seeing is believing
Showing 101 - 125 of 1,183 RSS Feed

Operating System: FreeBSD

FreeBSD Security Advisory - OpenSSL Use-After-Free
Posted May 1, 2014
Site security.freebsd.org

FreeBSD Security Advisory - OpenSSL context can be set to a mode called SSL_MODE_RELEASE_BUFFERS, which requests the library to release the memory it holds when a read or write buffer is no longer needed for the context. The buffer may be released before the library have finished using it. It is possible that a different SSL connection in the same process would use the released buffer and write data into it. An attacker may be able to inject data to a different connection that they should not be able to.

tags | advisory
systems | freebsd
advisories | CVE-2010-5298
MD5 | f1efd1533dee4f986ae8c3e627c79a32
FreeBSD Security Advisory - TCP Reassembly
Posted May 1, 2014
Authored by Jonathan Looney | Site security.freebsd.org

FreeBSD Security Advisory - FreeBSD may add a reassemble queue entry on the stack into the segment list when the reassembly queue reaches its limit. The memory from the stack is undefined after the function returns. Subsequent iterations of the reassembly function will attempt to access this entry. An attacker who can send a series of specifically crafted packets with a connection could cause a denial of service situation by causing the kernel to crash. Additionally, because the undefined on stack memory may be overwritten by other kernel threads, while extremely difficult, it may be possible for an attacker to construct a carefully crafted attack to obtain portion of kernel memory via a connected socket. This may result in the disclosure of sensitive information such as login credentials, etc. before or even without crashing the system.

tags | advisory, denial of service, kernel
systems | freebsd
advisories | CVE-2014-3000
MD5 | 13c2ec3c513d3b01d1581ef060cea2c1
FreeBSD Security Advisory - devfs Rule Fail
Posted May 1, 2014
Site security.freebsd.org

FreeBSD Security Advisory - The device file system, or devfs(5), provides access to kernel's device namespace in the global file system namespace. The devfs(5) rule subsystem provides a way for the administrator of a system to control the attributes of DEVFS nodes. Each DEVFS mount-point has a ruleset, or a list of rules, associated with it, allowing the administrator to change the properties, including the visibility, of certain nodes. The default devfs rulesets are not loaded on boot, even when jails are used. Device nodes will be created in the jail with their normal default access permissions, while most of them should be hidden and inaccessible. Jailed processes can get access to restricted resources on the host system. For jailed processes running with superuser privileges this implies access to all devices on the system. This level of access could lead to information leakage and privilege escalation.

tags | advisory, kernel
systems | freebsd
advisories | CVE-2014-3001
MD5 | dd29acee4003d6364e700e5444d544a6
FreeBSD Security Advisory - OpenSSL Issues
Posted Apr 9, 2014
Site security.freebsd.org

FreeBSD Security Advisory - FreeBSD is alerting everyone to multiple OpenSSL vulnerabilities. The code used to handle the Heartbeat Extension does not do sufficient boundary checks on record length, which allows reading beyond the actual payload. Affects FreeBSD 10.0 only. A flaw in the implementation of Montgomery Ladder Approach would create a side-channel that leaks sensitive timing information.

tags | advisory, vulnerability
systems | freebsd
advisories | CVE-2014-0076, CVE-2014-0160
MD5 | 8a77a029dc414dcdc8e56eaed517058b
FreeBSD Security Advisory - NFS Server Deadlock
Posted Apr 9, 2014
Authored by Rick Macklem | Site security.freebsd.org

FreeBSD Security Advisory - The Network File System (NFS) allows a host to export some or all of its file systems so that other hosts can access them over the network and mount them as if they were on local disks. FreeBSD includes both server and client implementations of NFS. The kernel holds a lock over the source directory vnode while trying to convert the target directory file handle to a vnode, which needs to be returned with the lock held, too. This order may be in violation of normal lock order, which in conjunction with other threads that grab locks in the right order, constitutes a deadlock condition because no thread can proceed. An attacker on a trusted client could cause the NFS server become deadlocked, resulting in a denial of service.

tags | advisory, denial of service, kernel, local
systems | freebsd
advisories | CVE-2014-1453
MD5 | c5cc5bd2d9b6638b99872d4bcc30b466
FreeBSD Security Advisory - BIND Denial Of Service
Posted Jan 16, 2014
Authored by ISC | Site security.freebsd.org

FreeBSD Security Advisory - Because of a defect in handling queries for NSEC3-signed zones, BIND can crash with an "INSIST" failure in name.c when processing queries possessing certain properties. This issue only affects authoritative nameservers with at least one NSEC3-signed zone. Recursive-only servers are not at risk. An attacker who can send a specially crafted query could cause named(8) to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | freebsd
advisories | CVE-2014-0591
MD5 | b370f9795ad4a3cfcbc030be34cd42f8
FreeBSD Security Advisory - ntpd Denial Of Service
Posted Jan 15, 2014
Site security.freebsd.org

FreeBSD Security Advisory - The ntpd(8) daemon supports a query 'monlist' which provides a history of recent NTP clients without any authentication. An attacker can send 'monlist' queries and use that as an amplification of a reflection attack.

tags | advisory
systems | freebsd
advisories | CVE-2013-5211
MD5 | be0d7bb36c9c32271fd39ae071238ffe
FreeBSD Security Advisory - OpenSSL Issues
Posted Jan 15, 2014
Site security.freebsd.org

FreeBSD Security Advisory - A carefully crafted invalid TLS handshake could crash OpenSSL with a NULL pointer exception. A flaw in DTLS handling can cause an application using OpenSSL and DTLS to crash. A flaw in OpenSSL can cause an application using OpenSSL to crash when using TLS version 1.2.

tags | advisory
systems | freebsd
advisories | CVE-2013-6449, CVE-2013-4353, CVE-2013-6450
MD5 | 4ecd654abd0aaee44e4ef6858c4cc839
FreeBSD Security Advisory - bsnmpd Denial Of Service
Posted Jan 15, 2014
Site security.freebsd.org

FreeBSD Security Advisory - The bsnmpd(8) daemon is prone to a stack-based buffer-overflow when it has received a specifically crafted GETBULK PDU request.

tags | advisory, overflow
systems | freebsd
advisories | CVE-2014-1452
MD5 | 7952c03a51d945c60f4f02ce261a6063
FreeBSD Security Advisory - OpenSSH AES-GCM Memory Corruption
Posted Nov 19, 2013
Site security.freebsd.org

FreeBSD Security Advisory - A memory corruption vulnerability exists in the post-authentication sshd process when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is selected during key exchange. If exploited, this vulnerability might permit code execution with the privileges of the authenticated user, thereby allowing a malicious user with valid credentials to bypass shell or command restrictions placed on their account.

tags | advisory, shell, code execution
systems | freebsd
advisories | CVE-2013-4548
MD5 | be5fb2c09b6120b0052c92ecaa398aad
FreeBSD 10 qlxge/qlxgbe Driver IOCTL Multiple Kernel Memory Leak Bugs
Posted Nov 16, 2013
Authored by x90c

The qlxge/qlxgbe driver in FreeBSD versions 10 and below has vulnerabilities that leak arbitrary kernel memory to the userspace.

tags | advisory, arbitrary, kernel, vulnerability
systems | freebsd
MD5 | e6f3fafa75ce8e0fe98bbaad2b63f397
FreeBSD 10 nand Driver IOCTL Kernel Memory Leak Bug
Posted Nov 16, 2013
Authored by x90c

The nand driver in FreeBSD versions 10 and below has a vulnerability that leaks arbitrary kernel memory to the userspace.

tags | advisory, arbitrary, kernel
systems | freebsd
MD5 | 12d08911c16b59fa9a431db18a27a793
Debian Security Advisory 2769-1
Posted Oct 8, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2769-1 - Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, freebsd, debian
advisories | CVE-2013-5691, CVE-2013-5710
MD5 | 932c0a9125f75fb0d032368cf281d5e6
FreeBSD Security Advisory - nullfs(5) links
Posted Sep 10, 2013
Authored by Konstantin Belousov | Site security.freebsd.org

FreeBSD Security Advisory - The nullfs(5) filesystem allows all or a part of an already mounted filesystem to be made available in a different part of the global filesystem namespace. It is commonly used to make a set of files available to multiple chroot(2) or jail(2) environments without replicating the files in each environment. A common idiom, described in the FreeBSD Handbook, is to mount one subtree of a filesystem read-only within a jail's filesystem namespace, and mount a different subtree of the same filesystem read-write. The nullfs(5) implementation of the VOP_LINK(9) VFS operation does not check whether the source and target of the link are both in the same nullfs instance. It is therefore possible to create a hardlink from a location in one nullfs instance to a file in another, as long as the underlying (source) filesystem is the same. If multiple nullfs views into the same filesystem are mounted in different locations, a user with read access to one of these views and write access to another will be able to create a hard link from the latter to a file in the former, even though they are, from the user's perspective, different filesystems. The user may thereby gain write access to files which are nominally on a read-only filesystem.

tags | advisory
systems | freebsd
advisories | CVE-2013-5710
MD5 | fe3496a802ef303a50977b9200e73a80
FreeBSD Security Advisory - ioctl(2) Insufficient Credential Checks
Posted Sep 10, 2013
Authored by Loganaden Velvindron, Gleb Smirnoff | Site security.freebsd.org

FreeBSD Security Advisory - The ioctl(2) system call allows an application to perform device- or protocol-specific operations through a file or socket descriptor associated with a specific device or protocol. As is commonly the case, the IPv6 and ATM network layer ioctl request handlers are written in such a way that an unrecognized request is passed on unmodified to the link layer, which will either handle it or return an error code. Network interface drivers, however, assume that the SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR and SIOCSIFNETMASK requests have been handled at the network layer, and therefore do not perform input validation or verify the caller's credentials. Typical link-layer actions for these requests may include marking the interface as "up" and resetting the underlying hardware. An unprivileged user with the ability to run arbitrary code can cause any network interface in the system to perform the link layer actions associated with a SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR or SIOCSIFNETMASK ioctl request; or trigger a kernel panic by passing a specially crafted address structure which causes a network interface driver to dereference an invalid pointer. Although this has not been confirmed, the possibility that an attacker may be able to execute arbitrary code in kernel context can not be ruled out.

tags | advisory, arbitrary, kernel, protocol
systems | freebsd
advisories | CVE-2013-5691
MD5 | 63e2ef236f0fd330d48b4724959355f7
FreeBSD Security Advisory - sendfile(2) Kernel Memory Disclosure
Posted Sep 10, 2013
Authored by Ed Maste | Site security.freebsd.org

FreeBSD Security Advisory - The sendfile(2) system call allows a server application (such as an HTTP or FTP server) to transmit the contents of a file over a network connection without first copying it to application memory. High performance servers such as Apache and ftpd use sendfile. On affected systems, if the length passed to sendfile(2) is non-zero and greater than the length of the file being transmitted, sendfile(2) will pad the transmission up to the requested length or the next pagesize boundary, whichever is smaller. The content of the additional bytes transmitted in this manner depends on the underlying filesystem, but may potentially include information useful to an attacker. An unprivileged user with the ability to run arbitrary code may be able to obtain arbitrary kernel memory contents.

tags | advisory, web, arbitrary, kernel
systems | freebsd
advisories | CVE-2013-5666
MD5 | 5b77f46ddda4cdbf66adc9fbaf7f4e9d
Debian Security Advisory 2743-1
Posted Aug 27, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2743-1 - Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a privilege escalation or information leak.

tags | advisory, kernel, vulnerability
systems | linux, freebsd, debian
advisories | CVE-2013-3077, CVE-2013-4851, CVE-2013-5209
MD5 | 6ea91cbdd5c5d2b8e9461e1866de49b6
FreeBSD Security Advisory - sctp Kernel Memory Disclosure
Posted Aug 23, 2013
Authored by Michael Tuexen, Julian Seward | Site security.freebsd.org

FreeBSD Security Advisory - When initializing the SCTP state cookie being sent in INIT-ACK chunks, a buffer allocated from the kernel stack is not completely initialized. Fragments of kernel memory may be included in SCTP packets and transmitted over the network. For each SCTP session, there are two separate instances in which a 4-byte fragment may be transmitted. This memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way. For example, a terminal buffer might include an user-entered password.

tags | advisory, kernel
systems | freebsd
advisories | CVE-2013-5209
MD5 | 14f68578cd5c9bc887fcbe719dc74c0e
FreeBSD Security Advisory - IP_MSFILTER Integer Overflow
Posted Aug 23, 2013
Authored by Clement LECIGNE | Site security.freebsd.org

FreeBSD Security Advisory - An integer overflow in computing the size of a temporary buffer can result in a buffer which is too small for the requested operation. An unprivileged process can read or write pages of memory which belong to the kernel. These may lead to exposure of sensitive information or allow privilege escalation.

tags | advisory, overflow, kernel
systems | freebsd
advisories | CVE-2013-3077
MD5 | 22c046761afc564563c218783799e9d9
FreeBSD Security Advisory - NFS Incorrect Privilege Validation
Posted Jul 29, 2013
Authored by Tim Zingelman, Christopher Key, Rick Macklem | Site security.freebsd.org

FreeBSD Security Advisory - The kernel incorrectly uses client supplied credentials instead of the one configured in exports(5) when filling out the anonymous credential for a NFS export, when -network or -host restrictions are used at the same time. The remote client may supply privileged credentials (e.g. the root user) when accessing a file under the NFS share, which will bypass the normal access checks.

tags | advisory, remote, kernel, root
systems | freebsd
advisories | CVE-2013-4851
MD5 | cbce467b7418702904d48e4d09f0a883
FreeBSD Security Advisory - BIND Denial Of Service
Posted Jul 29, 2013
Authored by Maxim Shudrak | Site security.freebsd.org

FreeBSD Security Advisory - Due to a software defect a specially crafted query which includes malformed rdata, could cause named(8) to crash with an assertion failure and rejecting the malformed query. This issue affects both recursive and authoritative-only nameservers.

tags | advisory
systems | freebsd
advisories | CVE-2013-4854
MD5 | d067b3d4cb8f83293e2e8c872f363ce9
FreeBSD 9 Address Space Manipulation Privilege Escalation
Posted Jun 26, 2013
Authored by Alan Cox, Hunger, sinn3r, Konstantin Belousov | Site metasploit.com

This Metasploit module exploits a vulnerability that can be used to modify portions of a process's address space, which may lead to privilege escalation. Systems such as FreeBSD 9.0 and 9.1 are known to be vulnerable.

tags | exploit
systems | freebsd
advisories | CVE-2013-2171, OSVDB-94414
MD5 | b258cd8526da63e79f9daeb6f93717bc
Debian Security Advisory 2714-1
Posted Jun 26, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2714-1 - Konstantin Belousov and Alan Cox discovered that insufficient permission checks in the memory management of the FreeBSD kernel could lead to privilege escalation.

tags | advisory, kernel
systems | linux, freebsd, debian
advisories | CVE-2013-2171
MD5 | 43a490e49f21acd4a57cd0d37f03cab7
FreeBSD 9.0+ Privilege Escalation
Posted Jun 22, 2013
Authored by SynQ

FreeBSD 9.0+ privilege escalation exploit that leverages the mmap vulnerability.

tags | exploit
systems | freebsd
advisories | CVE-2013-2171
MD5 | 6239d1b36fc39efd11b6aede8d7b843d
FreeBSD 9.0 / 9.1 mmap/ptrace Exploit
Posted Jun 19, 2013
Authored by Hunger

FreeBSD versions 9.0 and 9.1 mmap/ptrace privilege escalation exploit that leverages the issue described in FreeBSD-SA-13:06.

tags | exploit
systems | freebsd
advisories | CVE-2013-2171
MD5 | 30fe24f7038b01c2535bfd0ca8fdb5f3
Page 5 of 48
Back34567Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close