FreeBSD 6x/7 protosw kernel local privilege escalation exploit. It does not spawn a new shell but gives your current shell euid=0.
b8dab657d63737c87d99b627f3b16b1d15d8d609b6868bab906c23dd6abb4cdbFreeBSD Security Advisory - The ftpd server splits long commands into several requests. This may result in the server executing a command which is hidden inside another very long command. This could, with a specifically crafted command, be used in a cross-site request forgery attack.
2e6c5b82c449c824228fcb5c04163a13250ea1166e252761a367a4dc98ca8ae5FreeBSD Security Advisory - Some function pointers for netgraph and bluetooth sockets are not properly initialized. A local user can cause the FreeBSD kernel to execute arbitrary code. This could be used by an attacker directly; or it could be used to gain root privilege or to escape from a jail.
68d6c56fdb87d6522cd80e38e97f33feb669cc5e02d6b6c06001e4a3bc436269Secunia Security Advisory - FreeBSD has acknowledged a vulnerability in ftpd, which can be exploited by malicious people to conduct cross-site request forgery attacks.
3aeb272e25386c8f96fe4b55030cca6c58ea7065318c20962b5c5898045faf4fSecunia Security Advisory - FreeBSD has acknowledged a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
e35792b9a5a4bad5145626984b61802aaf147b79b3da4c205fe9608cf073814fSecunia Security Advisory - FreeBSD has acknowledged a security issue, which can be exploited by malicious people to conduct brute force attacks.
5801f9e716905c9f89e14cca1c264120303c76e60bceeb4ae79f07fceb028112FreeBSD Security Advisory - When the arc4random random number generator is initialized, there may be inadequate entropy to meet the needs of kernel systems which rely on arc4random; and it may take up to 5 minutes before arc4random is reseeded with secure entropy from the Yarrow random number generator.
5b358a6d007f2d56053a805066be7b6451911ecfa223bda993b2748c778af6a4Invision Power Board Cracker version 1.0. This tool bruteforces md5 hashes and was written for use on FreeBSD.
3d99cd304a1fff660b0713de817ddfc3a7619ff26cb6fff92bdf0ca2e8ece2d0FreeBSD Security Advisory - IPv6 routers may allow "on-link" IPv6 nodes to create and update the router's neighbor cache and forwarding information. A malicious IPv6 node sharing a common router but on a different physical segment from another node may be able to spoof Neighbor Discovery messages, allowing it to update router information for the victim node.
5da0304608ae874f2a0a24b6a59e079a8cb6140245d47db24abb0b40c8913d5eSecunia Security Advisory - A vulnerability has been reported in FreeBSD, which can be exploited by malicious people to conduct spoofing attacks, disclose potentially sensitive information, or to cause a DoS (Denial of Service).
085fc3b83024ab9618dae968487d4993dabbc33a94dace63be18e94db4e1ae5f56 bytes setreuid, execve(pfctl -d) shellcode for freebsd/x86.
9f0ec696e7b3ac3dcc7755ae7e73a249c3f2fb62e635e84b71bf5bfc525ee831112 byte connect back.send.exit /etc/passwd shellcode for freebsd/x86.
2a9e2dbe79087eeea63c69f7234f0b2c4331c511246dc7eb688bdbeb4f82ae7612 byte kill all processes shellcode for freebsd/x86.
cfa82bdacc2f3c7fd83862d29be21d579166f90ad246ca9f611b652596f38e85ttyrpld is a kernel-based TTY shell, screen, and key logger for Linux, FreeBSD/PCBSD, and OpenBSD. It has a real-time log analyzer. It supports any TTY type (vc (console), BSD/Unix98 pty (xterm/SSH), serial, ISDN, USB, etc.).
14e04e2d7007ebd9ace27b8a7e35f9b2c3d15ca8de852bd08ffdc9e101044e6d90 byte rev connect, recv, jmp, return results shellcode for freebsd/x86.
de490e98a88f7b49dff7f3980d441bd35d41b81ed25838e1932e19ea8e9dabdfSecunia Security Advisory - FreeBSD has acknowledged a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
4247049d902e1a8abb713042cd2e0769813f31502e5cf65b108ad172d6dc4f00Secunia Security Advisory - FreeBSD has acknowledged a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
d7cdd57faef9c1e52081bcb44c00a7dd0c97ccf88200d59b7fa906f8f996d279FreeBSD Security Advisory - In case of an incoming ICMPv6 'Packet Too Big Message', there is an insufficient check on the proposed new MTU for a path to the destination. When the kernel is configured to process IPv6 packets and has active IPv6 TCP sockets, a specifically crafted ICMPv6 'Packet Too Big Message' could cause the TCP stack of the kernel to panic.
8d935b0a4c11d0b8d9e04f2031c6eabb363df15b37837728e7cfbdcb0d15d3acFreeBSD Security Advisory - Various user defined input such as mount points, devices, and mount options are prepared and passed as arguments to nmount(2) into the kernel. Under certain error conditions, user defined data will be copied into a stack allocated buffer stored in the kernel without sufficient bounds checking. If the system is configured to allow unprivileged users to mount file systems, it is possible for a local adversary to exploit this vulnerability and execute code in the context of the kernel.
8265017f0c4b0022d978e1e3604993352ecac41efc8b787596bf55e18a09b5bbFreeBSD Security Advisory - If a General Protection Fault happens on a FreeBSD/amd64 system while it is returning from an interrupt, trap or system call, the swapgs CPU instruction may be called one extra time when it should not resulting in userland and kernel state being mixed. A local attacker can by causing a General Protection Fault while the kernel is returning from an interrupt, trap or system call while manipulating stack frames and, run arbitrary code with kernel privileges.
fda35491c2c94c4696a474ad75a3cae114fe88a1cb3728114f08df8c752a8fac65 byte NULL free /bin/cat /etc/master.passwd shellcode for freebsd/x86.
bf75fbba65f9c2d9805dac05cb9b181b3ddf504b414102d4ab8ea326f74b262d56 byte setuid(0); execve(ipf -Fa); FreeBSD/x86 shellcode.
4905c77b104872e81339c93befff234f286dce206467fe8d28554b342503169089 byte /bin/sh reverse portbind FreeBSD/x86 shellcode.
0a238804877bad73cf1b4557abc7680cc941f298ece195636d9753a3010c5ca648 byte freebsd/x86 encrypted shellcode for /bin/sh.
521db4082afdf428d7d3dba0acc9846b0a72d8358967a984683b0d2c4edd27c6Secunia Security Advisory - FreeBSD has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.
39cf2a4b64ea876a0e9eb5347e8edb112626da7c7e2e361315c4ceafbb237ead
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed