seeing is believing
Showing 1 - 25 of 1,181 RSS Feed

Operating System: FreeBSD

FreeBSD setrlimit Stack Clash Proof Of Concept
Posted Jun 29, 2017
Site qualys.com

FreeBSD setrlimit stack clash proof of concept exploit.

tags | exploit, proof of concept
systems | freebsd, bsd
advisories | CVE-2017-1085
MD5 | 6eba2939821ab24edba2b623a0df6a80
FreeBSD FGPE Stack Clash Proof Of Concept
Posted Jun 29, 2017
Site qualys.com

FreeBSD FGPE stack clash proof of concept exploit.

tags | exploit, proof of concept
systems | freebsd, bsd
advisories | CVE-2017-1084
MD5 | a5bf5e251c7b1182eb8d9d86a7cba5ec
FreeBSD FGPU Stack Clash Proof Of Concept
Posted Jun 29, 2017
Site qualys.com

FreeBSD FGPU stack clash proof of concept exploit.

tags | exploit, proof of concept
systems | freebsd, bsd
advisories | CVE-2017-1084
MD5 | 4df3d0a41e548c26a0c180b85a467afb
FreeBSD Security Advisory - FreeBSD-SA-17:04.ipfilter
Posted Apr 27, 2017
Authored by Cy Schubert | Site security.freebsd.org

FreeBSD Security Advisory - ipfilter(4), capable of stateful packet inspection, using the "keep state" or "keep frags" rule options, will not only maintain the state of connections, such as TCP streams or UDP communication, it also maintains the state of fragmented packets. When a packet fragments are received they are cached in a hash table (and linked list). When a fragment is received it is compared with fragments already cached in the hash table for a match. If it does not match the new entry is used to create a new entry in the hash table. If on the other hand it does match, unfortunately the wrong entry is freed, the entry in the hash table. This results in use after free panic (and for a brief moment prior to the panic a memory leak due to the wrong entry being freed). Carefully feeding fragments that are allowed to pass by an ipfilter(4) firewall can be used to cause a panic followed by reboot loop denial of service attack.

tags | advisory, denial of service, udp, tcp, memory leak
systems | freebsd
advisories | CVE-2017-1081
MD5 | 52202a1372fafbdf07a4259245a5e409
FreeBSD Security Advisory - FreeBSD-SA-17:03.ntp
Posted Apr 12, 2017
Authored by Network Time Foundation | Site security.freebsd.org

FreeBSD Security Advisory - A vulnerability was discovered in the NTP server's parsing of configuration directives. A vulnerability was found in NTP, in the parsing of packets from the DPTS Clock. A vulnerability was discovered in the NTP server's parsing of configuration directives. A vulnerability was found in NTP, affecting the origin timestamp check function. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message. A malicious device could send crafted messages, causing ntpd to crash. An attacker able to spoof messages from all of the configured peers could send crafted packets to ntpd, causing later replies from those peers to be discarded, resulting in denial of service.

tags | advisory, remote, denial of service, spoof
systems | freebsd, bsd
advisories | CVE-2016-9042, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464
MD5 | c169a99d362c1ddf8d4e9d7e28573bae
rldns 1.1
Posted Mar 23, 2017
Authored by Ringlayer | Site ringlayer.net

rldns is an open source lightweight DNS server for linux, netbsd, freebsd, and openbsd. Runs on x86 and x86_64 architectures.

Changes: Various updates.
tags | tool, x86
systems | linux, netbsd, unix, freebsd, bsd, openbsd
MD5 | fa1b4c747d0ea7b13c02993fbb0336e7
rldns 1.0
Posted Mar 13, 2017
Authored by Ringlayer | Site ringlayer.net

rldns is an open source lightweight DNS server for linux, netbsd, freebsd, and openbsd. Runs on x86 and x86_64 architectures.

tags | tool, x86
systems | linux, netbsd, unix, freebsd, bsd, openbsd
MD5 | 0ff54b024b64c4bf409da6fc84703fec
FreeBSD Security Advisory - FreeBSD-SA-17:02.openssl
Posted Feb 23, 2017
Site security.freebsd.org

FreeBSD Security Advisory - If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. Various other issues have also been identified.

tags | advisory
systems | freebsd, bsd
advisories | CVE-2016-7055, CVE-2017-3731, CVE-2017-3732
MD5 | 61e028674e75cf79a6ef2b0daf4f97e0
FreeBSD Security Advisory - FreeBSD-SA-17:01.openssh
Posted Jan 11, 2017
Site security.freebsd.org

FreeBSD Security Advisory - The ssh-agent(1) agent supports loading a PKCS#11 module from outside a trusted whitelist. An attacker can request loading of a PKCS#11 module across forwarded agent-socket. When privilege separation is disabled, forwarded Unix domain sockets would be created by sshd(8) with the privileges of 'root' instead of the authenticated user. A remote attacker who have control of a forwarded agent-socket on a remote system and have the ability to write files on the system running ssh-agent(1) agent can run arbitrary code under the same user credential. Because the attacker must already have some control on both systems, it is relatively hard to exploit this vulnerability in a practical attack. When privilege separation is disabled (on FreeBSD, privilege separation is enabled by default and has to be explicitly disabled), an authenticated attacker can potentially gain root privileges on systems running OpenSSH server.

tags | advisory, remote, arbitrary, root
systems | unix, freebsd, bsd
advisories | CVE-2016-10009, CVE-2016-10010
MD5 | 2022ff5492e80b6bf9eb7f85b3d2016f
FreeBSD Security Advisory - FreeBSD-SA-16.39.ntp
Posted Dec 21, 2016
Authored by Network Time Foundation | Site security.freebsd.org

FreeBSD Security Advisory - Multiple vulnerabilities have been discovered in the NTP suite.

tags | advisory, vulnerability
systems | freebsd, bsd
advisories | CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7431
MD5 | 758701c6c332f8937e8764717b895f4a
FreeBSD Security Advisory - FreeBSD-SA-16:15.sysarch
Posted Oct 25, 2016
Authored by ahaha | Site security.freebsd.org

FreeBSD Security Advisory - A special combination of sysarch(2) arguments, specify a request to uninstall a set of descriptors from the LDT. The start descriptor is cleared and the number of descriptors are provided. Due to lack of sufficient bounds checking during argument validity verification, unbound zero'ing of the process LDT and adjacent memory can be initiated from usermode. This vulnerability could cause the kernel to panic. In addition it is possible to perform a local Denial of Service against the system by unprivileged processes.

tags | advisory, denial of service, kernel, local
systems | freebsd
advisories | CVE-2016-1885
MD5 | 2928e81b104e6f66784c2fc8aa82ca7e
FreeBSD Security Advisory - FreeBSD-SA-16:25.bspatch
Posted Jul 25, 2016
Site security.freebsd.org

FreeBSD Security Advisory - The implementation of bspatch does not check for a negative value on numbers of bytes read from the diff and extra streams, allowing an attacker who can control the patch file to write at arbitrary locations in the heap. This issue was first discovered by The Chromium Project and reported independently by Lu Tung-Pin to the FreeBSD project. An attacker who can control the patch file can cause a crash or run arbitrary code under the credentials of the user who runs bspatch, in many cases, root.

tags | advisory, arbitrary, root
systems | freebsd
advisories | CVE-2014-9862
MD5 | 82e698f904115c3510c38a29f992e781
FreeBSD Security Advisory - FreeBSD-SA-16:24.ntp
Posted Jun 6, 2016
Site security.freebsd.org

FreeBSD Security Advisory - Multiple vulnerabilities have been discovered in the NTP suite.

tags | advisory, vulnerability
systems | freebsd, bsd
advisories | CVE-2016-4953, CVE-2016-4954, CVE-2016-4955, CVE-2016-4957
MD5 | fce94472a944196f57b09c666a948569
FreeBSD Security Advisory - FreeBSD-SA-16:20.linux
Posted Jun 1, 2016
Authored by CTurt | Site security.freebsd.org

FreeBSD Security Advisory - The implementation of the TIOCGSERIAL ioctl(2) does not clear the output struct before copying it out to userland. The implementation of the Linux sysinfo() system call does not clear the output struct before copying it out to userland. An unprivileged user can read a portion of uninitialised kernel stack data, which may contain sensitive information, such as the stack guard, portions of the file cache or terminal buffers, which an attacker might leverage to obtain elevated privileges.

tags | advisory, kernel
systems | linux, freebsd
MD5 | 1e15711ef418910a989c906474f5221c
FreeBSD Security Advisory - FreeBSD-SA-16:22.libarchive
Posted Jun 1, 2016
Authored by Alexander Cherepanov | Site security.freebsd.org

FreeBSD Security Advisory - The cpio(1) tool from the libarchive(3) bundle is vulnerable to a directory traversal problem via absolute paths in an archive file. A malicious archive file being unpacked can overwrite an arbitrary file on a filesystem, if the owner of the cpio process has write access to it.

tags | advisory, arbitrary
systems | freebsd
advisories | CVE-2015-2304
MD5 | 274629714de89c0dd89194957e9ee690
FreeBSD Security Advisory - FreeBSD-SA-16:23.libarchive
Posted Jun 1, 2016
Site security.freebsd.org

FreeBSD Security Advisory - An integer signedness error in the archive_write_zip_data() function in archive_write_set_format_zip.c in libarchive(2) could lead to a buffer overflow on 64-bit machines. An attacker who can provide input of their choice for creating a ZIP archive can cause a buffer overflow in libarchive(2) that results in a core dump or possibly execution of arbitrary code provided by the attacker.

tags | advisory, overflow, arbitrary
systems | freebsd
advisories | CVE-2013-0211
MD5 | 4e380ba863ed7b8823111e3484f3780e
FreeBSD Security Advisory - FreeBSD-SA-16:21.43bsd
Posted Jun 1, 2016
Authored by CTurt | Site security.freebsd.org

FreeBSD Security Advisory - The implementation of historic stat(2) system call does not clear the output struct before copying it out to userland. An unprivileged user can read a portion of uninitialised kernel stack data, which may contain sensitive information, such as the stack guard, portions of the file cache or terminal buffers, which an attacker might leverage to obtain elevated privileges.

tags | advisory, kernel
systems | freebsd
MD5 | 050fa392be53d3265e4e182e8ba729df
FreeBSD Security Advisory - FreeBSD-SA-16:19.sendmsg
Posted May 18, 2016
Authored by CTurt and the HardenedBSD team | Site security.freebsd.org

FreeBSD Security Advisory - Incorrect argument handling in the socket code allows malicious local user to overwrite large portion of the kernel memory. Malicious local user may crash kernel or execute arbitrary code in the kernel, potentially gaining superuser privileges.

tags | advisory, arbitrary, kernel, local
systems | freebsd
advisories | CVE-2016-1887
MD5 | 4d6effae01c6a211307b96d8442db080
FreeBSD Security Advisory - FreeBSD-SA-16:18.atkbd
Posted May 18, 2016
Authored by CTurt and the HardenedBSD team | Site security.freebsd.org

FreeBSD Security Advisory - Incorrect signedness comparison in the ioctl(2) handler allows a malicious local user to overwrite a portion of the kernel memory. A local user may crash the kernel, read a portion of kernel memory and execute arbitrary code in kernel context. The result of executing an arbitrary kernel code is privilege escalation.

tags | advisory, arbitrary, kernel, local
systems | freebsd
advisories | CVE-2016-1886
MD5 | db2cefadc213a78dbd47951a813ce706
FreeBSD Security Advisory - FreeBSD-SA-16:17.openssl
Posted May 5, 2016
Authored by OpenSSL Project | Site security.freebsd.org

FreeBSD Security Advisory - The padding check in AES-NI CBC MAC was rewritten to be in constant time by making sure that always the same bytes are read and compared against either the MAC or padding bytes. But it no longer checked that there was enough data to have both the MAC and padding bytes. [CVE-2016-2107] An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. [CVE-2016-2105] An overflow can occur in the EVP_EncryptUpdate() function, however it is believed that there can be no overflows in internal code due to this problem. [CVE-2016-2106] When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory. [CVE-2016-2109] ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. [CVE-2016-2176] FreeBSD does not run on any EBCDIC systems and therefore is not affected. A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI. [CVE-2016-2107] If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. [CVE-2016-2105] Any application parsing untrusted data through d2i BIO functions are vulnerable to memory exhaustion attack. [CVE-2016-2109] TLS applications are not affected.

tags | advisory, overflow
systems | freebsd
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109
MD5 | 0cd350926d2b0a4e5eb3cc47ba9a5d7d
FreeBSD Kernel amd64_set_ldt Heap Overflow
Posted Mar 17, 2016
Authored by Core Security Technologies, Francisco Falcon

Core Security Technologies Advisory - An integer signedness error has been found in the amd64_set_ldt() function in the FreeBSD kernel code (define d in the /sys/amd64/amd64/sys_machdep.c file), which implements the i386_set_ldt system call on the amd64 version of the OS. This integer signedness issue ultimately leads to a heap overflow in the kernel, allowing local unprivileged attackers to crash the system. FreeBSD 10.2 amd64 is affected.

tags | exploit, overflow, kernel
systems | freebsd, bsd
advisories | CVE-2016-1885
MD5 | 5fddced07d5ad899ebb2d9c6bf48f392
FreeBSD Security Advisory - FreeBSD-SA-16:15.sysarch
Posted Mar 17, 2016
Authored by Core Security Technologies | Site security.freebsd.org

FreeBSD Security Advisory - A special combination of sysarch(2) arguments, specify a request to uninstall a set of descriptors from the LDT. The start descriptor is cleared and the number of descriptors are provided. Due to invalid use of a signed intermediate value in the bounds checking during argument validity verification, unbound zero'ing of the process LDT and adjacent memory can be initiated from usermode. This vulnerability could cause the kernel to panic. In addition it is possible to perform a local Denial of Service against the system by unprivileged processes.

tags | advisory, denial of service, kernel, local
systems | freebsd
advisories | CVE-2016-1885
MD5 | 708f3ca1de7547e635db4e1854a95614
FreeBSD Security Advisory - FreeBSD-SA-16:14.openssh
Posted Mar 17, 2016
Site security.freebsd.org

FreeBSD Security Advisory - Due to insufficient input validation in OpenSSH, a client which has permission to establish X11 forwarding sessions to a server can piggyback arbitrary shell commands on the data intended to be passed to the xauth tool. An attacker with valid credentials and permission to establish X11 forwarding sessions can bypass other restrictions which may have been placed on their account, for instance using ForceCommand directives in the server's configuration file.

tags | advisory, arbitrary, shell
systems | freebsd
advisories | CVE-2016-3115
MD5 | 46da5195f39572d7796a4a8faa2321a1
FreeBSD Security Advisory - FreeBSD-SA-16:12.openssl
Posted Mar 14, 2016
Authored by OpenSSL Project | Site security.freebsd.org

FreeBSD Security Advisory - A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP3) shares the RSA keys of the non-vulnerable server. This vulnerability is known as DROWN. Various other issues were also addressed.

tags | advisory, imap, protocol
systems | freebsd, bsd
advisories | CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0705
MD5 | 9ba68b8ddba8c9076b272b296999095c
FreeBSD Security Advisory - FreeBSD-SA-16:13.bind
Posted Mar 14, 2016
Authored by ISC | Site security.freebsd.org

FreeBSD Security Advisory - Testing by ISC has uncovered a defect in control channel input handling which can cause named to exit due to an assertion failure in sexpr.c or alist.c when a malformed packet is sent to named's control channel (the interface which allows named to be controlled using the "rndc" server control utility). An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c. A remote attacker can deliberately trigger the failed assertion if the DNS server accepts remote rndc commands regardless if authentication is configured. Note that this is not enabled by default. A remote attacker who can cause a server to make a query deliberately chosen to generate a response containing a signature record which would trigger a failed assertion and cause named to stop. Disabling DNSsec does not provide protection against this vulnerability.

tags | advisory, remote
systems | freebsd, bsd
advisories | CVE-2016-1285, CVE-2016-1286
MD5 | e2321efbb6ba00455dca96e0e88d2409
Page 1 of 48
Back12345Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    23 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close