all things security
Showing 1 - 25 of 100 RSS Feed

Files

FreeBSD Security Advisory - mmap Privilege Escalation
Posted Jun 18, 2013
Site security.freebsd.org

FreeBSD Security Advisory - Due to insufficient permission checks in the virtual memory system, a tracing process (such as a debugger) may be able to modify portions of the traced process's address space to which the traced process itself does not have write access. This error can be exploited to allow unauthorized modification of an arbitrary file to which the attacker has read access, but not write access. Depending on the file and the nature of the modifications, this can result in privilege escalation. To exploit this vulnerability, an attacker must be able to run arbitrary code with user privileges on the target system.

tags | advisory, arbitrary
systems | freebsd
advisories | CVE-2013-2171
MD5 | 6b93f76d05b988e765c69c621431c185

Related Files

FreeBSD Security Advisory - named Denial Of Service
Posted Aug 8, 2012
Authored by Einar Lonn | Site security.freebsd.org

FreeBSD Security Advisory - BIND 9 stores a cache of query names that are known to be failing due to misconfigured name servers or a broken chain of trust. Under high query loads, when DNSSEC validation is active, it is possible for a condition to arise in which data from this cache of failing queries could be used before it was fully initialized, triggering an assertion failure. A remote attacker that is able to generate high volume of DNSSEC validation enabled queries can trigger the assertion failure that causes it to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | freebsd
advisories | CVE-2012-3817
MD5 | 0ef228d154a335e008640bab911b82dd
FreeBSD Security Advisory - Kernel Privilege Escalation
Posted Jun 12, 2012
Authored by Rafal Wojtczuk, John Baldwin | Site security.freebsd.org

FreeBSD Security Advisory - The FreeBSD operating system implements a rings model of security, where privileged operations are done in the kernel, and most applications request access to these operations by making a system call, which puts the CPU into the required privilege level and passes control to the kernel. FreeBSD/amd64 runs on CPUs from different vendors. Due to varying behaviour of CPUs in 64 bit mode a sanity check of the kernel may be insufficient when returning from a system call. Successful exploitation of the problem can lead to local kernel privilege escalation, kernel data corruption and/or crash.

tags | advisory, kernel, local
systems | freebsd
advisories | CVE-2012-0217
MD5 | 56d3bf6b6e660c92e8067bdb14796166
FreeBSD Security Advisory - BIND 9 Incorrect Handling
Posted Jun 12, 2012
Authored by Dan Luther, Jeffrey A. Spain | Site security.freebsd.org

FreeBSD Security Advisory - The named(8) server does not properly handle DNS resource records where the RDATA field is zero length, which may cause various issues for the servers handling them. Resolving servers may crash or disclose some portion of memory to the client. Authoritative servers may crash on restart after transferring a zone containing records with zero-length RDATA fields. These would result in a denial of service, or leak of sensitive information.

tags | advisory, denial of service
systems | freebsd
advisories | CVE-2012-1667
MD5 | 1675828df069117e998188dd43be8f3b
FreeBSD Security Advisory - Incorrect crypt() Hashing
Posted May 30, 2012
Site security.freebsd.org

FreeBSD Security Advisory - There is a programming error in the DES implementation used in crypt() when handling input which contains characters that can not be represented with 7-bit ASCII. When the input contains characters with only the most significant bit set (0x80), that character and all characters after it will be ignored.

tags | advisory
systems | freebsd
advisories | CVE-2012-2143
MD5 | e4d4e2b2811a3cf4254d7ba2637b5c40
FreeBSD Security Advisory - OpenSSL
Posted May 3, 2012
Site security.freebsd.org

FreeBSD Security Advisory - OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. OpenSSL support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. Various other OpenSSL issues have also been addressed.

tags | advisory
systems | freebsd
advisories | CVE-2011-4576, CVE-2011-4619, CVE-2011-4109, CVE-2012-0884, CVE-2012-2110
MD5 | 7bb6fa53ebc04c577e47228a696aaba5
FreeBSD Security Advisory - pam_start() Improper Validation
Posted Dec 28, 2011
Site security.freebsd.org

FreeBSD Security Advisory - Some third-party applications, including KDE's kcheckpass command, allow the user to specify the name of the policy on the command line. Since OpenPAM treats the policy name as a path relative to /etc/pam.d or /usr/local/etc/pam.d, users who are permitted to run such an application can craft their own policies and cause the application to load and execute their own modules. If an application that runs with root privileges allows the user to specify the name of the PAM policy to load, users who are permitted to run that application will be able to execute arbitrary code with root privileges.

tags | advisory, arbitrary, local, root
systems | freebsd
advisories | CVE-2011-4122
MD5 | caa126cad91f718487fa321f42006890
FreeBSD Security Advisory - pam_ssh Improper Access Grant
Posted Dec 28, 2011
Site security.freebsd.org

FreeBSD Security Advisory - The OpenSSL library call used to decrypt private keys ignores the passphrase argument if the key is not encrypted. Because the pam_ssh module only checks whether the passphrase provided by the user is null, users with unencrypted SSH private keys may successfully authenticate themselves by providing a dummy passphrase. If the pam_ssh module is enabled, attackers may be able to gain access to user accounts which have unencrypted SSH private keys.

tags | advisory
systems | freebsd
MD5 | 21b2c3939bdfec2873616135f939d843
FreeBSD Security Advisory - telnetd Code Execution
Posted Dec 27, 2011
Site security.freebsd.org

FreeBSD Security Advisory - When an encryption key is supplied via the TELNET protocol, its length is not validated before the key is copied into a fixed-size buffer. An attacker who can connect to the telnetd daemon can execute arbitrary code with the privileges of the daemon (which is usually the "root" superuser).

tags | advisory, arbitrary, root, protocol
systems | freebsd
advisories | CVE-2011-4862
MD5 | 3f3e697e2ae19d73a5dbaaa61c9f7128
FreeBSD Security Advisory - Chrooted ftpd Code Execution
Posted Dec 27, 2011
Site security.freebsd.org

FreeBSD Security Advisory - The nsdispatch API has no mechanism to alert it to whether it is operating within a chroot environment in which the standard paths for configuration files and shared libraries may be untrustworthy. The FreeBSD ftpd daemon can be configured to use chroot, and also uses the nsdispatch API.

tags | advisory
systems | freebsd
MD5 | 07e28abb4e87d4c9ebb11746c5dc884f
FreeBSD Security Advisory - named Denial Of Service
Posted Dec 27, 2011
Site security.freebsd.org

FreeBSD Security Advisory - A remote attacker could cause the BIND resolver to cache an invalid record, which could cause the BIND daemon to crash when that record is being queried.

tags | advisory, remote
systems | freebsd
advisories | CVE-2011-4313
MD5 | 202eb81ad3351bede6727b38f35e142f
FreeBSD Security Advisory - UNIX-domain Sockets Buffer Overflow
Posted Sep 28, 2011
Site security.freebsd.org

FreeBSD Security Advisory - When a UNIX-domain socket is attached to a location using the bind(2) system call, the length of the provided path is not validated. Later, when this address was returned via other system calls, it is copied into a fixed-length buffer. A local user can cause the FreeBSD kernel to panic. It may also be possible to execute code with elevated privileges ("gain root"), escape from a jail, or to bypass security mechanisms in other ways.

tags | advisory, kernel, local, root
systems | unix, freebsd
MD5 | 76df34e8660b58d174df2b314c648f44
FreeBSD Security Advisory - compress Boundary Checks
Posted Sep 28, 2011
Site security.freebsd.org

FreeBSD Security Advisory - The code used to decompress a file created by compress(1) does not do sufficient boundary checks on compressed code words, allowing reference beyond the decompression table, which may result in a stack overflow or an infinite loop when the decompressor encounters a corrupted file.

tags | advisory, overflow
systems | freebsd
advisories | CVE-2011-2895
MD5 | 2da0f0fb844d408727730142ea5b6caa
FreeBSD Security Advisory - named Denial Of Service
Posted Sep 28, 2011
Site security.freebsd.org

FreeBSD Security Advisory - A logic error in the BIND code causes the BIND daemon to accept bogus data, which could cause the daemon to crash.

tags | advisory
systems | freebsd
advisories | CVE-2011-2464
MD5 | f3338b9c63df2659206ed7b58b7a0da9
FreeBSD Security Advisory - BIND Remote Denial Of Service
Posted May 30, 2011
Site security.freebsd.org

FreeBSD Security Advisory - Very large RRSIG RRsets included in a negative response can trigger an assertion failure that will crash named(8) due to an off-by-one error in a buffer size check.

tags | advisory
systems | freebsd
advisories | CVE-2011-1910
MD5 | f15c72585a8637121b4c9ef5b92e766e
FreeBSD Security Advisory - mountd ACL Mishandling
Posted Apr 21, 2011
Site security.freebsd.org

FreeBSD Security Advisory - The mountd(8) daemon services NFS mount requests from other client machines. When mountd is started, it loads the export host addresses and options into the kernel using the mount(2) system call. While parsing the exports(5) table, a network mask in the form of "-network=netname/prefixlength" results in an incorrect network mask being computed if the prefix length is not a multiple of 8. For example, specifying the ACL for an export as "-network 192.0.2.0/23" would result in a netmask of 255.255.127.0 being used instead of the correct netmask of 255.255.254.0.

tags | advisory, kernel
systems | freebsd
advisories | CVE-2011-1739
MD5 | c461aba988786b70e5247c4764de590b
FreeBSD Security Advisory - OpenSSL
Posted Dec 1, 2010
Site security.freebsd.org

FreeBSD Security Advisory - A race condition exists in the OpenSSL TLS server extension code parsing when used in a multi-threaded application, which uses OpenSSL's internal caching mechanism. The race condition can lead to a buffer overflow. A double free exists in the SSL client ECDH handling code, when processing specially crafted public keys with invalid prime numbers.

tags | advisory, overflow
systems | freebsd
advisories | CVE-2010-3864, CVE-2010-2939
MD5 | 8b28b10485c5cff7c810ee227ee048b1
FreeBSD Security Advisory - pseudofs Spurious Mutex Unlock
Posted Nov 12, 2010
Site security.freebsd.org

FreeBSD Security Advisory - The pfs_getextattr(9) function, used by pseudofs for handling extended attributes, attempts to unlock a mutex which was not previously locked.

tags | advisory
systems | freebsd
advisories | CVE-2010-4210
MD5 | 0d8e2f41e7b9667037d0fb7f96fa86c6
FreeBSD Security Advisory - bzip2 Integer Overflow
Posted Sep 21, 2010
Site security.freebsd.org

FreeBSD Security Advisory - The bzip2/bunzip2 utilities and the libbz2 library compress and decompress files using an algorithm based on the Burrows-Wheeler transform. They are generally slower than Lempel-Ziv compressors such as gzip, but usually provide a greater compression ratio. When decompressing data, the run-length encoded values are not adequately sanity-checked, allowing for an integer overflow.

tags | advisory, overflow
systems | freebsd
advisories | CVE-2010-0405
MD5 | 2525d55016d3085020134d37ce76aafe
FreeBSD Security Advisory - mbuf Flag Data Corruption
Posted Jul 14, 2010
Site security.freebsd.org

FreeBSD Security Advisory - The read-only flag is not correctly copied when a mbuf buffer reference is duplicated. When the sendfile system call is used to transmit data over the loopback interface, this can result in the backing pages for the transmitted file being modified, causing data corruption.

tags | advisory
systems | freebsd
advisories | CVE-2010-2693
MD5 | fba3429a085354e7f403b7d9a4ebd9e2
FreeBSD Security Advisory - Unvalidated Input In nfsclient
Posted May 28, 2010
Site security.freebsd.org

FreeBSD Security Advisory - The NFS client subsystem fails to correctly validate the length of a parameter provided by the user when a filesystem is mounted.

tags | advisory
systems | freebsd
advisories | CVE-2010-2020
MD5 | a5341b3f54cb8d0f4dd3cd393e1155fd
FreeBSD Security Advisory - Insufficient Sanitization In Jail
Posted May 28, 2010
Site security.freebsd.org

FreeBSD Security Advisory - The jail utility does not change the current working directory while imprisoning. The current working directory can be accessed by its descendants.

tags | advisory
systems | freebsd
advisories | CVE-2010-2022
MD5 | f32e75411ce8cc868fbbccffae21b982
FreeBSD Security Advisory - OPIE Off-By-One Stack Overflow
Posted May 28, 2010
Site security.freebsd.org

FreeBSD Security Advisory - A programming error in the OPIE library could allow an off-by-one buffer overflow to write a single zero byte beyond the end of an on-stack buffer.

tags | advisory, overflow
systems | freebsd
advisories | CVE-2010-1938
MD5 | 7573752d08f18520107cf2879abe120c
FreeBSD Security Advisory - ZFS Insecure Permissions
Posted Jan 7, 2010
Site security.freebsd.org

FreeBSD Security Advisory - When replaying setattr transaction, the replay code in ZFS Intent Log would set the attributes with certain insecure defaults, when the logged transaction did not touch these attributes. A system crash or power fail would leave some file with mode set to 07777. This could leak sensitive information or cause privilege escalation.

tags | advisory
systems | freebsd
MD5 | 2a67eb6021b942c6c0fd652d8550c8a2
FreeBSD Security Advisory - ntpd Denial Of Service
Posted Jan 7, 2010
Site security.freebsd.org

FreeBSD Security Advisory - If ntpd receives a mode 7 (MODE_PRIVATE) request or error response from a source address not listed in either a 'restrict ... noquery' or a 'restrict ... ignore' section it will log the even and send a mode 7 error response. If an attacker can spoof such a packet from a source IP of an affected ntpd to the same or a different affected ntpd, the host(s) will endlessly send error responses to each other and log each event, consuming network bandwidth, CPU and possibly disk space.

tags | advisory, spoof
systems | freebsd
advisories | CVE-2009-3563
MD5 | 3c29961c0b015462befccbfa761fa138
FreeBSD Security Advisory - BIND named Cache Poisoning
Posted Jan 7, 2010
Site security.freebsd.org

FreeBSD Security Advisory - BIND 9 is an implementation of the Domain Name System (DNS) protocols. The named(8) daemon is an Internet Domain Name Server. DNS Security Extensions (DNSSEC) provides data integrity, origin authentication and authenticated denial of existence to resolvers. If a client requests DNSSEC records with the Checking Disabled (CD) flag set, BIND may cache the unvalidated responses. These responses may later be returned to another client that has not set the CD flag.

tags | advisory, protocol
systems | freebsd
advisories | CVE-2009-4022
MD5 | 02ddb5c2c1012a828b2639d5d7f46626
Page 1 of 4
Back1234Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close