strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
8ab2371ba0c70cd010f0736839a0737dec95b197325b98505c1c69dd55e6964f
This python script tests for the remote root vulnerability in encryption support for telnetd on FreeBSD systems.
4249e9430985117ad8d3275e803d36e641c4beae4c0f6950bde8f0af5b3e100c
This Metasploit module exploits a buffer overflow in the encryption option handler of the FreeBSD telnet service.
26a4211c976648be259b01d70ead3c15515210a76cfa2f2e831ab504568547e8
FreeBSD Security Advisory - Some third-party applications, including KDE's kcheckpass command, allow the user to specify the name of the policy on the command line. Since OpenPAM treats the policy name as a path relative to /etc/pam.d or /usr/local/etc/pam.d, users who are permitted to run such an application can craft their own policies and cause the application to load and execute their own modules. If an application that runs with root privileges allows the user to specify the name of the PAM policy to load, users who are permitted to run that application will be able to execute arbitrary code with root privileges.
685c68cd0d879191a8f6e9dd16fb3ba8d2d61b100f23301bbe8d7f9cde467b5e
FreeBSD Security Advisory - The OpenSSL library call used to decrypt private keys ignores the passphrase argument if the key is not encrypted. Because the pam_ssh module only checks whether the passphrase provided by the user is null, users with unencrypted SSH private keys may successfully authenticate themselves by providing a dummy passphrase. If the pam_ssh module is enabled, attackers may be able to gain access to user accounts which have unencrypted SSH private keys.
3f9adbe4371e9a27a25b335c20511c3b4a8582a5127ca9a55c06862e006c1268
This Metasploit module exploits a buffer overflow in the encryption option handler of the FreeBSD telnet service.
5c027aef49c6a33044ddd945cfc6d9db2dfdaac94f49b241b9d556902a49848a
FreeBSD Security Advisory - When an encryption key is supplied via the TELNET protocol, its length is not validated before the key is copied into a fixed-size buffer. An attacker who can connect to the telnetd daemon can execute arbitrary code with the privileges of the daemon (which is usually the "root" superuser).
c92e3537ea4a9d4333d9b238da051a9f86ab6782c92ea9627150610dbec5e756
FreeBSD Security Advisory - The nsdispatch API has no mechanism to alert it to whether it is operating within a chroot environment in which the standard paths for configuration files and shared libraries may be untrustworthy. The FreeBSD ftpd daemon can be configured to use chroot, and also uses the nsdispatch API.
de56ea16374f3970ce64ad7bfe09f78855a3865a7491e05a50722e5299b402de
FreeBSD Security Advisory - A remote attacker could cause the BIND resolver to cache an invalid record, which could cause the BIND daemon to crash when that record is being queried.
913e895f321d484a5440d6ec9ea44d1a471f516fda6b68d698117be493718a87
Secunia Security Advisory - FreeBSD has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
805e11221d0425e28be43e4da38ed6862f251741395d35404b4fe80c6d3f5cfe
Secunia Security Advisory - A security issue has been reported in FreeBSD, which can be exploited by malicious people to bypass certain security restrictions.
d313127919790fc7977dce2c5ce4956a77420edf77a85d79f53d9715cf77ba8b
Secunia Security Advisory - FreeBSD has acknowledged a vulnerability in telnetd, which can be exploited by malicious people to compromise a vulnerable system.
216286f9074ec3da24abb06c04384888a6ea4fe08fe36b870a2a624119e454af
Secunia Security Advisory - Kingcope has discovered a vulnerability in FreeBSD, which can be exploited by malicious people to compromise a vulnerable system.
da0f55379af90a62d1150a575c4a0b80b25cd3fa31cc818ee55df7883dab396a
Remote root exploit for FreeBSD ftpd and ProFTPd on FreeBSD. It leverages the fact that /etc and /lib can be modified inside of the chroot.
f59b24d7a9bf8446fb65b25ad7046e1b91fd2198e39bf16f0a7f6d2431d9e848
libdvdcss is a cross-platform library for transparent DVD device access with on-the-fly CSS decryption. It currently runs under Linux, FreeBSD, NetBSD, OpenBSD, BSD/OS, Solaris, BeOS, Win95/Win98, Win2k/WinXP, MacOS X, HP-UX, QNX, and OS/2. It is used by libdvdread and most DVD players such as VLC because of its portability and because, unlike similar libraries, it does not require your DVD drive to be region locked.
4f2578b995a25f1d81ae2b3c6e4cc5b0a199581d4a0b3a2d67c48c3ed5db9199
strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
d750ec16bc32c3d7f41fdbc7ac376defb1acde9f4d95d32052cdb15488ca3c34
Secunia Security Advisory - A security issue has been discovered in FreeBSD, which can be exploited by malicious, local users to gain escalated privileges.
737b19818d45eefd141bbfc9b66974c0e1148723401cccbfafe40ed766510d88
strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
a602d73869f6d31e7e39021d3ac0b4d659de65348c0b42292785a6497ce28edc
Debian Linux Security Advisory 2325-1 - Buffer overflow in the "linux emulation" support in FreeBSD kernel allows local users to cause a denial of service (panic) and possibly execute arbitrary code by calling the bind system call with a long path for a UNIX-domain socket, which is not properly handled when the address is used by other unspecified system calls.
bd606722c312b01cbd9cde3ca4809d0d695405f02e122b34b4f9587f53523509
Mandriva Linux Security Advisory 2011-153 - The LZW decompressor in the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to and CVE-2011-2896. The updated packages have been patched to correct this issue.
74b02a4d1cc9f234803f357f47342c8c7e438ae30758ff5024405fab894f950a
FreeBSD UIPC socket heap overflow proof of concept exploit that causes a kernel panic. Tested on FreeBSD 8.2-RELEASE.
392d5e1fab7ef40059a4391fcc8e1c05b6f410d6413606f432dc4a27dfea91ba
Secunia Security Advisory - FreeBSD has issued an update for compress. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
4f7b3fdd2042a4c94c2a4c641884a99263da97dd30af662901e57bdc31bfcac9
FreeBSD Security Advisory - When a UNIX-domain socket is attached to a location using the bind(2) system call, the length of the provided path is not validated. Later, when this address was returned via other system calls, it is copied into a fixed-length buffer. A local user can cause the FreeBSD kernel to panic. It may also be possible to execute code with elevated privileges ("gain root"), escape from a jail, or to bypass security mechanisms in other ways.
90c70fca348e56d74499aa09d49020d5bbfb6758cde3a0c5eb8220e687826572
FreeBSD Security Advisory - The code used to decompress a file created by compress(1) does not do sufficient boundary checks on compressed code words, allowing reference beyond the decompression table, which may result in a stack overflow or an infinite loop when the decompressor encounters a corrupted file.
56febab158d830afcb2df839a7a95ac3e1a7fab7a28a063e7e3fb77d6e868228
FreeBSD Security Advisory - A logic error in the BIND code causes the BIND daemon to accept bogus data, which could cause the daemon to crash.
c21e64c2f2aa94b36262f7c921be33cd4195b26c049f52e436c3a4f598e601bf