what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

FreeBSD Security Advisory - FreeBSD-SA-18:10.ip
Posted Aug 15, 2018
Authored by Juha-Matti Tilli | Site security.freebsd.org

FreeBSD Security Advisory - A researcher has notified us of a DoS attack applicable to another operating system. While FreeBSD may not be vulnerable to that exact attack, we have identified several places where inadequate DoS protection could allow an attacker to consume system resources. It is not necessary that the attacker be able to establish two-way communication to carry out these attacks. These attacks impact both IPv4 and IPv6 fragment reassembly. In the worst case, an attacker could send a stream of crafted fragments with a low packet rate which would consume a substantial amount of CPU. Other attack vectors allow an attacker to send a stream of crafted fragments which could consume a large amount of CPU or all available mbuf clusters on the system. These attacks could temporarily render a system unreachable through network interfaces or temporarily render a system unresponsive. The effects of the attack should clear within 60 seconds after the attack stops.

tags | advisory
systems | freebsd, bsd
advisories | CVE-2018-6923
SHA-256 | 8b9f6df8636fcf62bb78a92076b061ee35605960add8fc0553f1a51de4f13bbf

Related Files

FreeBSD Security Advisory - named Denial Of Service
Posted Aug 8, 2012
Authored by Einar Lonn | Site security.freebsd.org

FreeBSD Security Advisory - BIND 9 stores a cache of query names that are known to be failing due to misconfigured name servers or a broken chain of trust. Under high query loads, when DNSSEC validation is active, it is possible for a condition to arise in which data from this cache of failing queries could be used before it was fully initialized, triggering an assertion failure. A remote attacker that is able to generate high volume of DNSSEC validation enabled queries can trigger the assertion failure that causes it to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | freebsd
advisories | CVE-2012-3817
SHA-256 | 14ce0ceb3dfdd72660f83035bfda8974a44d0c866f0212093a308b810aac8df9
FreeBSD Security Advisory - Kernel Privilege Escalation
Posted Jun 12, 2012
Authored by Rafal Wojtczuk, John Baldwin | Site security.freebsd.org

FreeBSD Security Advisory - The FreeBSD operating system implements a rings model of security, where privileged operations are done in the kernel, and most applications request access to these operations by making a system call, which puts the CPU into the required privilege level and passes control to the kernel. FreeBSD/amd64 runs on CPUs from different vendors. Due to varying behaviour of CPUs in 64 bit mode a sanity check of the kernel may be insufficient when returning from a system call. Successful exploitation of the problem can lead to local kernel privilege escalation, kernel data corruption and/or crash.

tags | advisory, kernel, local
systems | freebsd
advisories | CVE-2012-0217
SHA-256 | 50ab73e18c85232ccd993cef89e2d46586aa4f827d36aa88ad33256fe4a53d2d
FreeBSD Security Advisory - BIND 9 Incorrect Handling
Posted Jun 12, 2012
Authored by Dan Luther, Jeffrey A. Spain | Site security.freebsd.org

FreeBSD Security Advisory - The named(8) server does not properly handle DNS resource records where the RDATA field is zero length, which may cause various issues for the servers handling them. Resolving servers may crash or disclose some portion of memory to the client. Authoritative servers may crash on restart after transferring a zone containing records with zero-length RDATA fields. These would result in a denial of service, or leak of sensitive information.

tags | advisory, denial of service
systems | freebsd
advisories | CVE-2012-1667
SHA-256 | 38bb62ce0e6626ae58f5bdcb8590d53027dcaccd01d33f928641394b6ad66427
FreeBSD Security Advisory - Incorrect crypt() Hashing
Posted May 30, 2012
Site security.freebsd.org

FreeBSD Security Advisory - There is a programming error in the DES implementation used in crypt() when handling input which contains characters that can not be represented with 7-bit ASCII. When the input contains characters with only the most significant bit set (0x80), that character and all characters after it will be ignored.

tags | advisory
systems | freebsd
advisories | CVE-2012-2143
SHA-256 | c93d455eb30d8a248bc3a8f2e54b0feb1b59e15469c93c07b2e5518cbee945c4
FreeBSD Security Advisory - OpenSSL
Posted May 3, 2012
Site security.freebsd.org

FreeBSD Security Advisory - OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. OpenSSL support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. Various other OpenSSL issues have also been addressed.

tags | advisory
systems | freebsd
advisories | CVE-2011-4576, CVE-2011-4619, CVE-2011-4109, CVE-2012-0884, CVE-2012-2110
SHA-256 | a5bef5136c533b9f68af4bc039c5c33bcdfa740e1cf6dd569a94090e8f39f3ee
FreeBSD Security Advisory - pam_start() Improper Validation
Posted Dec 28, 2011
Site security.freebsd.org

FreeBSD Security Advisory - Some third-party applications, including KDE's kcheckpass command, allow the user to specify the name of the policy on the command line. Since OpenPAM treats the policy name as a path relative to /etc/pam.d or /usr/local/etc/pam.d, users who are permitted to run such an application can craft their own policies and cause the application to load and execute their own modules. If an application that runs with root privileges allows the user to specify the name of the PAM policy to load, users who are permitted to run that application will be able to execute arbitrary code with root privileges.

tags | advisory, arbitrary, local, root
systems | freebsd
advisories | CVE-2011-4122
SHA-256 | 685c68cd0d879191a8f6e9dd16fb3ba8d2d61b100f23301bbe8d7f9cde467b5e
FreeBSD Security Advisory - pam_ssh Improper Access Grant
Posted Dec 28, 2011
Site security.freebsd.org

FreeBSD Security Advisory - The OpenSSL library call used to decrypt private keys ignores the passphrase argument if the key is not encrypted. Because the pam_ssh module only checks whether the passphrase provided by the user is null, users with unencrypted SSH private keys may successfully authenticate themselves by providing a dummy passphrase. If the pam_ssh module is enabled, attackers may be able to gain access to user accounts which have unencrypted SSH private keys.

tags | advisory
systems | freebsd
SHA-256 | 3f9adbe4371e9a27a25b335c20511c3b4a8582a5127ca9a55c06862e006c1268
FreeBSD Security Advisory - telnetd Code Execution
Posted Dec 27, 2011
Site security.freebsd.org

FreeBSD Security Advisory - When an encryption key is supplied via the TELNET protocol, its length is not validated before the key is copied into a fixed-size buffer. An attacker who can connect to the telnetd daemon can execute arbitrary code with the privileges of the daemon (which is usually the "root" superuser).

tags | advisory, arbitrary, root, protocol
systems | freebsd
advisories | CVE-2011-4862
SHA-256 | c92e3537ea4a9d4333d9b238da051a9f86ab6782c92ea9627150610dbec5e756
FreeBSD Security Advisory - Chrooted ftpd Code Execution
Posted Dec 27, 2011
Site security.freebsd.org

FreeBSD Security Advisory - The nsdispatch API has no mechanism to alert it to whether it is operating within a chroot environment in which the standard paths for configuration files and shared libraries may be untrustworthy. The FreeBSD ftpd daemon can be configured to use chroot, and also uses the nsdispatch API.

tags | advisory
systems | freebsd
SHA-256 | de56ea16374f3970ce64ad7bfe09f78855a3865a7491e05a50722e5299b402de
FreeBSD Security Advisory - named Denial Of Service
Posted Dec 27, 2011
Site security.freebsd.org

FreeBSD Security Advisory - A remote attacker could cause the BIND resolver to cache an invalid record, which could cause the BIND daemon to crash when that record is being queried.

tags | advisory, remote
systems | freebsd
advisories | CVE-2011-4313
SHA-256 | 913e895f321d484a5440d6ec9ea44d1a471f516fda6b68d698117be493718a87
FreeBSD Security Advisory - UNIX-domain Sockets Buffer Overflow
Posted Sep 28, 2011
Site security.freebsd.org

FreeBSD Security Advisory - When a UNIX-domain socket is attached to a location using the bind(2) system call, the length of the provided path is not validated. Later, when this address was returned via other system calls, it is copied into a fixed-length buffer. A local user can cause the FreeBSD kernel to panic. It may also be possible to execute code with elevated privileges ("gain root"), escape from a jail, or to bypass security mechanisms in other ways.

tags | advisory, kernel, local, root
systems | unix, freebsd
SHA-256 | 90c70fca348e56d74499aa09d49020d5bbfb6758cde3a0c5eb8220e687826572
FreeBSD Security Advisory - compress Boundary Checks
Posted Sep 28, 2011
Site security.freebsd.org

FreeBSD Security Advisory - The code used to decompress a file created by compress(1) does not do sufficient boundary checks on compressed code words, allowing reference beyond the decompression table, which may result in a stack overflow or an infinite loop when the decompressor encounters a corrupted file.

tags | advisory, overflow
systems | freebsd
advisories | CVE-2011-2895
SHA-256 | 56febab158d830afcb2df839a7a95ac3e1a7fab7a28a063e7e3fb77d6e868228
FreeBSD Security Advisory - named Denial Of Service
Posted Sep 28, 2011
Site security.freebsd.org

FreeBSD Security Advisory - A logic error in the BIND code causes the BIND daemon to accept bogus data, which could cause the daemon to crash.

tags | advisory
systems | freebsd
advisories | CVE-2011-2464
SHA-256 | c21e64c2f2aa94b36262f7c921be33cd4195b26c049f52e436c3a4f598e601bf
FreeBSD Security Advisory - BIND Remote Denial Of Service
Posted May 30, 2011
Site security.freebsd.org

FreeBSD Security Advisory - Very large RRSIG RRsets included in a negative response can trigger an assertion failure that will crash named(8) due to an off-by-one error in a buffer size check.

tags | advisory
systems | freebsd
advisories | CVE-2011-1910
SHA-256 | 830b4abf997e208ee19a29014f1bce9fcf3eacab0dd0921152c8321eb8c768ce
FreeBSD Security Advisory - mountd ACL Mishandling
Posted Apr 21, 2011
Site security.freebsd.org

FreeBSD Security Advisory - The mountd(8) daemon services NFS mount requests from other client machines. When mountd is started, it loads the export host addresses and options into the kernel using the mount(2) system call. While parsing the exports(5) table, a network mask in the form of "-network=netname/prefixlength" results in an incorrect network mask being computed if the prefix length is not a multiple of 8. For example, specifying the ACL for an export as "-network 192.0.2.0/23" would result in a netmask of 255.255.127.0 being used instead of the correct netmask of 255.255.254.0.

tags | advisory, kernel
systems | freebsd
advisories | CVE-2011-1739
SHA-256 | daab8415751957e3ad1463b8ec1447aa42b593613cb89eb97366e0b6b20911e2
FreeBSD Security Advisory - OpenSSL
Posted Dec 1, 2010
Site security.freebsd.org

FreeBSD Security Advisory - A race condition exists in the OpenSSL TLS server extension code parsing when used in a multi-threaded application, which uses OpenSSL's internal caching mechanism. The race condition can lead to a buffer overflow. A double free exists in the SSL client ECDH handling code, when processing specially crafted public keys with invalid prime numbers.

tags | advisory, overflow
systems | freebsd
advisories | CVE-2010-3864, CVE-2010-2939
SHA-256 | 8cfb790813185171ffd5ee2585fb00786a32d5a0a08c54131d90d05b0270c73a
FreeBSD Security Advisory - pseudofs Spurious Mutex Unlock
Posted Nov 12, 2010
Site security.freebsd.org

FreeBSD Security Advisory - The pfs_getextattr(9) function, used by pseudofs for handling extended attributes, attempts to unlock a mutex which was not previously locked.

tags | advisory
systems | freebsd
advisories | CVE-2010-4210
SHA-256 | 3a98ed40616c81e73aa4a0d079237bc71bdc7a6f8d82304312a666edb259fb21
FreeBSD Security Advisory - bzip2 Integer Overflow
Posted Sep 21, 2010
Site security.freebsd.org

FreeBSD Security Advisory - The bzip2/bunzip2 utilities and the libbz2 library compress and decompress files using an algorithm based on the Burrows-Wheeler transform. They are generally slower than Lempel-Ziv compressors such as gzip, but usually provide a greater compression ratio. When decompressing data, the run-length encoded values are not adequately sanity-checked, allowing for an integer overflow.

tags | advisory, overflow
systems | freebsd
advisories | CVE-2010-0405
SHA-256 | 59a1711bf6d2510506a512b7a40dbb7b7d40b51b3a4d4e1f1d1ab65852dec64e
FreeBSD Security Advisory - mbuf Flag Data Corruption
Posted Jul 14, 2010
Site security.freebsd.org

FreeBSD Security Advisory - The read-only flag is not correctly copied when a mbuf buffer reference is duplicated. When the sendfile system call is used to transmit data over the loopback interface, this can result in the backing pages for the transmitted file being modified, causing data corruption.

tags | advisory
systems | freebsd
advisories | CVE-2010-2693
SHA-256 | 1cb43d905348fc529e8212502e333a97b8d04c11740c9ca8318f6c238b0a023e
FreeBSD Security Advisory - Unvalidated Input In nfsclient
Posted May 28, 2010
Site security.freebsd.org

FreeBSD Security Advisory - The NFS client subsystem fails to correctly validate the length of a parameter provided by the user when a filesystem is mounted.

tags | advisory
systems | freebsd
advisories | CVE-2010-2020
SHA-256 | 70736852d69a5ba3339928319cc037983dc3817d723837db593e3435317fcb66
FreeBSD Security Advisory - Insufficient Sanitization In Jail
Posted May 28, 2010
Site security.freebsd.org

FreeBSD Security Advisory - The jail utility does not change the current working directory while imprisoning. The current working directory can be accessed by its descendants.

tags | advisory
systems | freebsd
advisories | CVE-2010-2022
SHA-256 | b2bcf78251c6486bcf6a16cbff4254da82066d5d6d8dfee5d7e784cbe34d6018
FreeBSD Security Advisory - OPIE Off-By-One Stack Overflow
Posted May 28, 2010
Site security.freebsd.org

FreeBSD Security Advisory - A programming error in the OPIE library could allow an off-by-one buffer overflow to write a single zero byte beyond the end of an on-stack buffer.

tags | advisory, overflow
systems | freebsd
advisories | CVE-2010-1938
SHA-256 | 131cb41ee3226c91716b15316e0d2870cb7092520923a4ace9a5c051500f74a1
FreeBSD Security Advisory - ZFS Insecure Permissions
Posted Jan 7, 2010
Site security.freebsd.org

FreeBSD Security Advisory - When replaying setattr transaction, the replay code in ZFS Intent Log would set the attributes with certain insecure defaults, when the logged transaction did not touch these attributes. A system crash or power fail would leave some file with mode set to 07777. This could leak sensitive information or cause privilege escalation.

tags | advisory
systems | freebsd
SHA-256 | e3bb6ceafc54fde406ecc8555c1e76a7def3c492da5cea5206712b9ab53e7df8
FreeBSD Security Advisory - ntpd Denial Of Service
Posted Jan 7, 2010
Site security.freebsd.org

FreeBSD Security Advisory - If ntpd receives a mode 7 (MODE_PRIVATE) request or error response from a source address not listed in either a 'restrict ... noquery' or a 'restrict ... ignore' section it will log the even and send a mode 7 error response. If an attacker can spoof such a packet from a source IP of an affected ntpd to the same or a different affected ntpd, the host(s) will endlessly send error responses to each other and log each event, consuming network bandwidth, CPU and possibly disk space.

tags | advisory, spoof
systems | freebsd
advisories | CVE-2009-3563
SHA-256 | 6af8830787a9323a386cf6b466d54a33fd445e418971f060d214c8f60640767f
FreeBSD Security Advisory - BIND named Cache Poisoning
Posted Jan 7, 2010
Site security.freebsd.org

FreeBSD Security Advisory - BIND 9 is an implementation of the Domain Name System (DNS) protocols. The named(8) daemon is an Internet Domain Name Server. DNS Security Extensions (DNSSEC) provides data integrity, origin authentication and authenticated denial of existence to resolvers. If a client requests DNSSEC records with the Checking Disabled (CD) flag set, BIND may cache the unvalidated responses. These responses may later be returned to another client that has not set the CD flag.

tags | advisory, protocol
systems | freebsd
advisories | CVE-2009-4022
SHA-256 | 0f22a4d47dc7c68a12af02c2413182c18bb718061322a55be70e8455c2d8acf6
Page 1 of 4
Back1234Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close