what you don't know can hurt you
Showing 1 - 25 of 1,218 RSS Feed

Operating System: FreeBSD

FreeBSD Security Advisory - FreeBSD-SA-19:10.ufs
Posted Jul 3, 2019
Authored by David G. Lawrence | Site security.freebsd.org

FreeBSD Security Advisory - A bug causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding. This data can be viewed by any user with read access to the directory. Additionally, a malicious user with write access to a directory can cause up to 254 bytes of kernel stack memory to be exposed. Some amount of the kernel stack is disclosed and written out to the filesystem.

tags | advisory, kernel
systems | freebsd, bsd
advisories | CVE-2019-5601
MD5 | 46094c4f37df1255acbd646ec82e3d07
FreeBSD Security Advisory - FreeBSD-SA-19:11.cd_ioctl
Posted Jul 3, 2019
Authored by Alex Fortune | Site security.freebsd.org

FreeBSD Security Advisory - To implement one particular ioctl, the Linux emulation code used a special interface present in the cd(4) driver which allows it to copy subchannel information directly to a kernel address. This interface was erroneously made accessible to userland, allowing users with read access to a cd(4) device to arbitrarily overwrite kernel memory when some media is present in the device. A user in the operator group can make use of this interface to gain root privileges on a system with a cd(4) device when some media is present in the device.

tags | advisory, kernel, root
systems | linux, freebsd
advisories | CVE-2019-5602
MD5 | b564cb6482eb056f4f3410e971bced57
FreeBSD Security Advisory - FreeBSD-SA-19:09.iconv
Posted Jul 3, 2019
Authored by Andrea Venturoli | Site security.freebsd.org

FreeBSD Security Advisory - With certain inputs, iconv may write beyond the end of the output buffer. Depending on the way in which iconv is used, an attacker may be able to create a denial of service, provoke incorrect program behavior, or induce a remote code execution. iconv is a libc library function and the nature of possible attacks will depend on the way in which iconv is used by applications or daemons.

tags | advisory, remote, denial of service, code execution
systems | freebsd, bsd
advisories | CVE-2019-5600
MD5 | 7b79e911c86a0f9ff912dd1aa191a5f3
FreeBSD Security Advisory - FreeBSD-SA-19:08.rack
Posted Jun 21, 2019
Authored by Jonathan Looney | Site security.freebsd.org

FreeBSD Security Advisory - While processing acknowledgements, the RACK code uses several linked lists to maintain state entries. A malicious attacker can cause the lists to grow unbounded. This can cause an expensive list traversal on every packet being processed, leading to resource exhaustion and a denial of service. An attacker with the ability to send specially crafted TCP traffic to a victim system can degrade network performance and/or consume excessive CPU by exploiting the inefficiency of traversing the potentially very large RACK linked lists with relatively small bandwidth cost.

tags | advisory, denial of service, tcp
systems | freebsd, bsd
advisories | CVE-2019-5599
MD5 | 61bd1985fd9c500e680146f09bfc02c8
Linux / FreeBSD TCP-Based Denial Of Service
Posted Jun 18, 2019
Authored by Jonathan Looney | Site netflix.com

Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels. The vulnerabilities specifically relate to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities. The most serious, dubbed _"SACK Panic_," allows a remotely-triggered kernel panic on recent Linux kernels. There are patches that address most of these vulnerabilities. If patches can not be applied, certain mitigations will be effective.

tags | advisory, kernel, tcp, vulnerability
systems | linux, freebsd, bsd
advisories | CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-5599
MD5 | 2c46702ff7e7c931dd0a108fe8cfe05d
FreeBSD rtld execl() Privilege Escalation
Posted May 22, 2019
Authored by stealth, Kingcope | Site metasploit.com

This Metasploit module exploits a vulnerability in the FreeBSD run-time link-editor (rtld). The rtld unsetenv() function fails to remove LD_* environment variables if __findenv() fails. This can be abused to load arbitrary shared objects using LD_PRELOAD, resulting in privileged code execution.

tags | exploit, arbitrary, code execution
systems | freebsd, bsd
advisories | CVE-2009-4146, CVE-2009-4147
MD5 | 8389e3a76ad8302ffe4213d460a38deb
FreeBSD Security Advisory - FreeBSD-SA-19:07.mds
Posted May 15, 2019
Site security.freebsd.org

FreeBSD Security Advisory - On some Intel processors utilizing speculative execution a local process may be able to infer stale information from microarchitectural buffers to obtain a memory disclosure. An attacker may be able to read secret data from the kernel or from a process when executing untrusted code (for example, in a web browser).

tags | advisory, web, kernel, local
systems | freebsd, bsd
advisories | CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
MD5 | f3d49ad33dba5d63cb9cccec7a4b379e
FreeBSD Security Advisory - FreeBSD-SA-19:06.pf
Posted May 15, 2019
Authored by Synacktiv | Site security.freebsd.org

FreeBSD Security Advisory - States in pf(4) let ICMP and ICMP6 packets pass if they have a packet in their payload matching an existing condition. pf(4) does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet. A maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules and be passed to a host that would otherwise be unavailable.

tags | advisory, protocol
systems | freebsd
advisories | CVE-2019-5598
MD5 | e3e8d4e9aa9533a9ffc33b450c1d1e5e
FreeBSD Security Advisory - FreeBSD-SA-19:05.pf
Posted May 15, 2019
Authored by Synacktiv | Site security.freebsd.org

FreeBSD Security Advisory - A bug in the pf(4) IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of from the first packet. Malicious IPv6 packets with different IPv6 extensions could cause a kernel panic or potentially a filtering rule bypass.

tags | advisory, kernel
systems | freebsd
advisories | CVE-2019-5597
MD5 | daaa024c3464b4ca624b91c213124dcb
FreeBSD Security Advisory - FreeBSD-SA-19:04.ntp
Posted May 15, 2019
Authored by Magnus Stubman | Site security.freebsd.org

FreeBSD Security Advisory - A crafted malicious authenticated mode 6 packet from a permitted network address can trigger a NULL pointer dereference. Note for this attack to work, the sending system must be on an address from which the target ntpd(8) accepts mode 6 packets, and must use a private key that is specifically listed as being used for mode 6 authorization. The ntpd daemon can crash due to the NULL pointer dereference, causing a denial of service.

tags | advisory, denial of service
systems | freebsd
advisories | CVE-2019-8936
MD5 | 393da78d6518960d9582bc59fa803d36
FreeBSD Security Advisory - FreeBSD-SA-19:03.wpa
Posted May 15, 2019
Site security.freebsd.org

FreeBSD Security Advisory - Multiple vulnerabilities exist in the hostapd(8) and wpa_supplicant(8) implementations.

tags | advisory, vulnerability
systems | freebsd, bsd
advisories | CVE-2019-9494, CVE-2019-9495, CVE-2019-9496, CVE-2019-9497
MD5 | 71ae117c46b8fba957049dd0f7eb8d5a
FreeBSD Intel SYSRET Privilege Escalation
Posted Mar 7, 2019
Authored by Rafal Wojtczuk, Brendan Coles, John Baldwin, iZsh | Site metasploit.com

This Metasploit module exploits a vulnerability in the FreeBSD kernel, when running on 64-bit Intel processors. By design, 64-bit processors following the X86-64 specification will trigger a general protection fault (GPF) when executing a SYSRET instruction with a non-canonical address in the RCX register. However, Intel processors check for a non-canonical address prior to dropping privileges, causing a GPF in privileged mode. As a result, the current userland RSP stack pointer is restored and executed, resulting in privileged code execution.

tags | exploit, x86, kernel, code execution
systems | freebsd, bsd
advisories | CVE-2012-0217
MD5 | 3c4bc514cf25ebc9c86255e4a4f4d06e
FreeBSD Security Advisory - FreeBSD-SA-19:02.fd
Posted Feb 6, 2019
Authored by Peter Holm | Site security.freebsd.org

FreeBSD Security Advisory - FreeBSD 12.0 attempts to handle the case where the receiving process does not provide a sufficiently large buffer for an incoming control message containing rights. In particular, to avoid leaking the corresponding descriptors into the receiving process' descriptor table, the kernel handles the truncation case by closing descriptors referenced by the discarded message. The code which performs this operation failed to release a reference obtained on the file corresponding to a received right. This bug can be used to cause the reference counter to wrap around and free the file structure. A local user can exploit the bug to gain root privileges or escape from a jail.

tags | advisory, kernel, local, root
systems | freebsd
advisories | CVE-2019-5596
MD5 | d2a5625f6a6acebfab7130396aaad041
FreeBSD Security Advisory - FreeBSD-SA-19:01.syscall
Posted Feb 6, 2019
Authored by Konstantin Belousov | Site security.freebsd.org

FreeBSD Security Advisory - The callee-save registers are used by kernel and for some of them (%r8, %r10, and for non-PTI configurations, %r9) the content is not sanitized before return from syscalls, potentially leaking sensitive information. Typically an address of some kernel data structure used in the syscall implementation, is exposed.

tags | advisory, kernel
systems | freebsd
advisories | CVE-2019-5595
MD5 | 4fa532c6e04c2f256ea9ead2ce8d94a8
FreeBSD Security Advisory - FreeBSD-SA-18:15.bootpd
Posted Dec 20, 2018
Authored by Reno Robert | Site security.freebsd.org

FreeBSD Security Advisory - Due to insufficient validation of network-provided data it may be possible for a malicious attacker to craft a bootp packet which could cause a stack buffer overflow. It is possible that the buffer overflow could lead to a Denial of Service or remote code execution.

tags | advisory, remote, denial of service, overflow, code execution
systems | freebsd
advisories | CVE-2018-17161
MD5 | 88112b48fbe7ec1d8945f0322a19ff3f
FreeBSD Security Advisory - FreeBSD-SA-18:14.bhyve
Posted Dec 6, 2018
Authored by Reno Robert | Site security.freebsd.org

FreeBSD Security Advisory - Insufficient bounds checking in one of the device models provided by bhyve(8) can permit a guest operating system to overwrite memory in the bhyve(8) processing possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root.

tags | advisory, arbitrary, root, code execution
systems | freebsd, bsd
advisories | CVE-2018-17160
MD5 | 7dc5a9cc50e7bfcc59073a947a869ea7
FreeBSD Security Advisory - FreeBSD-SA-18:13.nfs
Posted Nov 28, 2018
Authored by Jakub Jirasek | Site security.freebsd.org

FreeBSD Security Advisory - Insufficient and improper checking in the NFS server code could cause a denial of service or possibly remote code execution via a specially crafted network packet. A remote attacker could cause the NFS server to crash, resulting in a denial of service, or possibly execute arbitrary code on the server.

tags | advisory, remote, denial of service, arbitrary, code execution
systems | freebsd, bsd
advisories | CVE-2018-17157, CVE-2018-17158, CVE-2018-17159
MD5 | c429bab0bdb3143934610a88f982eccd
FreeBSD Security Advisory - FreeBSD-SA-18:12.elf
Posted Sep 13, 2018
Authored by Fraunhofer FKIE, Thomas Barabosch, Mark Johnston | Site security.freebsd.org

FreeBSD Security Advisory - Insufficient validation was performed in the ELF header parser, and malformed or otherwise invalid ELF binaries were not rejected as they should be. Execution of a malicious ELF binary may result in a kernel crash or may disclose kernel memory.

tags | advisory, kernel
systems | freebsd, bsd
advisories | CVE-2018-6924
MD5 | 00b792f169afd323a3ed205a6d9a506d
FreeBSD Security Advisory - FreeBSD-SA-18:10.ip
Posted Aug 15, 2018
Authored by Juha-Matti Tilli | Site security.freebsd.org

FreeBSD Security Advisory - A researcher has notified us of a DoS attack applicable to another operating system. While FreeBSD may not be vulnerable to that exact attack, we have identified several places where inadequate DoS protection could allow an attacker to consume system resources. It is not necessary that the attacker be able to establish two-way communication to carry out these attacks. These attacks impact both IPv4 and IPv6 fragment reassembly. In the worst case, an attacker could send a stream of crafted fragments with a low packet rate which would consume a substantial amount of CPU. Other attack vectors allow an attacker to send a stream of crafted fragments which could consume a large amount of CPU or all available mbuf clusters on the system. These attacks could temporarily render a system unreachable through network interfaces or temporarily render a system unresponsive. The effects of the attack should clear within 60 seconds after the attack stops.

tags | advisory
systems | freebsd, bsd
advisories | CVE-2018-6923
MD5 | 6d1a3e8fec6cb509fd14501d91ac75b5
FreeBSD Security Advisory - FreeBSD-SA-18:11.hostapd
Posted Aug 15, 2018
Authored by Mathy Vanhoef | Site security.freebsd.org

FreeBSD Security Advisory - When using WPA2, EAPOL-Key frames with the Encrypted flag and without the MIC flag set, the data field was decrypted first without verifying the MIC. When the dta field was encrypted using RC4, for example, when negotiating TKIP as a pairwise cipher, the unauthenticated but decrypted data was subsequently processed. This opened wpa_supplicant(8) to abuse by decryption and recovery of sensitive information contained in EAPOL-Key messages. All users of the WPA2 TKIP pairwise cipher are vulnerable to information, for example, the group key.

tags | advisory
systems | freebsd, bsd
advisories | CVE-2018-14526
MD5 | 6161d24d13a49c91a2677cc51cfcb2a2
FreeBSD Security Advisory - FreeBSD-SA-18:09.l1tf
Posted Aug 15, 2018
Site security.freebsd.org

FreeBSD Security Advisory - On certain Intel 64-bit x86 systems there is a period of time during terminal fault handling where the CPU may use speculative execution to try to load data. The CPU may speculatively access the level 1 data cache (L1D). Data which would otherwise be protected may then be determined by using side channel methods. This issue affects bhyve on FreeBSD/amd64 systems. An attacker executing user code, or kernel code inside of a virtual machine, may be able to read secret data from the kernel or from another virtual machine.

tags | advisory, x86, kernel
systems | freebsd, bsd
advisories | CVE-2018-3620, CVE-2018-3646
MD5 | d2d8d94bd9c95b68c83e957598d1c85c
FreeBSD Security Advisory - FreeBSD-SA-18:08.tcp
Posted Aug 7, 2018
Authored by Juha-Matti Tilli | Site security.freebsd.org

FreeBSD Security Advisory - One of the data structures that holds TCP segments uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system's network performance and/or consume excessive CPU by exploiting the inefficiency of TCP reassembly handling, with relatively small bandwidth cost.

tags | advisory, tcp
systems | freebsd, bsd
advisories | CVE-2018-6922
MD5 | 0bdd64abf1fb28bb2f9ee045a5e2a080
FreeBSD Security Advisory - FreeBSD-SA-18:07.lazyfpu
Posted Jun 21, 2018
Authored by Julian Stecklina | Site security.freebsd.org

FreeBSD Security Advisory - A subset of Intel processors can allow a local thread to infer data from another thread through a speculative execution side channel when Lazy FPU state restore is used. Any local thread can potentially read FPU state information from other threads running on the host. This could include cryptographic keys when the AES-NI CPU feature is present.

tags | advisory, local
systems | freebsd, bsd
advisories | CVE-2018-3665
MD5 | 1f6a78529b67d0c29228595a5402e4ec
rldns 1.2
Posted May 11, 2018
Authored by Ringlayer | Site ringlayer.net

rldns is an open source lightweight DNS server for linux, netbsd, freebsd, and openbsd. Runs on x86 and x86_64 architectures.

Changes: Various updates.
tags | tool, x86
systems | linux, netbsd, unix, freebsd, bsd, openbsd
MD5 | 5b3cb3b9e8efbdc698d6294abcbf309d
FreeBSD Security Advisory - FreeBSD-SA-18:06.debugreg
Posted May 8, 2018
Authored by Nick Peterson | Site security.freebsd.org

FreeBSD Security Advisory - The MOV SS and POP SS instructions inhibit debug exceptions until the instruction boundary following the next instruction. If that instruction is a system call or similar instruction that transfers control to the operating system, the debug exception will be handled in the kernel context instead of the user context. An authenticated local attacker may be able to read sensitive data in kernel memory, control low-level operating system functions, or may panic the system.

tags | advisory, kernel, local
systems | freebsd, bsd
advisories | CVE-2018-8897
MD5 | 05c71c8dc70ff40f5b7968260285a503
Page 1 of 49
Back12345Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close