Local exploit for ViRobot 2.0 that works against the FreeBSD edition. Tested against FreeBSD 4.8.
41059e552df59b7c97ce59335d8a8059d66eb278653f384fb513f884278d70fdFmond is a daemon coded for FreeBSD that will monitored targets which may get modified, written, deleted, or renamed.
a45d6b7844b36900e6fc03c192a17725e25f49db2a7d7b86f22ca671bad09326FreeBSD Security Advisory FreeBSD-SA-03:09.signal - Systems with the device driver spigot added into the kernel configuration are susceptible to a denial of service attack due to improper validation of signal numbers.
c87f33e96c8be65778ca953502578c8425ff00101734e66ee8d4c460da100569realpath(3) lukemftpd remote exploit for FreeBSD 4.8 that makes use of the off-by-one error.
97c90d5b2ccc417562521347fcbe9c9fa3363dd44b3ea5d475b6f7b255d0c086FreeBSD Security Advisory FreeBSD-SA-03:10.ibcs2 - The iBCS2 system call translator for statfs(2) erroneously used the user-supplied length parameter when copying a kernel data structure into userland. If the length parameter were larger than required, then instead of copying only the statfs-related data structure, additional kernel memory would also be made available to the user. If iBCS2 support were enabled, a malicious user could call the iBCS2 version of statfs(2) with an arbitrarily large length parameter, causing the kernel to return a large portion of kernel memory.
2c9b5bbe17a8ffdc72ab9be9c1de622434f5b2edb34fe8252dc32db8f6d8db6dFreeBSD Security Advisory FreeBSD-SA-03:08.realpath - An off-by-one error exists in a portion of realpath(3) that computes the length of a resolved pathname. As a result, applications making use of realpath(3) may be vulnerable to denial of service attacks, remote code execution, and privilege escalation. A staggering amount of applications make use of this functionality, including but not limited to, sftp-server and lukemftpd.
c39b1f231af3aa6eed22527f9da4ecb48a71fe2b9222d7e38045c619b9534d99Half-Life remote server root exploit for FreeBSD that works against version lower or equal to 1.1.1.0, and versions 3.1.1.1c1 and 4.1.1.1a.
898e3e82064b265aa059fca0a12fea7311f621681d5ab453ae2e45929872f676Apache 1.3.x using the mod_mylo module version 0.2.1 and below is vulnerable to a buffer overflow. The mod_mylo module is designed to log HTTP requests to a MySQL database and insufficient bounds checking in mylo_log() allows a remote attacker to gain full webserver uid access. Remote exploit for SuSE 8.1 Linux with Apache 1.3.27, RedHat 7.2/7.3 Linux with Apache 1.3.20, and FreeBSD 4.8 with Apache 1.3.27 included.
35db86fbefd818ae72497d5bec23002b6922e45da53d40b85d2ee31a56599032Proof of concept local exploit for gnats version 3.113.1_6 tested on FreeBSD 5.0. If successful, escalates privileges to gnats.
2b31b10d89b57698e84d31e47881d7d90cf4391690ee56926c5a87a74db28850A very thorough and well written paper describing raw socket programming entitled "An overview of raw socket programming with FreeBSD - Chapter I: Transport Control Protocol".
5328dd0dea4544d1c2163bdee82fd29da1afc5e35ff3273f7f5a411e490c6288Local root exploit for bru, or Backup and Restore Utility for Unix, that makes use of a stack overflow. Includes both Linux and FreeBSD targets.
afa4cb86c25ccd524dc32cd373bbf79e895145dd4fd8d42831a2f91bc8fc0f25Local exploit for Upclient 5.0.b5 that spawns a shell with kmem privileges. Tested on FreeBSD 5.0.
12ad32e03b238b43ac52391150406436f569b35875fd12e93cbdce6c5c310419Proof of concept exploit for mnoGoSearch 3.1.20 (and possibly works on 3.2.10) that binds a shell to port 10000. Tested against FreeBSD.
3b52260178c6331557b9865a060541ff07d5cdeeedbe2e926b3952bdeac4b23dLog cleaner, for Linux, Freebsd, Irix and SunOS. While in the midst of cleaning, various system checks are performed to monitor presence of detection.
ac7c25f0290ba5ef2ac9356d2eeaeb7e0973c568e4f1a337da703005cae7353aLocal root exploit for listproc 8.2.09 written for FreeBSD.
32d29d4604081ef12675fd665f8f0a35be36d443ef66bfee3dd3ba7a3b41693dThis script runs in place of ftpd to exploit the moxftp/mftp 2.2, cftp 0.12, and Iglooftp 0.6.1 clients. Written to exploit these clients on FreeBSD.
67e0e9f6bca8ed6e1bd88ca18e787b3b189c8c1e1e8366b20442d23f28fc63c1Gkrellmd 2.1.10 remote exploit with connect back shellcode. Tested on FreeBSD 4.8.
0484a62c7b78dd555a7a6f5e4945f1aa3126597a6351fbe10cbc505dfc097213Exploit for Elm version ko-elm-2.4h4.1, the Korean release, that yields gid of bin. Old vulnerability related to this is here. Tested against FreeBSD 4.7.
bdb62d798a58f673dc7a74bf9554a3a89281cc32e003b0963dceb3f6d801b45absd-airtools is a package that provides a complete tool set for wireless 802.11b auditing. Namely, it currently contains a bsd-based wep cracking application, called dweputils (as well as kernel patches for NetBSD, OpenBSD, and FreeBSD). It also contains a curses based ap detection application similar to netstumbler (dstumbler) that can be used to detect wireless access points and connected nodes, view signal to noise graphs, and interactively scroll through scanned ap's and view statistics for each. It also includes a couple other tools to provide a complete tool set for making use of all 14 of the prism2 debug modes as well as do basic analysis of the hardware-based link-layer protocols provided by prism2's monitor debug mode.
f61db60cd3fcb1273e22d688348fa72cdcc0f5b1a3efef5afb3e941dfa242a23Two papers that focus on writing basic and generic shell code on the Linux and FreeBSD platforms.
36dd91020106a10631362d85923743289e1f0641ee58b4164b72d6603153fb36Firebird has 3 binaries: gds_inet_server, gds_drop, and gds_lock_mgr, which all use insufficent bounds checking in conjunction with getenv(), making each one susceptible to local exploitation. Enclosed are two local root exploits tested against versions 1.0.0 and 1.0.2 on FreeBSD.
7841bcf9369b0cfc917765429ceb7118d676bfc4a650b097f57716bfab790d9aFreeBSD and OpenBSD remote Samba v2.2.x call_trans2open i386 buffer overflow exploit. Tested against OpenBSD 3.0 and FreeBSD 4.6.2-RELEASE with Samba v2.2.x. Includes support for target brute forcing. Information about the vulnerability is available here.
f677c9d6fb78104c365cb38722fea0540f263fc2adf56d38ded0fbb35c2f2573Remote root exploit for Samba 2.2.x and prior that works against Linux (all distributions), FreeBSD (4.x, 5.x), NetBSD (1.x) and OpenBSD (2.x, 3.x and 3.2 non-executable stack). It has a scanning abilities so a range of machines can be penetration tested at once on a network.
d6672353da22242d8fc89098e6e31eb2c358a76ff09164f2b7f0f5060a5f0c03FreeBSD Security Advisory FreeBSD-SN-03:01 - Two different vulnerabilities in Samba have been recently identified by Sebastian Krahmer and Digital Defense, Inc. One is a race condition that could allow the overwriting of system files and the other is a buffer overflow that allows a remote attacker to gain root privileges.
23abd59338b2e7cba9ff83607ae2df35e0a61553e0f957bbac4570d67c681598Remote exploit for the buffer overrun found in passlogd on FreeBSD and OpenBSD. Tested against OpenBSD 3.0 and FreeBSD 4.6.2.
2d99af360fcfbd0f1ef67c210707772b3603b3c56e48592f450d174014eaef3f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed