Month of Apple Bugs - Exploit for the ffs_mountfs() function. The ffs_mountfs() function, part of the UFS filesystem handling code (shared between FreeBSD and Mac OS X XNU) is affected by an integer overflow vulnerability, leading to an exploitable denial of service condition and potential arbitrary code execution.
746e0bd8150cb61f86f671fe9e5f7939e7b56820033c9e5353bacadbe0247ca3p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris. This particular version is modified by Nerijus Krukauskas to store the data in a database.
32e1f026dd57ab647074756629038bd5a27a8e6656915da975aca3b0f3a7ca75FreeBSD Security Advisory - Symlinks created using the "GNUTYPE_NAMES" tar extension can be absolute due to lack of proper sanity checks.
7ba3e6885e8d3fc426d046277d8b0ab731a8d7a0955760bb6ec9de3f9f245048FreeBSD Security Advisory - The firewire(4) driver suffers from a kernel memory disclosure flaw.
4db745ec6a09022919249c4b5643014725cec3d5b47739879440d0729ce0431dSecunia Security Advisory - FreeBSD has issued an update for gtar. This fixes a security issue, which can be exploited by malicious people to overwrite arbitrary files.
5ac2be6d4eae2c1f2490c45f3618e0be63544c472b40ec6185d160950171150aA lack of environment sanitization in FreeBSD, OpenBSD, and NetBSD dynamic loaders may allow for privilege escalation.
10d249a491bc27ea8ab76d147121933d548a8fe892768f2d033e4b40d075076cThe Firewire device enabled by default in the GENERIC kernel for FreeBSD defines an IOCTL function which can be malicious called passing a negative buffer length value. This value will bypass the length check (because the value is negative) and will be used in a copyout operation. This is a kernel bug and the system can be compromised by local users and important system information can be disclosed.
82423b755e39255304cd291c2c1e57430c3c394fcfe1bff6e87af69b61b6bb54Secunia Security Advisory - Filipe Balestra and Rodrigo Rubira Branco have reported a vulnerability in FreeBSD, which can be exploited by malicious, local users to disclose potentially sensitive information.
ff5c58c4ac6bc65c4405a8b90330a865a07fba16a2f3914dbc9b805a0a6821aeSecunia Security Advisory - FreeBSD has issued an update for libarchive. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
c82546cafcfaaf26965db98a2d6576d2212378d18c90fe33e4ac7c0585d4053aFreeBSD Security Advisory - If the end of an archive is reached while attempting to "skip" past a region of an archive, libarchive will enter an infinite loop wherein it repeatedly attempts (and fails) to read further data.
1662409beef33d76b0e89f2e9c582e294f8878e50e0f2f6197a66012038d1c3bSecunia Security Advisory - LMH has reported a vulnerability in FreeBSD, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.
06959892fc20df2e82e3e7f694c611b78273a29ea119e67a212c9f865f75045eSecunia Security Advisory - Evgeny Legerov has reported a vulnerability in FreeBSD, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
0e2813aa305ee747a4b65542ac80847fc5ca92ad467859ae5303c685f090b2f2Secunia Security Advisory - Some vulnerabilities have been reported in FreeBSD, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
97e88cb169381341d2100d3a56bd4604cd3729eb703bce8a013723d476ddc72cFreeBSD ftruncate() DoS exploit. Causes system reboot.
d95dd783029e8b621927a0eaedae18fe266fbfc1532f3764ac0ae810567a9229FreeBSD sched_setscheduler() local denial of service exploit.
b24a5232df1bada7c8f4be20c1c63a7fcb50a5f2ab716dd460a5a898d7fa4a03FreeBSD 5.4 and 6.0 ptrace DoS exploit.
c8e8152518cb4731fedaa7dfdfdc1ac3fba3471053b6dd67d6f9611d95fb62a2iDefense Security Advisory 10.10.06: The PT_LWPINFO ptrace command in FreeBSD allows a tracer to get information on a running thread. Due to the use of signed integers and a lack of proper input validation, a situation can occur in the kernel where a panic will cause DoS.
36ccd7e8fc5965a0ea3eddda60bfb6175cfa41be8ac304bd98519df19227ee0eiDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability
36ccd7e8fc5965a0ea3eddda60bfb6175cfa41be8ac304bd98519df19227ee0eSecunia Security Advisory - A vulnerability has been reported in FreeBSD, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
b50502d45a52ff01aae623f12d1f657eae2cba5e956c33c8ac5817dda0baadf0p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris. This particular version is modified by Nerijus Krukauskas to store the data in a database.
831a4b6a39b33de014871382233112437df138ac0b88113a1f9b944299087f23FreeBSD 5.2 and prior shmat local kernel exploit.
f115f3bd68abfe5196acc1e163784d94ea90217661b8b2c5a61be2b9797c191eFreeBSD Security Advisory: Multiple problems in crypto(3) [revised]
cf24f2e129bca457df67226f2da481a6cd4cd412bc1dd50076f6b090a5725090FreeBSD Security Advisory: Multiple problems in crypto(3)
0187927fa4f8bfa1d2e8ed32a2b55c51090ed0b77f08caa6a6f2abc617a0afafThere exists a vulnerability within a architecture dependent function of the FreeBSD kernel (FreeBSD 5.2-RELEASE through FreeBSD 5.5-RELEASE), which when properly exploited can lead to local compromise of the vulnerable system. This vulnerability was fixed in FreeBSD 6.0-RELEASE, but production (legacy) releases 5.2 through 5.5 are still vulnerable.
47ee00f36252f1652b78dad10fe001b7ca99781759d2b3060edd166609c2d021iDefense Security Advisory 09.23.06: FreeBSD i386_set_ldt Integer Signedness Vulnerability
06ed2d55db72d0fc2c8f38bc15d96a5c618bc910e7a0c27c86b0268f6315efee
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed