Exploit the possiblities
Showing 51 - 75 of 1,186 RSS Feed

Operating System: FreeBSD

HP Security Bulletin HPSBGN03395 1
Posted Aug 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03395 1 - A potential security vulnerability has been identified with HP KeyView running on HP-UX, Linux, Solaris, Windows, FreeBSD, and AIX. The vulnerability could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory
systems | linux, windows, solaris, freebsd, aix, hpux
advisories | CVE-2015-5416, CVE-2015-5417, CVE-2015-5418, CVE-2015-5419, CVE-2015-5420, CVE-2015-5421, CVE-2015-5422, CVE-2015-5423, CVE-2015-5424
MD5 | c822d624233777789e959ca18bfbc976
HP Security Bulletin HPSBGN03395 1
Posted Aug 24, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03395 1 - A potential security vulnerability has been identified with HP KeyView running on HP-UX, Linux, Solaris, Windows, FreeBSD, and AIX. The vulnerability could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory
systems | linux, windows, solaris, freebsd, aix, hpux
advisories | CVE-2015-5416, CVE-2015-5417, CVE-2015-5418, CVE-2015-5419, CVE-2015-5420, CVE-2015-5421, CVE-2015-5422, CVE-2015-5423, CVE-2015-5424
MD5 | c822d624233777789e959ca18bfbc976
FreeBSD Security Advisory - expat Integer Overflows
Posted Aug 18, 2015
Site security.freebsd.org

FreeBSD Security Advisory - Multiple integer overflows have been discovered in the XML_GetBuffer() function in the expat library.

tags | advisory, overflow
systems | freebsd
advisories | CVE-2015-1283
MD5 | 39f153ba79b5a361579f0662dcc7d316
FreeBSD Security Advisory - patch Shell Injection
Posted Aug 6, 2015
Site security.freebsd.org

FreeBSD Security Advisory - Due to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch(1) to pass certain ed(1) scripts to the ed(1) editor, which would run commands.

tags | advisory
systems | freebsd
advisories | CVE-2015-1418
MD5 | 7d000c1ccb5024987c1efad09f675ec3
FreeBSD Security Advisory - routed Denial Of Service
Posted Aug 6, 2015
Site security.freebsd.org

FreeBSD Security Advisory - The input path in routed(8) will accept queries from any source and attempt to answer them. However, the output path assumes that the destination address for the response is on a directly connected network.

tags | advisory
systems | freebsd
advisories | CVE-2015-5674
MD5 | f4408b196586985c3c08d26b1bcf2fc7
FreeBSD Security Advisory - patch Shell Injection
Posted Jul 28, 2015
Authored by Martin Natano | Site security.freebsd.org

FreeBSD Security Advisory - Due to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch to run commands in addition to the desired SCCS or RCS commands.

tags | advisory
systems | freebsd
advisories | CVE-2015-1416
MD5 | 64a06be92c3ae6e37bf4d6ed19120232
FreeBSD Security Advisory - BIND Denial Of Service
Posted Jul 28, 2015
Site security.freebsd.org

FreeBSD Security Advisory - A remote attacker can trigger a crash of a name server. Both recursive and authoritative servers are affected, and the exposure can not be mitigated by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling, before checks enforcing those boundaries.

tags | advisory, remote
systems | freebsd
advisories | CVE-2015-5477
MD5 | 2047cc3417a329326545ba6278d4797b
FreeBSD Security Advisory - OpenSSH Record Check
Posted Jul 28, 2015
Site security.freebsd.org

FreeBSD Security Advisory - OpenSSH clients does not correctly verify DNS SSHFP records when a server offers a certificate. OpenSSH servers which are configured to allow password authentication using PAM (default) would allow many password attempts.

tags | advisory
systems | freebsd
advisories | CVE-2014-2653, CVE-2015-5600
MD5 | 8cb4a72bf773c38e284608edf83d9522
FreeBSD Security Advisory - TCP Reassembly Resource Exhaustion
Posted Jul 28, 2015
Authored by Patrick Kelsey | Site security.freebsd.org

FreeBSD Security Advisory - There is a mistake with the introduction of VNET, which converted the global limit on the number of segments that could belong to reassembly queues into a per-VNET limit. Because mbufs are allocated from a global pool, in the presence of a sufficient number of VNETs, the total number of mbufs attached to reassembly queues can grow to the total number of mbufs in the system, at which point all network traffic would cease. An attacker who can establish concurrent TCP connections across a sufficient number of VNETs and manipulate the inbound packet streams such that the maximum number of mbufs are enqueued on each reassembly queue can cause mbuf cluster exhaustion on the target system, resulting in a Denial of Service condition. As the default per-VNET limit on the number of segments that can belong to reassembly queues is 1/16 of the total number of mbuf clusters in the system, only systems that have 16 or more VNET instances are vulnerable.

tags | advisory, denial of service, tcp
systems | freebsd
advisories | CVE-2015-1417
MD5 | a66a42619ffbd61e012b14370befb044
FreeBSD Security Advisory - Resource Exhaustion
Posted Jul 22, 2015
Authored by Jonathan Looney, Lawrence Stewart | Site security.freebsd.org

FreeBSD Security Advisory - TCP connections transitioning to the LAST_ACK state can become permanently stuck due to mishandling of protocol state in certain situations, which in turn can lead to accumulated consumption and eventual exhaustion of system resources, such as mbufs and sockets.

tags | advisory, tcp, protocol
systems | freebsd
advisories | CVE-2015-5358
MD5 | 0d608aa586db4fcb9ecb0d706aca3e35
Western Digital Arkeia Remote Code Execution
Posted Jul 13, 2015
Authored by xistence | Site metasploit.com

This Metasploit module exploits a code execution flaw in Western Digital Arkeia version 11.0.12 and below. The vulnerability exists in the 'arkeiad' daemon listening on TCP port 617. Because there are insufficient checks on the authentication of all clients, this can be bypassed. Using the ARKFS_EXEC_CMD operation it's possible to execute arbitrary commands with root or SYSTEM privileges. The daemon is installed on both the Arkeia server as well on all the backup clients. The module has been successfully tested on Windows, Linux, OSX, FreeBSD and OpenBSD.

tags | exploit, arbitrary, root, tcp, code execution
systems | linux, windows, freebsd, openbsd, apple
MD5 | ebae27aa7c351921d3e11dbd4a53e360
FreeBSD Security Advisory - OpenSSL Certificate Forgery
Posted Jul 10, 2015
Authored by Adam Langley, David Benjamin | Site security.freebsd.org

FreeBSD Security Advisory - During certificate verification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails, unless the application explicitly specifies X509_V_FLAG_NO_ALT_CHAINS. An error in the implementation of this logic could erroneously mark certificate as trusted when they should not. An attacker could cause certain checks on untrusted certificates, such as the CA (certificate authority) flag, to be bypassed, which would enable them to use a valid leaf certificate to act as a CA and issue an invalid certificate.

tags | advisory
systems | freebsd
advisories | CVE-2015-1793
MD5 | 26ed640fe93813ad02963f1321eb4af2
FreeBSD Security Advisory - BIND Denial Of Service
Posted Jul 8, 2015
Site security.freebsd.org

FreeBSD Security Advisory - BIND 9 is an implementation of the Domain Name System (DNS) protocol. The named daemon is an Internet Domain Name Server. The libdns library is a library of DNS protocol support functions. Due to a software defect, specially constructed zone data could cause named to crash with an assertion failure and rejecting the malformed query when DNSSEC validation is enabled. An attacker who can cause specific queries to be sent to a nameserver could cause named to crash, resulting in a denial of service.

tags | advisory, denial of service, protocol
systems | freebsd
advisories | CVE-2015-4620
MD5 | 300c3c2b2e911068922e33304424c3ae
FreeBSD Security Advisory - OpenSSL
Posted Jun 12, 2015
Site security.freebsd.org

FreeBSD Security Advisory - A vulnerability in the TLS protocol would allow a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is also known as Logjam. When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field. When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID. Various other issues have also been addressed.

tags | advisory, protocol
systems | freebsd
advisories | CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-4000
MD5 | 3fb8aa902f8c2dc20a490d919de2a423
FreeBSD Security Advisory - ntp Issues
Posted Apr 8, 2015
Site security.freebsd.org

FreeBSD Security Advisory - The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) used to synchronize the time of a computer system to a reference time source. The vallen packet value is not validated in several code paths in ntp_crypto.c. When ntpd(8) is configured to use a symmetric key to authenticate a remote NTP server/peer, it checks if the NTP message authentication code (MAC) in received packets is valid, but not that there actually is any MAC included, and packets without a MAC are accepted as if they had a valid MAC. NTP state variables are updated prior to validating the received packets.

tags | advisory, remote, protocol
systems | freebsd
advisories | CVE-2014-9297, CVE-2015-1798, CVE-2015-1799
MD5 | 6b5b2146b2f3da2a6ba4207a596fe02f
FreeBSD Security Advisory - IPv6 Denial Of Service
Posted Apr 8, 2015
Authored by Dennis Ljungmark | Site security.freebsd.org

FreeBSD Security Advisory - The Neighbor Discover Protocol allows a local router to advertise a suggested Current Hop Limit value of a link, which will replace Current Hop Limit on an interface connected to the link on the FreeBSD system. When the Current Hop Limit (similar to IPv4's TTL) is small, IPv6 packets may get dropped before they reached their destinations. By sending specifically crafted Router Advertisement packets, an attacker on the local network can cause the FreeBSD system to lose the ability to communicate with another IPv6 node on a different network.

tags | advisory, local, protocol
systems | freebsd
advisories | CVE-2015-2923
MD5 | 176dd68fb5724f792db55625e1878c68
FreeBSD Security Advisory - GELI Keyfile Permissions
Posted Apr 8, 2015
Authored by Pierre Kim | Site security.freebsd.org

FreeBSD Security Advisory - The default permission set by bsdinstall installer when configuring full disk encrypted ZFS is too open. A local attacker may be able to get a copy of the geli provider's keyfile which is located at a fixed location.

tags | advisory, local
systems | freebsd
advisories | CVE-2015-1415
MD5 | 84c96464403b6f8603f9c7937d7b20f3
FreeBSD Security Advisory - IGMP Integer Overflow
Posted Apr 8, 2015
Authored by Marek Kroemeke, Mateusz Kocielski | Site security.freebsd.org

FreeBSD Security Advisory - An integer overflow in computing the size of IGMPv3 data buffer can result in a buffer which is too small for the requested operation. An attacker who can send specifically crafted IGMP packets could cause a denial of service situation by causing the kernel to crash. Revision 2 of this advisory.

tags | advisory, denial of service, overflow, kernel
systems | freebsd
advisories | CVE-2015-1414
MD5 | e3aa8e64324f5ee800e00f8517bd7c03
FreeBSD 10.x ZFS encryption.key Disclosure
Posted Apr 8, 2015
Authored by Pierre Kim

FreeBSD 10.x installer supports the installation of FreeBSD 10.x on an encrypted ZFS filesystem by default. When using the encryption system within ZFS during the installation of FreeBSD 10.0 and FreeBSD 10.1, the encryption.key has wrong permissions which allow local users to read this file. Even if the keyfile is passphrase-encrypted, it can present a risk.

tags | exploit, local, info disclosure
systems | freebsd
advisories | CVE-2015-1415
MD5 | 07a9532173408a514f487eeee305e6b7
FreeBSD Security Advisory - OpenSSL Issues
Posted Mar 20, 2015
Site security.freebsd.org

FreeBSD Security Advisory - Multiple OpenSSL issues have been resolved. A malformed elliptic curve private key file could cause a use-after-free condition in the d2i_ECPrivateKey function. An attempt to compare ASN.1 boolean types will cause the ASN1_TYPE_cmp function to crash with an invalid read. Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. A malicious client can trigger an OPENSSL_assert in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message.

tags | advisory
systems | freebsd
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293
MD5 | 8a30cb43be0ccad8caf129b707a6c904
FreeBSD Security Advisory - BIND Denial Of Service
Posted Feb 26, 2015
Site security.freebsd.org

FreeBSD Security Advisory - BIND servers which are configured to perform DNSSEC validation and which are using managed keys (which occurs implicitly when using "dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit unpredictable behavior due to the use of an improperly initialized variable. A remote attacker can trigger a crash of a name server that is configured to use managed keys under specific and limited circumstances. However, the complexity of the attack is very high unless the attacker has a specific network relationship to the BIND server which is targeted.

tags | advisory, remote
systems | freebsd
advisories | CVE-2015-1349
MD5 | 157aa73bbdf00c6b7d3cfe3f70a70177
FreeBSD Security Advisory - IGMP Integer Overflow
Posted Feb 26, 2015
Authored by Marek Kroemeke, Mateusz Kocielski | Site security.freebsd.org

FreeBSD Security Advisory - An integer overflow in computing the size of IGMPv3 data buffer can result in a buffer which is too small for the requested operation. An attacker who can send specifically crafted IGMP packets could cause a denial of service situation by causing the kernel to crash.

tags | advisory, denial of service, overflow, kernel
systems | freebsd
advisories | CVE-2015-1414
MD5 | 89b443fe13922317739f20717496c68e
FreeBSD Security Advisory - SCTP Stream Reset
Posted Jan 29, 2015
Authored by Gerasimos Dimitriadis | Site security.freebsd.org

FreeBSD Security Advisory - The input validation of received SCTP RE_CONFIG chunks is insufficient, and can result in a NULL pointer deference later. A remote attacker who can send a malformed SCTP packet to a FreeBSD system that serves SCTP can cause a kernel panic, resulting in a Denial of Service.

tags | advisory, remote, denial of service, kernel
systems | freebsd
advisories | CVE-2014-8613
MD5 | 5e79498af0df2b8c95eda66db75f9cba
FreeBSD Security Advisory - Kernel Memory Disclosure / Corruption
Posted Jan 28, 2015
Authored by Francisco Falcon, Clement LECIGNE | Site security.freebsd.org

FreeBSD Security Advisory - SCTP protocol provides reliable, flow-controlled, two-way transmission of data. It is a message oriented protocol and can support the SOCK_STREAM and SOCK_SEQPACKET abstractions. SCTP allows the user to choose between multiple scheduling algorithms to optimize the sending behavior of SCTP in scenarios with different requirements. Due to insufficient validation of the SCTP stream ID, which serves as an array index, a local unprivileged attacker can read or write 16-bits of kernel memory.

tags | advisory, kernel, local, protocol
systems | freebsd
advisories | CVE-2014-8612
MD5 | d91dfbcc12d71302de651badd86e3a5f
FreeBSD Kernel Crash / Code Execution / Disclosure
Posted Jan 28, 2015
Authored by Core Security Technologies, Francisco Falcon | Site coresecurity.com

Core Security Technologies Advisory - Multiple vulnerabilities have been found in the FreeBSD kernel code that implements the vt console driver (previously known as Newcons) and the code that implements SCTP sockets. These vulnerabilities could allow local unprivileged attackers to disclose kernel memory containing sensitive information, crash the system, and execute arbitrary code with superuser privileges.

tags | exploit, arbitrary, kernel, local, vulnerability
systems | freebsd
advisories | CVE-2014-0998, CVE-2014-8612
MD5 | dd8c3fcef37258dd9b8bfea7c1a546f1
Page 3 of 48
Back12345Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close