b1513
FreeBSD Security Advisory - FreeBSD-SA-19:22.mbuf
Posted Aug 21, 2019
Authored by Clement LECIGNE | Site security.freebsd.org

FreeBSD Security Advisory - Due do a missing check in the code of m_pulldown(9) data returned may not be contiguous as requested by the caller. Extra checks in the IPv6 code catch the error condition and trigger a kernel panic leading to a remote DoS (denial-of-service) attack with certain Ethernet interfaces. At this point it is unknown if any other than the IPv6 code paths can trigger a similar condition.

tags | advisory, remote, kernel
systems | freebsd
advisories | CVE-2019-5611
MD5 | 9c1a75e0d06084604a7f5ea3a769e9e8
FreeBSD Security Advisory - FreeBSD-SA-19:21.bhyve
Posted Aug 6, 2019
Authored by Reno Robert | Site security.freebsd.org

FreeBSD Security Advisory - The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload ("TSO"). The e1000 device model uses an on-stack buffer to generate the modified packet header when simulating these modifications on transmitted packets. When TCP segmentation offload is requested for a transmitted packet, the e1000 device model used a guest-provided value to determine the size of the on-stack buffer without validation. The subsequent header generation could overflow an incorrectly sized buffer or indirect a pointer composed of stack garbage. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host.

tags | advisory, overflow, tcp
systems | freebsd
advisories | CVE-2019-5609
MD5 | 26840b488f085103047559c3820eb233
FreeBSD Security Advisory - FreeBSD-SA-19:20.bsnmp
Posted Aug 6, 2019
Authored by Guido Vranken | Site security.freebsd.org

FreeBSD Security Advisory - A function extracting the length from type-length-value encoding is not properly validating the submitted length. A remote user could cause, for example, an out-of-bounds read, decoding of unrelated data, or trigger a crash of the software such as bsnmpd resulting in a denial of service.

tags | advisory, remote, denial of service
systems | freebsd, bsd
advisories | CVE-2019-5610
MD5 | 6ef4969cfc02cf46cf589e659797306b
FreeBSD Security Advisory - FreeBSD-SA-19:19.mldv2
Posted Aug 6, 2019
Authored by CJD of Apple | Site security.freebsd.org

FreeBSD Security Advisory - The ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic.

tags | advisory, remote, kernel
systems | freebsd
advisories | CVE-2019-5608
MD5 | 3dc4e82e186f7e320d7d6c4dfbf5493c
FreeBSD Security Advisory - FreeBSD-SA-19:18.bzip2
Posted Aug 6, 2019
Site security.freebsd.org

FreeBSD Security Advisory - The decompressor used in bzip2 contains a bug which can lead to an out-of-bounds write when processing a specially crafted bzip2(1) file. bzip2recover contains a heap use-after-free bug which can be triggered when processing a specially crafted bzip2(1) file. An attacker who can cause maliciously crafted input to be processed may trigger either of these bugs. The bzip2recover bug may cause a crash, permitting a denial-of-service. The bzip2 decompressor bug could potentially be exploited to execute arbitrary code. Note that some utilities, including the tar(1) archiver and the bspatch(1) binary patching utility (used in portsnap(8) and freebsd-update(8)) decompress bzip2(1)-compressed data internally; system administrators should assume that their systems will at some point decompress bzip2(1)-compressed data even if they never explicitly invoke the bunzip2(1) utility.

tags | advisory, arbitrary
systems | freebsd
advisories | CVE-2016-3189, CVE-2019-12900
MD5 | 76087cf6669372fbf8909cd8f5d7ed6d
FreeBSD Security Advisory - FreeBSD-SA-19:17.fd
Posted Jul 25, 2019
Authored by Mark Johnston | Site security.freebsd.org

FreeBSD Security Advisory - If a process attempts to transmit rights over a UNIX-domain socket and an error causes the attempt to fail, references acquired on the rights are not released and are leaked. This bug can be used to cause the reference counter to wrap around and free the corresponding file structure. A local user can exploit the bug to gain root privileges or escape from a jail.

tags | advisory, local, root
systems | unix, freebsd, bsd
advisories | CVE-2019-5607
MD5 | 1a3189674b2fd461c7cc9af0c29d8185
FreeBSD Security Advisory - FreeBSD-SA-19:16.bhyve
Posted Jul 25, 2019
Authored by Reno Robert | Site security.freebsd.org

FreeBSD Security Advisory - The pci_xhci_device_doorbell() function does not validate the 'epid' and 'streamid' provided by the guest, leading to an out-of-bounds read. A misbehaving bhyve guest could crash the system or access memory that it should not be able to.

tags | advisory
systems | freebsd, bsd
advisories | CVE-2019-5604
MD5 | 71bf823754b425dc351c08e498f7d8ae
FreeBSD Security Advisory - FreeBSD-SA-19:15.mqueuefs
Posted Jul 25, 2019
Authored by Mateusz Guzik | Site security.freebsd.org

FreeBSD Security Advisory - System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. A local user can use this flaw to obtain access to files, directories, sockets etc. opened by processes owned by other users. If obtained struct file represents a directory from outside of user's jail, it can be used to access files outside of the jail. If the user in question is a jailed root they can obtain root privileges on the host system.

tags | advisory, overflow, local, root
systems | freebsd, bsd
advisories | CVE-2019-5603
MD5 | 17ac53321b9a37616cc3344652d76b23
FreeBSD Security Advisory - FreeBSD-SA-19:14.freebsd32
Posted Jul 25, 2019
Authored by Ilja van Sprundel | Site security.freebsd.org

FreeBSD Security Advisory - Due to insufficient initialization of memory copied to userland in the components listed above small amounts of kernel memory may be disclosed to userland processes. A user who can invoke 32-bit FreeBSD ioctls may be able to read the contents of small portions of kernel memory. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way; for example, a terminal buffer might include a user-entered password.

tags | advisory, kernel
systems | freebsd, bsd
advisories | CVE-2019-5605
MD5 | 5736cbc3b6e4753872fa443e695addc6
FreeBSD Security Advisory - FreeBSD-SA-19:13.pts
Posted Jul 25, 2019
Authored by syzkaller | Site security.freebsd.org

FreeBSD Security Advisory - The code which handles a close(2) of a descriptor created by posix_openpt(2) fails to undo the configuration which causes SIGIO to be raised. This bug can lead to a write-after-free of kernel memory. The bug permits malicious code to trigger a write-after-free, which may be used to gain root privileges or escape a jail.

tags | advisory, kernel, root
systems | freebsd, bsd, osx
advisories | CVE-2019-5606
MD5 | bb73159089c28abc1e386b3526667139
FreeBSD Security Advisory - FreeBSD-SA-19:12.telnet
Posted Jul 24, 2019
Authored by Juniper Networks | Site security.freebsd.org

FreeBSD Security Advisory - Insufficient validation of environment variables in the telnet client supplied in FreeBSD can lead to stack-based buffer overflows. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client. Inbound telnet sessions to telnetd(8) are not affected by this issue. These buffer overflows may be triggered when connecting to a malicious server, or by an active attacker in the network path between the client and server. Specially crafted TELNET command sequences may cause the execution of arbitrary code with the privileges of the user invoking telnet(1).

tags | advisory, remote, overflow, arbitrary
systems | freebsd, bsd
advisories | CVE-2019-0053
MD5 | ab448af83d8c939a666a34e2fc68c7f5
FreeBSD Security Advisory - FreeBSD-SA-19:10.ufs
Posted Jul 3, 2019
Authored by David G. Lawrence | Site security.freebsd.org

FreeBSD Security Advisory - A bug causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding. This data can be viewed by any user with read access to the directory. Additionally, a malicious user with write access to a directory can cause up to 254 bytes of kernel stack memory to be exposed. Some amount of the kernel stack is disclosed and written out to the filesystem.

tags | advisory, kernel
systems | freebsd, bsd
advisories | CVE-2019-5601
MD5 | 46094c4f37df1255acbd646ec82e3d07
FreeBSD Security Advisory - FreeBSD-SA-19:11.cd_ioctl
Posted Jul 3, 2019
Authored by Alex Fortune | Site security.freebsd.org

FreeBSD Security Advisory - To implement one particular ioctl, the Linux emulation code used a special interface present in the cd(4) driver which allows it to copy subchannel information directly to a kernel address. This interface was erroneously made accessible to userland, allowing users with read access to a cd(4) device to arbitrarily overwrite kernel memory when some media is present in the device. A user in the operator group can make use of this interface to gain root privileges on a system with a cd(4) device when some media is present in the device.

tags | advisory, kernel, root
systems | linux, freebsd
advisories | CVE-2019-5602
MD5 | b564cb6482eb056f4f3410e971bced57
FreeBSD Security Advisory - FreeBSD-SA-19:09.iconv
Posted Jul 3, 2019
Authored by Andrea Venturoli | Site security.freebsd.org

FreeBSD Security Advisory - With certain inputs, iconv may write beyond the end of the output buffer. Depending on the way in which iconv is used, an attacker may be able to create a denial of service, provoke incorrect program behavior, or induce a remote code execution. iconv is a libc library function and the nature of possible attacks will depend on the way in which iconv is used by applications or daemons.

tags | advisory, remote, denial of service, code execution
systems | freebsd, bsd
advisories | CVE-2019-5600
MD5 | 7b79e911c86a0f9ff912dd1aa191a5f3
FreeBSD Security Advisory - FreeBSD-SA-19:08.rack
Posted Jun 21, 2019
Authored by Jonathan Looney | Site security.freebsd.org

FreeBSD Security Advisory - While processing acknowledgements, the RACK code uses several linked lists to maintain state entries. A malicious attacker can cause the lists to grow unbounded. This can cause an expensive list traversal on every packet being processed, leading to resource exhaustion and a denial of service. An attacker with the ability to send specially crafted TCP traffic to a victim system can degrade network performance and/or consume excessive CPU by exploiting the inefficiency of traversing the potentially very large RACK linked lists with relatively small bandwidth cost.

tags | advisory, denial of service, tcp
systems | freebsd, bsd
advisories | CVE-2019-5599
MD5 | 61bd1985fd9c500e680146f09bfc02c8
Page 1 of 50
Back12345Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    2 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    16 Files
  • 13
    Feb 13th
    19 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close