Twenty Year Anniversary
Showing 101 - 125 of 1,193 RSS Feed

Operating System: FreeBSD

FreeBSD Security Advisory - Kernel Memory Disclosure
Posted Jul 9, 2014
Site security.freebsd.org

FreeBSD Security Advisory - The control message API is used to construct ancillary data objects for use in control messages sent and received across sockets and passed via the recvmsg(2) and sendmsg(2) system calls. Buffer between control message header and data may not be completely initialized before being copied to userland. Three SCTP cmsgs, SCTP_SNDRCV, SCTP_EXTRCV and SCTP_RCVINFO, have implicit padding that may not be completely initialized before being copied to userland. In addition, three SCTP notifications, SCTP_PEER_ADDR_CHANGE, SCTP_REMOTE_ERROR and SCTP_AUTHENTICATION_EVENT, have padding in the returning data structure that may not be completely initialized before being copied to userland.

tags | advisory
systems | freebsd
advisories | CVE-2014-3952, CVE-2014-3953
MD5 | 050c68c612331e721d019161388271b2
FreeBSD Security Advisory - file / libmagic
Posted Jun 25, 2014
Site security.freebsd.org

FreeBSD Security Advisory - The file(1) utility attempts to classify file system objects based on filesystem, magic number and language tests. The libmagic(3) library provides most of the functionality of file(1) and may be used by other applications. A specifically crafted Composite Document File (CDF) file can trigger an out-of-bounds read or an invalid pointer dereference. A flaw in regular expression in the awk script detector makes use of multiple wildcards with unlimited repetitions. A malicious input file could trigger infinite recursion in libmagic(3). A specifically crafted Portable Executable (PE) can trigger out-of-bounds read.

tags | advisory
systems | freebsd
advisories | CVE-2012-1571, CVE-2013-7345, CVE-2014-1943, CVE-2014-2270
MD5 | 1dc0c3fbf70438e2a2b1a9f541cd9a65
FreeBSD Security Advisory - iconv NULL Pointer Dereference
Posted Jun 25, 2014
Site security.freebsd.org

FreeBSD Security Advisory - A NULL pointer dereference in the initialization code of the HZ module and an out of bounds array access in the initialization code of the VIQR module make iconv_open(3) calls involving HZ or VIQR result in an application crash.

tags | advisory
systems | freebsd
advisories | CVE-2014-3951
MD5 | a18b69584636b226071cb9d556ae6020
Debian Security Advisory 2952-1
Posted Jun 6, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2952-1 - Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or possibly disclosure of kernel memory.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, freebsd, debian
advisories | CVE-2014-1453, CVE-2014-3000, CVE-2014-3880
MD5 | 16e34c34203420401ac2e0dc187238c6
FreeBSD Security Advisory - OpenSSL Issues
Posted Jun 5, 2014
Site security.freebsd.org

FreeBSD Security Advisory - Multiple OpenSSL vulnerabilities have been addressed. Receipt of an invalid DTLS fragment on an OpenSSL DTLS client or server can lead to a buffer overrun. Receipt of an invalid DTLS handshake on an OpenSSL DTLS client can lead the code to unnecessary recurse. Carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. Carefully crafted packets can lead to a NULL pointer deference in OpenSSL TLS client code if anonymous ECDH ciphersuites are enabled.

tags | advisory, overflow, vulnerability
systems | freebsd
advisories | CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | 1934f39e91527b2facc8c1cda272c95d
FreeBSD Security Advisory - ktrace Kernel Memory Disclosure
Posted Jun 4, 2014
Site security.freebsd.org

FreeBSD Security Advisory - Due to an overlooked merge to -STABLE branches, the size for page fault kernel trace entries was set incorrectly. A user who can enable kernel process tracing could end up reading the contents of kernel memory. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way; for example, a terminal buffer might include a user-entered password.

tags | advisory, kernel
systems | freebsd
advisories | CVE-2014-3873
MD5 | 62f1437f209060349158195286c154b4
FreeBSD Security Advisory - PAM Policy Parser
Posted Jun 4, 2014
Site security.freebsd.org

FreeBSD Security Advisory - The OpenPAM library searches for policy definitions in several locations. While doing so, the absence of a policy file is a soft failure (handled by searching in the next location) while the presence of an invalid file is a hard failure (handled by returning an error to the caller). The policy parser returns the same error code (ENOENT) when a syntactically valid policy references a non-existent module as when the requested policy file does not exist. The search loop regards this as a soft failure and looks for the next similarly-named policy, without discarding the partially-loaded configuration. A similar issue can arise if a policy contains an include directive that refers to a non-existent policy.

tags | advisory
systems | freebsd
advisories | CVE-2014-3879
MD5 | e7dfe6ea459b9d340f6e52b2eee60000
FreeBSD Security Advisory - Sendmail
Posted Jun 4, 2014
Site security.freebsd.org

FreeBSD Security Advisory - There is a programming error in sendmail(8) that prevented open file descriptors have close-on-exec properly set. Consequently a subprocess will be able to access all open files that the parent process have open.

tags | advisory
systems | freebsd
MD5 | 5438623f31fbf814b9f7d0b8369cef13
Check Rootkit 0.50
Posted May 23, 2014
Authored by Nelson Murilo | Site chkrootkit.org

Chkrootkit checks locally for signs of a rootkit. Chkrootkit includes ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions, strings.c for quick and dirty strings replacement, check_wtmpx.c to check for wtmpx deletions and the files chkproc.c and chkdirs.c to check for LKM trojans. Tested on Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x, 3.x, 4.x, and 5.x, BSDI, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0 and 3.1, NetBSD 1.5.2 and Solaris 2.5.1, 2.6 and 8.0, and HP-UX 11.

Changes: New and enhanced tests, minor bug fixes.
tags | tool, trojan, integrity, rootkit
systems | linux, netbsd, unix, solaris, freebsd, openbsd, hpux
MD5 | 9e67dd56f835264d43aeb04944610b03
FreeBSD Security Advisory - OpenSSL Null Pointer Dereference
Posted May 15, 2014
Site security.freebsd.org

FreeBSD Security Advisory - The TLS protocol supports an alert protocol which can be used to signal the other party with certain failures in the protocol context that may require immediate termination of the connection. An attacker can trigger generation of an SSL alert which could cause a null pointer deference. An attacker may be able to cause a service process that uses OpenSSL to crash, which can be used in a denial-of-service attack.

tags | advisory, protocol
systems | freebsd
advisories | CVE-2014-0198
MD5 | 6231c3149c760e87705761170cdd277d
FreeBSD Security Advisory - OpenSSL Use-After-Free
Posted May 1, 2014
Site security.freebsd.org

FreeBSD Security Advisory - OpenSSL context can be set to a mode called SSL_MODE_RELEASE_BUFFERS, which requests the library to release the memory it holds when a read or write buffer is no longer needed for the context. The buffer may be released before the library have finished using it. It is possible that a different SSL connection in the same process would use the released buffer and write data into it. An attacker may be able to inject data to a different connection that they should not be able to.

tags | advisory
systems | freebsd
advisories | CVE-2010-5298
MD5 | f1efd1533dee4f986ae8c3e627c79a32
FreeBSD Security Advisory - TCP Reassembly
Posted May 1, 2014
Authored by Jonathan Looney | Site security.freebsd.org

FreeBSD Security Advisory - FreeBSD may add a reassemble queue entry on the stack into the segment list when the reassembly queue reaches its limit. The memory from the stack is undefined after the function returns. Subsequent iterations of the reassembly function will attempt to access this entry. An attacker who can send a series of specifically crafted packets with a connection could cause a denial of service situation by causing the kernel to crash. Additionally, because the undefined on stack memory may be overwritten by other kernel threads, while extremely difficult, it may be possible for an attacker to construct a carefully crafted attack to obtain portion of kernel memory via a connected socket. This may result in the disclosure of sensitive information such as login credentials, etc. before or even without crashing the system.

tags | advisory, denial of service, kernel
systems | freebsd
advisories | CVE-2014-3000
MD5 | 13c2ec3c513d3b01d1581ef060cea2c1
FreeBSD Security Advisory - devfs Rule Fail
Posted May 1, 2014
Site security.freebsd.org

FreeBSD Security Advisory - The device file system, or devfs(5), provides access to kernel's device namespace in the global file system namespace. The devfs(5) rule subsystem provides a way for the administrator of a system to control the attributes of DEVFS nodes. Each DEVFS mount-point has a ruleset, or a list of rules, associated with it, allowing the administrator to change the properties, including the visibility, of certain nodes. The default devfs rulesets are not loaded on boot, even when jails are used. Device nodes will be created in the jail with their normal default access permissions, while most of them should be hidden and inaccessible. Jailed processes can get access to restricted resources on the host system. For jailed processes running with superuser privileges this implies access to all devices on the system. This level of access could lead to information leakage and privilege escalation.

tags | advisory, kernel
systems | freebsd
advisories | CVE-2014-3001
MD5 | dd29acee4003d6364e700e5444d544a6
FreeBSD Security Advisory - OpenSSL Issues
Posted Apr 9, 2014
Site security.freebsd.org

FreeBSD Security Advisory - FreeBSD is alerting everyone to multiple OpenSSL vulnerabilities. The code used to handle the Heartbeat Extension does not do sufficient boundary checks on record length, which allows reading beyond the actual payload. Affects FreeBSD 10.0 only. A flaw in the implementation of Montgomery Ladder Approach would create a side-channel that leaks sensitive timing information.

tags | advisory, vulnerability
systems | freebsd
advisories | CVE-2014-0076, CVE-2014-0160
MD5 | 8a77a029dc414dcdc8e56eaed517058b
FreeBSD Security Advisory - NFS Server Deadlock
Posted Apr 9, 2014
Authored by Rick Macklem | Site security.freebsd.org

FreeBSD Security Advisory - The Network File System (NFS) allows a host to export some or all of its file systems so that other hosts can access them over the network and mount them as if they were on local disks. FreeBSD includes both server and client implementations of NFS. The kernel holds a lock over the source directory vnode while trying to convert the target directory file handle to a vnode, which needs to be returned with the lock held, too. This order may be in violation of normal lock order, which in conjunction with other threads that grab locks in the right order, constitutes a deadlock condition because no thread can proceed. An attacker on a trusted client could cause the NFS server become deadlocked, resulting in a denial of service.

tags | advisory, denial of service, kernel, local
systems | freebsd
advisories | CVE-2014-1453
MD5 | c5cc5bd2d9b6638b99872d4bcc30b466
FreeBSD Security Advisory - BIND Denial Of Service
Posted Jan 16, 2014
Authored by ISC | Site security.freebsd.org

FreeBSD Security Advisory - Because of a defect in handling queries for NSEC3-signed zones, BIND can crash with an "INSIST" failure in name.c when processing queries possessing certain properties. This issue only affects authoritative nameservers with at least one NSEC3-signed zone. Recursive-only servers are not at risk. An attacker who can send a specially crafted query could cause named(8) to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | freebsd
advisories | CVE-2014-0591
MD5 | b370f9795ad4a3cfcbc030be34cd42f8
FreeBSD Security Advisory - ntpd Denial Of Service
Posted Jan 15, 2014
Site security.freebsd.org

FreeBSD Security Advisory - The ntpd(8) daemon supports a query 'monlist' which provides a history of recent NTP clients without any authentication. An attacker can send 'monlist' queries and use that as an amplification of a reflection attack.

tags | advisory
systems | freebsd
advisories | CVE-2013-5211
MD5 | be0d7bb36c9c32271fd39ae071238ffe
FreeBSD Security Advisory - OpenSSL Issues
Posted Jan 15, 2014
Site security.freebsd.org

FreeBSD Security Advisory - A carefully crafted invalid TLS handshake could crash OpenSSL with a NULL pointer exception. A flaw in DTLS handling can cause an application using OpenSSL and DTLS to crash. A flaw in OpenSSL can cause an application using OpenSSL to crash when using TLS version 1.2.

tags | advisory
systems | freebsd
advisories | CVE-2013-6449, CVE-2013-4353, CVE-2013-6450
MD5 | 4ecd654abd0aaee44e4ef6858c4cc839
FreeBSD Security Advisory - bsnmpd Denial Of Service
Posted Jan 15, 2014
Site security.freebsd.org

FreeBSD Security Advisory - The bsnmpd(8) daemon is prone to a stack-based buffer-overflow when it has received a specifically crafted GETBULK PDU request.

tags | advisory, overflow
systems | freebsd
advisories | CVE-2014-1452
MD5 | 7952c03a51d945c60f4f02ce261a6063
FreeBSD Security Advisory - OpenSSH AES-GCM Memory Corruption
Posted Nov 19, 2013
Site security.freebsd.org

FreeBSD Security Advisory - A memory corruption vulnerability exists in the post-authentication sshd process when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is selected during key exchange. If exploited, this vulnerability might permit code execution with the privileges of the authenticated user, thereby allowing a malicious user with valid credentials to bypass shell or command restrictions placed on their account.

tags | advisory, shell, code execution
systems | freebsd
advisories | CVE-2013-4548
MD5 | be5fb2c09b6120b0052c92ecaa398aad
FreeBSD 10 qlxge/qlxgbe Driver IOCTL Multiple Kernel Memory Leak Bugs
Posted Nov 16, 2013
Authored by x90c

The qlxge/qlxgbe driver in FreeBSD versions 10 and below has vulnerabilities that leak arbitrary kernel memory to the userspace.

tags | advisory, arbitrary, kernel, vulnerability
systems | freebsd
MD5 | e6f3fafa75ce8e0fe98bbaad2b63f397
FreeBSD 10 nand Driver IOCTL Kernel Memory Leak Bug
Posted Nov 16, 2013
Authored by x90c

The nand driver in FreeBSD versions 10 and below has a vulnerability that leaks arbitrary kernel memory to the userspace.

tags | advisory, arbitrary, kernel
systems | freebsd
MD5 | 12d08911c16b59fa9a431db18a27a793
Debian Security Advisory 2769-1
Posted Oct 8, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2769-1 - Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, freebsd, debian
advisories | CVE-2013-5691, CVE-2013-5710
MD5 | 932c0a9125f75fb0d032368cf281d5e6
FreeBSD Security Advisory - nullfs(5) links
Posted Sep 10, 2013
Authored by Konstantin Belousov | Site security.freebsd.org

FreeBSD Security Advisory - The nullfs(5) filesystem allows all or a part of an already mounted filesystem to be made available in a different part of the global filesystem namespace. It is commonly used to make a set of files available to multiple chroot(2) or jail(2) environments without replicating the files in each environment. A common idiom, described in the FreeBSD Handbook, is to mount one subtree of a filesystem read-only within a jail's filesystem namespace, and mount a different subtree of the same filesystem read-write. The nullfs(5) implementation of the VOP_LINK(9) VFS operation does not check whether the source and target of the link are both in the same nullfs instance. It is therefore possible to create a hardlink from a location in one nullfs instance to a file in another, as long as the underlying (source) filesystem is the same. If multiple nullfs views into the same filesystem are mounted in different locations, a user with read access to one of these views and write access to another will be able to create a hard link from the latter to a file in the former, even though they are, from the user's perspective, different filesystems. The user may thereby gain write access to files which are nominally on a read-only filesystem.

tags | advisory
systems | freebsd
advisories | CVE-2013-5710
MD5 | fe3496a802ef303a50977b9200e73a80
FreeBSD Security Advisory - ioctl(2) Insufficient Credential Checks
Posted Sep 10, 2013
Authored by Loganaden Velvindron, Gleb Smirnoff | Site security.freebsd.org

FreeBSD Security Advisory - The ioctl(2) system call allows an application to perform device- or protocol-specific operations through a file or socket descriptor associated with a specific device or protocol. As is commonly the case, the IPv6 and ATM network layer ioctl request handlers are written in such a way that an unrecognized request is passed on unmodified to the link layer, which will either handle it or return an error code. Network interface drivers, however, assume that the SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR and SIOCSIFNETMASK requests have been handled at the network layer, and therefore do not perform input validation or verify the caller's credentials. Typical link-layer actions for these requests may include marking the interface as "up" and resetting the underlying hardware. An unprivileged user with the ability to run arbitrary code can cause any network interface in the system to perform the link layer actions associated with a SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR or SIOCSIFNETMASK ioctl request; or trigger a kernel panic by passing a specially crafted address structure which causes a network interface driver to dereference an invalid pointer. Although this has not been confirmed, the possibility that an attacker may be able to execute arbitrary code in kernel context can not be ruled out.

tags | advisory, arbitrary, kernel, protocol
systems | freebsd
advisories | CVE-2013-5691
MD5 | 63e2ef236f0fd330d48b4724959355f7
Page 5 of 48
Back34567Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

April 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    5 Files
  • 2
    Apr 2nd
    17 Files
  • 3
    Apr 3rd
    11 Files
  • 4
    Apr 4th
    21 Files
  • 5
    Apr 5th
    17 Files
  • 6
    Apr 6th
    12 Files
  • 7
    Apr 7th
    1 Files
  • 8
    Apr 8th
    6 Files
  • 9
    Apr 9th
    21 Files
  • 10
    Apr 10th
    18 Files
  • 11
    Apr 11th
    42 Files
  • 12
    Apr 12th
    7 Files
  • 13
    Apr 13th
    14 Files
  • 14
    Apr 14th
    1 Files
  • 15
    Apr 15th
    1 Files
  • 16
    Apr 16th
    15 Files
  • 17
    Apr 17th
    20 Files
  • 18
    Apr 18th
    24 Files
  • 19
    Apr 19th
    20 Files
  • 20
    Apr 20th
    7 Files
  • 21
    Apr 21st
    10 Files
  • 22
    Apr 22nd
    2 Files
  • 23
    Apr 23rd
    17 Files
  • 24
    Apr 24th
    13 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close