FreeBSD versions 5.4-RELEASE and below ftpd version 6.00LS sendfile kernel mem-leak exploit.
eefed0dbbad6b3a33771d66d5982aa28599fb1b4cd1b98cee1510a3870d2da9a
FreeBSD local denial of service exploit that causes a forced reboot.
74e9ff916c830d783aa31aad9f51279b50bb6492d981404c7bf0b44fa6c5ff54
81 bytes small FreeBSD/x86 connect back shellcode.
643bf4fda1812d0d2b7ea447f898c390586c13530385fee5bd41f7494451b21e
111 bytes small FreeBSD/x86 portbinding and forking shellcode.
4f5ac1b1ac2b8b263bb8741249d7adc60456e70ef8a731be67242d41bd4d75d2
Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
99e76f8f7684199b9176a7a2f6b1bb5c637d89f6906d6de279794fb1fb22cde1
Honggfuzz is a general-purpose, easy-to-use fuzzer with interesting analysis options. Given a starting corpus of test files, Honggfuzz supplies and modifies input to a test program and utilizes the ptrace() API/POSIX signal interface to detect and log crashes. It works on Linux, FreeBSD and Mac OS X.
5eabcb34e63989ed4f5642d912c8641cae186311d69337401092b6d50f806e3a
LiteSpeed Web Server version 4.0.17 with PHP remote exploit for FreeBSD that uses a reverse shell.
b0012b61c33fd5c2dc2a099bfb8c36b4de98d5171a58428b919cf7223ecaadd4
FreeBSD Security Advisory - A race condition exists in the OpenSSL TLS server extension code parsing when used in a multi-threaded application, which uses OpenSSL's internal caching mechanism. The race condition can lead to a buffer overflow. A double free exists in the SSL client ECDH handling code, when processing specially crafted public keys with invalid prime numbers.
8cfb790813185171ffd5ee2585fb00786a32d5a0a08c54131d90d05b0270c73a
Secunia Security Advisory - FreeBSD has issued an update for openssl. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
6e9a9a69a8d0d9a5f29313e68c79a4bc31025e75d1fb53e771b41b7100b7cd35
FreeBSD Security Advisory - The pfs_getextattr(9) function, used by pseudofs for handling extended attributes, attempts to unlock a mutex which was not previously locked.
3a98ed40616c81e73aa4a0d079237bc71bdc7a6f8d82304312a666edb259fb21
Secunia Security Advisory - A vulnerability has been reported in FreeBSD, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges.
dbd19bb93110c9892cc8146cc1edee1dfe17795dd7bc900346a5b72d08d55e86
Whitepaper call Binding the Daemon: FreeBSD Kernel Stack and Heap Exploitation.
731108acfa98e373bcbbecc7bde0ae45936a7487deb43212ee1c90225166071d
libc/glob(3) suffers from a resource exhaustion vulnerability. Proof of concept code included. Affected includes OpenBSD 4.7, NetBSD 5.0.2, FreeBSD 7.3/8.1, Oracle Sun Solaris 10 and GNU Libc (glibc).
0fe71b6c891ef4cf59d9008f85704335ab1de299aa1ecc8f4f06ae19461af5cd
FreeBSD versions 7.0 through 7.2 pseudofs null pointer dereference local exploit.
22f7237d83ef0a7ecbc6f409a5b2a8f85c968be8f991ec9d649f3b126b963114
Turtle rootkit for FreeBSD. This kernel module hooks unlink() so the protected file cannot be deleted, hooks kill() so the protected process cannot be killed, and has various other nice bells and whistles.
8b8bd3b4567213634fa8d095649b277321095be6c15b34acae704bab66f4b1d5
Secunia Security Advisory - FreeBSD has issued an update for bzip2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
e924069717ddd9492c8618090171e85322969a645566e8fd79f049345734b2a4
FreeBSD Security Advisory - The bzip2/bunzip2 utilities and the libbz2 library compress and decompress files using an algorithm based on the Burrows-Wheeler transform. They are generally slower than Lempel-Ziv compressors such as gzip, but usually provide a greater compression ratio. When decompressing data, the run-length encoded values are not adequately sanity-checked, allowing for an integer overflow.
59a1711bf6d2510506a512b7a40dbb7b7d40b51b3a4d4e1f1d1ab65852dec64e
FreeBSD versions 7.0 through 7.2 suffer from a pseudofs NULL pointer dereference vulnerability. Due to a spurious call to pfs_unlock() in pfs_getattr() (as defined in sys/fs/pseudofs/pseudofs_vnops.c), a null pointer is dereferenced after calling extattr_get_attribute() on pseudofs vnode. By allocating a page at address 0x0, an attacker can overwrite an arbitrarily chosen portion of kernel memory, leading to a crash or local root escalation.
a855fffa300b7f55f74d0715f967bca60e0020b4c7e86448ff0dcbf6e9626f3c
FreeBSD versions 7.3 and 8.1 suffer from a vm.pmap kernel local race condition denial of service vulnerability.
15ff6a10a74c00f3447bc440c3c878c02a0a5a9e6a2ff0a3d99e2b1daab2d3ea
FreeBSD mbufs() sendfile cache poisoning local privilege escalation exploit that throws a setuid shell in /tmp. Works on 7.x and 8.x builds prior to 12Jul2010.
52de447adb0cf2da2d0293e293c0bb572852ec6114e07299e2dfc735fc81b5ce
Secunia Security Advisory - A vulnerability has been reported in FreeBSD, which can be exploited by malicious, local users to bypass certain security restrictions.
74d413c2f7f163cf4dc0ba7e02927f7b5f0dbebcec364a861c73deeafa7fe9ff
Virtual Security Research, LLC. Security Advisory - VSR identified a vulnerability in the Coda filesystem kernel module, as implemented for FreeBSD and NetBSD. By sending a specially crafted ioctl request to a mounted Coda filesystem, an unprivileged local user could read large portions of kernel heap memory, leading to the disclosure of potentially sensitive information.
2a33556640e8aacacde12fc52c8c1542bef5798e08d4ad672635ca2fb49e83f2
The FreeBSD stock ftpd suffers from a buffer overflow vulnerability that causes a crash.
b6e259094c3c43fb1c82b84e20102f51066243e8071d83e5e4e91d4d6d77e6c8
Secunia Security Advisory - A vulnerability has been reported in FreeBSD, which can be exploited by malicious, local users to gain escalated privileges.
13dfd0ac01ceedda9fea03b3153be1e00cc2fad9cb389e45dc10ee10d3d568d3
Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
b1bae7a97e7a904bf620f285aa0d62ebc1fd3b54b671fbca125405036f949e80