It is possible to crash the kernel on FreeBSD/Alpha by passing an unaligned memory address as a 2nd or 3rd argument to execve() syscall. Affected versions: FreeBSD 5.1-RELEASE/Alpha and possibly others. Not affected: FreeBSD 5.1-RELEASE/IA32.
a4526052ca2cb1a9ff1b6dffe4989feaa6565bda6886895d2f79921d22533f39
FreeBSD Security Advisory FreeBSD-SA-04:12.jailroute - A programming error has allowed local users the ability to manipulate host routing tables if superuser privileges are achieved within jailed process.
0301e56f26cfa86a5da89c7242dbf8a821e5a883188131318fadee115fbac7b9
rrs is a reverse (connecting) remote shell. Instead of listening for incoming connections it will connect out to a listener (rrs in listen mode). The listener will accept the connection and receive a shell from the remote host. rrs features full pseudo-tty support, full OpenSSL support (high encryption, client/server authentication, choice of cipher suites), Twofish encryption, a simple XOR cipher, plain-text (unencrypted) session, peer-side session monitoring (snooping), daemon option and reconnection features. rrs is Free Software distributed under the MIT License and is known to compile and run under Linux, FreeBSD, NetBSD, OpenBSD and QNX.
ffd9098cf93da5bda65150fe241ec51eb0eb0e37edca038e6a2216bc12546e85
FreeBSD Security Advisory FreeBSD-SA-04:11.msync - Programming errors in the implementation of the msync(2) system call involving the MS_INVALIDATE operation lead to cache consistency problems between the virtual memory system and on-disk contents. In some situations, a user with read access to a file may be able to prevent changes to that file from being committed to disk.
9b6d668eb3cd0d98e3221d430ab661e7250fbb287c53beec7fe79cda74993a1f
httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database. httprint can import web servers from nmap network scans, if they are saved in XML format. The current version adds the ability to save reports in CSV and XML formats, and features a completely new method of scoring by confidence ratings to minimize false positives. This version is the FreeBSD release.
a29d163083835e04f3ac34d48e56fcbc39f8f5cc7c18ea0d79acbfd4686fbc7b
JailUtils is a collection of utilities for managing FreeBSD jails. They facilitate the orderly startup and shutdown of jails, list processes in jails, and do various other things.
c9d041599e62770672605ddf3c368a7c224e70f5897a27edcdf1db91ecdf06eb
Remote root exploit for stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7. Linux and FreeBSD version. Anonymously submitted.
cbba2ce54b3c6d2fab06e83029be065535aa55e80f9747949b5f4579b7f3ef21
rrs is a reverse (connecting) remote shell. Instead of listening for incoming connections it will connect out to a listener (rrs in listen mode). The listener will accept the connection and receive a shell from the remote host. rrs features full pseudo-tty support, full OpenSSL support (high encryption, client/server authentication, choice of cipher suites), Twofish encryption, a simple XOR cipher, plain-text (unencrypted) session, peer-side session monitoring (snooping), daemon option and reconnection features. rrs is Free Software distributed under the MIT License and is known to compile and run under Linux, FreeBSD, NetBSD, OpenBSD and QNX.
d88505015c16f2edd0fa08ec1d5fe659035fd768314016daf711864453c44e27
sishell is a reverse (connecting) shellcode kit for x86 Linux, FreeBSD, NetBSD and OpenBSD. It generates both regular shellcode without NULLs and stand-alone ELF executables. sishell is distributed with a Makefile system, a custom ELF brander (brandelf) and a C example code generator. sishell is distributed under the MIT License.
2c3d6e93ea10f49f72295f4c8a5610d2e83976e34a37eda03b1600301a9077c1
rrs is a reverse (connecting) remote shell. Instead of listening for incoming connections it will connect out to a listener (rrs in listen mode). The listener will accept the connection and receive a shell from the remote host. rrs features full pseudo-tty support, full OpenSSL support (high encryption, client/server authentication, choice of cipher suites), Twofish encryption, a simple XOR cipher, plain-text (unencrypted) session, peer-side session monitoring (snooping), daemon option and reconnection features. rrs is Free Software distributed under the MIT License and is known to compile and run under Linux, FreeBSD, NetBSD, OpenBSD and QNX.
e1731f76298f2b4aca4e90cbd80cd194f4e3c066efb4079b79d2674f6b009d1d
FreeBSD 4.x kernel security module. Currently supports forkbomb protection, and setuid restrictions and logging. Future versions of the module will carry more powerful features such as stack randomization, malloc bomb protection, etc.
d6046ee8a2cb59b97f9b114b492cff647c5d8ba07c777afb085fd9540d22b791
Mandatory Access Control tutorial to correctly and safely install, configure, and use MAC policies. Written for FreeBSD users. Full step by step details given with explanations.
207406b5776a26ca845f149070406f74a77aefe86a8bb83717528be689f9754b
Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data. Full changelog here.
d22779b336b8f1a886cc205ee69e8034307b3db0b04c1271dda2b51474c33d0e
FreeBSD Security Advisory FreeBSD-SA-04:06.ipv6 - Applications may manipulate the behavior of an IPv6 socket using the setsockopt(2) system call. This may allow a local attacker to read portions of kernel memory.
70e1c4c7ccbdf1b90bac831af83ac26a62adca45386ee48ac5f0dfdafab17978
Access Point Utilities for Unix is a set of utilities that configure and monitor a Wireless Access Point under Unix. It is known to compile (with GCC and the IBM C compiler) and run under Linux, FreeBSD, OpenBSD, MacOS X, AIX, and QNX.
0389286b9521691014e34e17612c2dcfe8bd007f7ea4a673870e7418734fa223
FreeBSD Security Advisory FreeBSD-SA-04:03.jail - A vulnerability has been found where jailed processes can attach to other jails. A programming error has been found in the jail_attach(2) system call which affects the way that system call verifies the privilege level of the calling process. Instead of failing immediately if the calling process was already jailed, the jail_attach(2) system call would fail only after changing the calling process's root directory.
639d6bd5793d142816eebc4131a6389ec9dc7aeb7fd4ad2a9e06d5e395084bfd
Access Point Utilities for Unix is a set of utilities that configure and monitor a Wireless Access Point under Unix. It is known to compile (with GCC and the IBM C compiler) and run under Linux, FreeBSD, OpenBSD, MacOS X, AIX, and QNX.
bc0e8606560421ac048a819458d51837d40ddf66dac82615455a6249ac91535a
Autossh is a program to monitor and automatically reestablish SSH connections. It is similar to rstunnel (Reliable SSH Tunnel), however, it is implemented in C, and is easier to set up and use, especially for connections to multiple hosts. Autossh has been compiled and tested on OpenBSD, Linux, and Solaris, and should run without needing changes on FreeBSD and NetBSD.
aa291238919a04261f8fc721d2478f39a9744520ec2ac7c4ba12373c9395bbd3
Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data. Full changelog here.
fd64352434e534c075de72e494d8b6445cfd5952bc831088c40ffe0762608f5f
FreeBSD Security Advisory FreeBSD-SA-04:02.shmat - A programming error in the shmat(2) system call can result in a shared memory segment's reference count being erroneously incremented. It may be possible to cause a shared memory segment to reference unallocated kernel memory, but remain valid. This could allow a local attacker to gain read or write access to a portion of kernel memory, resulting in sensitive information disclosure, bypass of access control mechanisms, or privilege escalation.
f7980b18cb45849dee668cc1f8462772ff11b36dfae7efe38bc3e239fcbc054c
Pine Digital Security Advisory PINE-CERT-20040201 - The shmat(2) function has a flaw that allows local users to achieve escalated privileges. Vulnerable systems: FreeBSD versions 2.2.0 and greater, NetBSD versions 1.3 and greater, and OpenBSD versions 2.6 and greater.
a574248c2ca40bfc4b92b9ac9a645d17d7ca2b2477dbce0dd28b3dd3e9b6ce84
FreeBSD Security Advisory FreeBSD-SA-04:01.mksnap_ffs - The mksnap_ffs command creates a snapshot of a filesystem. A snapshot is a static representation of the state of the filesystem at a particular point in time. The kernel interface for creating a snapshot of a filesystem is the same as that for changing the flags on that filesystem. Due to an oversight, the mksnap_ffs command called that interface with only the snapshot flag set, causing all other flags to be reset to the default value.
21d89343ce81311419e74c853049b4efdadae48c42f81a69eb201acdb9334ee0
White paper on an introduction to HTTP fingerprinting. Related tool demonstrating these methodologies are available here for the following operating systems: FreeBSD. Originally presented at Blackhat Briefings 2003 in Singapore.
980a3c96680ee532ba354fa497246bd0736f113aaec93e415df2136f774f2f3b
httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database. httprint can import web servers from nmap network scans, if they are saved in XML format. The current version adds the ability to save reports in CSV and XML formats, and features a completely new method of scoring by confidence ratings to minimize false positives. This version is the FreeBSD release.
4344b6a71aa29a1b1a2c4dfb67d7e5a724b4f5256714494e8303ba148388d401
Chkrootkit v0.43 locally checks for signs of a rootkit. Chkrootkit includes ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions, strings.c for quick and dirty strings replacement, check_wtmpx.c to check for wtmpx deletions and the files chkproc.c and chkdirs.c to check for LKM trojans. Tested on Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x, 3.x, 4.x, and 5.x, BSDI, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0 and 3.1, NetBSD 1.5.2 and Solaris 2.5.1, 2.6 and 8.0, and HP-UX 11.
116242ca080fe3b4d62772e05c8a42ee4bd5a826ccb49a7b5aa0ed05b58e5758