exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 100 RSS Feed


FreeBSD Security Advisory 2004.16
Posted Nov 20, 2004
Authored by The FreeBSD Project, Colin Percival | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-04:16.fetch - The fetch utility suffers from an integer overflow condition in the processing of HTTP headers that can result in a buffer overflow.

tags | advisory, web, overflow
systems | freebsd
SHA-256 | 6a018e23dd8de8d84de9f7d1f8a504a855c7a82a0f3059e216c48ef84a19658a

Related Files

Posted Jun 1, 2006
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-06:16.smbfs: smbfs does not properly sanitize paths containing a backslash character; in particular the directory name '..\' is interpreted as the parent directory by the SMB/CIFS server, but smbfs handles it in the same manner as any other directory.

systems | freebsd
SHA-256 | 06d243f685293bae40f0260e0f5a4d6049010f7d1de0bccef6ae22041257bd2f
Posted Jun 1, 2006
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-06:15.ypserv: There are two documented methods of restricting access to NIS maps through ypserv(8): through the use of the /var/yp/securenets file, and through the /etc/hosts.allow file. While both mechanisms are implemented in the server, a change in the build process caused the "securenets" access restrictions to be inadvertently disabled.

systems | freebsd
SHA-256 | b939e4d3fddcf9d8f92200b7d05ca27d0a18ae5290b3350ca3d19fac28829a29
Posted Apr 26, 2006
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-06:14.fpu - FPU information disclosure: On affected processors, a local attacker can monitor the execution path of a process which uses floating-point operations. This may allow an attacker to steal cryptographic keys or other sensitive information.

tags | local, info disclosure
systems | freebsd
SHA-256 | 7a90ad481bb181822f4882bcd4d2e967f8919ef69c8cce7ee8b546a06c7dd4b9
Posted Mar 3, 2006
Authored by Evgeny Legerov | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-06:10.nfs - A part of the NFS server code charged with handling incoming RPC messages via TCP had an error which, when the server received a message with a zero-length payload, would cause a NULL pointer dereference which results in a kernel panic. The kernel will only process the RPC messages if a userland nfsd daemon is running.

tags | advisory, kernel, tcp
systems | freebsd
advisories | CVE-2006-0900
SHA-256 | 8712b0c54e6195379a38f208914e6b31aecb2b2ca2355a6a67d8db63219f7a5e
Posted Mar 3, 2006
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-06:09.openssh - Because OpenSSH and OpenPAM have conflicting designs (one is event-driven while the other is callback-driven), it is necessary for OpenSSH to fork a child process to handle calls to the PAM framework. However, if the unprivileged child terminates while PAM authentication is under way, the parent process incorrectly believes that the PAM child also terminated. The parent process then terminates, and the PAM child is left behind. Due to the way OpenSSH performs internal accounting, these orphaned PAM children are counted as pending connections by the master OpenSSH server process. Once a certain number of orphans has accumulated, the master decides that it is overloaded and stops accepting client connections.

tags | advisory
systems | freebsd
advisories | CVE-2006-0883
SHA-256 | 012cb667b2bae94ec1b414c8de659b5091c2732abdfc4cd748a4a6a9557830cd
Posted Feb 2, 2006
Authored by Scott Wood | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-06:08.sack - SACK (Selective Acknowledgment) is an extension to the TCP/IP protocol that allows hosts to acknowledge the receipt of some, but not all, of the packets sent, thereby reducing the cost of retransmissions. When insufficient memory is available to handle an incoming selective acknowledgment, the TCP/IP stack may enter an infinite loop.

tags | advisory, tcp, protocol
systems | freebsd
advisories | CVE-2006-0433
SHA-256 | 8d3f7d980f0020012c292d7bd87a577e7beeedfba74ebfdf5862b03683811826
Posted Jan 15, 2006
Site freebsd.org

FreeBSD Security Advisory - ipfw maintains a pointer to layer 4 header information in the event that it needs to send a TCP reset or ICMP error message to discard packets. Due to incorrect handling of IP fragments, this pointer fails to get initialized.

tags | advisory, tcp
systems | freebsd
advisories | CVE-2006-0054
SHA-256 | b38cd8ef482c561df679f578513cab445b16a6b986a0729f301d0dc0adb15098
Posted Jan 15, 2006
Site freebsd.org

FreeBSD Security Advisory - The ispell_op function used by ee(1) while executing spell check operations employs an insecure method of temporary file generation. This method produces predictable file names based on the process ID and fails to confirm which path will be over written with the user.

tags | advisory
systems | freebsd
advisories | CVE-2006-0055
SHA-256 | aabdd726e7f1d21c64dd7f601f42432a072639283866afd5cb5d75fd085e4063
Posted Sep 8, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05-20.cvsbug - A temporary file is created, used, deleted, and then re-created with the same name. This creates a window during which an attacker could replace the file with a link to another file.

systems | freebsd
advisories | CVE-2005-2693
SHA-256 | 42359b765b65baccde1ce2c51098dbada23fc98d9631451d3ea628c76795611b
Posted Aug 7, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:08 - In many parts of the FreeBSD kernel, names (of mount points, devices, files, etc.) are manipulated as NULL-terminated strings, but are provided to applications within fixed-length buffers.

tags | advisory, kernel
systems | freebsd
advisories | CVE-2005-1406
SHA-256 | 7b6aaa70807a670d6dd9019e62eee21d12cbe814525a0fe9b97d0c2e7ddca5a4
Posted Aug 7, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:07 - The i386_get_ldt(2) system call allows a process to request that a portion of its Local Descriptor Table be copied from the kernel into userland. The i386_get_ldt(2) syscall performs insufficient validation of its input arguments. In particular, negative or very large values may allow inappropriate data to be copied from the kernel.

tags | advisory, kernel, local
systems | freebsd
advisories | CVE-2005-1400
SHA-256 | 04fa0fee6b63c8ba41c37a7811a6462ab62955205b703bf973f33ee92e6da579
Posted Aug 7, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:06 - The default permissions on the /dev/iir device node allow unprivileged local users to open the device and execute ioctl calls. Unprivileged local users can send commands to the hardware supported by the iir(4) driver, allowing destruction of data and possible disclosure of data.

tags | advisory, local
systems | freebsd
advisories | CVE-2005-1399
SHA-256 | 9ebaba97534f52d79c1400d144ce3197429e42a0672b056673e3918480351f3a
Posted Jul 28, 2005
Authored by Yukiyo Akisada | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:19.ipsec - IPsec is a security protocol for the Internet Protocol networking layer. It provides a combination of encryption and authentication of system, using several possible cryptography algorithms. A programming error in the implementation of the AES-XCBC-MAC algorithm for authentication resulted in a constant key being used instead of the key specified by the system administrator.

tags | advisory, protocol
systems | freebsd
advisories | CVE-2005-2359
SHA-256 | 9d75e7d220ed1f61f09ae93e44a8e0ba4c60a6a4d11ff8f03cc972a6df79b6ea
Posted Jul 28, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:18.zlib - A carefully constructed compressed data stream can result in zlib overwriting some data structures. This may cause applications to halt, resulting in a denial of service; or it may result in an attacker gaining elevated privileges.

tags | advisory, denial of service
systems | freebsd
advisories | CVE-2005-1849
SHA-256 | b2d40ae5f59903bd6c1b0e96942c8b40d5b7c0070b211d4957535d4b74ee339c
Posted Jul 21, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:17.devfs - Due to insufficient parameter checking of the node type during device creation, any user can expose hidden device nodes on devfs mounted file systems within their jail. Device nodes will be created in the jail with their normal default access permissions.

tags | advisory
systems | freebsd
advisories | CVE-2005-2218
SHA-256 | e1c7cadcfc9a5b70208783e95f2c0e0102c8c0c89d38162917beeb93216b369c
Posted Jul 8, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:09 - When running on processors supporting Hyper-Threading Technology, it is possible for a malicious thread to monitor the execution of another thread.

tags | advisory
systems | freebsd
advisories | CVE-2005-0109
SHA-256 | 5e666245ff6f81ff72f602f77622595ea80e3cf57ceb0ef27419e4e10cfa5986
Posted Jul 1, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:15 - Two problems have been discovered in the FreeBSD TCP stack. First, when a TCP packets containing a timestamp is received, inadequate checking of sequence numbers is performed, allowing an attacker to artificially increase the internal "recent" timestamp for a connection. Second, a TCP packet with the SYN flag set is accepted for established connections, allowing an attacker to overwrite certain TCP options.

tags | advisory, tcp
systems | freebsd
SHA-256 | 30663ff4e4d6e6643116559b25a849f751e84dc20b68d90c0261a28842688ff7
Posted Jul 1, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:14 - Two problems have been discovered relating to the extraction of bzip2-compressed files. First, a carefully constructed invalid bzip2 archive can cause bzip2 to enter an infinite loop. Second, when creating a new file, bzip2 closes the file before setting its permissions.

tags | advisory
systems | freebsd
SHA-256 | 81c864494c3fb7c1777f84c50d2ea5e1bb96b674001417c3e3f9e573fb1005a0
Posted Jul 1, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:13 - The ipfw tables lookup code caches the result of the last query. The kernel may process multiple packets concurrently, performing several concurrent table lookups. Due to an insufficient locking, a cached result can become corrupted that could cause some addresses to be incorrectly matched against a lookup table.

tags | advisory, kernel
systems | freebsd
advisories | CVE-2005-2019
SHA-256 | 6b7aa2a12074c968569303a922ef2f40cc26ef0aef04894d3fd3b9ebce0d5e08
Posted Jun 21, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:12 - A DNSSEC-related validator function in BIND 9.3.0 contains an inappropriate internal consistency test. When this test is triggered, named(8) will exit.

tags | advisory
systems | freebsd
advisories | CVE-2005-0034
SHA-256 | 8fccf0614b4cae1a8f3081cb6f85fef6c558ed5fcde321cc9167d2225a2c0f87
Posted Jun 1, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:05 - Multiple programming errors were found in CVS. In one case, variable length strings are copied into a fixed length buffer without adequate checks being made; other errors include NULL pointer dereferences, possible use of uninitialized variables, and memory leaks.

tags | advisory, memory leak
systems | freebsd
SHA-256 | 0955613e37e271809f7afef6711a84a64f2032dbe02f04eb08d63144b31158fa
Posted Apr 17, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:03 - The AMD64 architecture has two mechanisms for permitting processes to access hardware: Kernel code can access hardware directly by reason of its elevated privilege level, while user code can access a subset of hardware determined by a bitmap. The bitmap which determines which hardware can be accessed by unprivileged processes was not initialized properly. Unprivileged users on amd64 systems can gain direct access to some hardware, allowing for denial of service, disclosure of sensitive information, or possible privilege escalation.

tags | advisory, denial of service, kernel
systems | freebsd
SHA-256 | 70032104738efc10dec36f903360b79be790b01eb2ead623c710d5e8b076169f
Posted Apr 17, 2005
Authored by Sven Berkvens, Marc Olzheim | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:02 - The sendfile(2) system call allows a server application (such as an HTTP or FTP server) to transmit the contents of a file over a network connection without first copying it to application memory. High performance servers such as Apache and ftpd use sendfile. If the file being transmitted is truncated after the transfer has started but before it completes, sendfile(2) will transfer the contents of more or less random portions of kernel memory in lieu of the missing part of the file.

tags | advisory, web, kernel
systems | freebsd
advisories | CVE-2005-0708
SHA-256 | f23b5fbf03b2582e71dc290dd2da453c3f35c25347c573b97a39ab6a5ff37a46
FreeBSD Security Advisory 2004.17
Posted Dec 12, 2004
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-04:17.procfs - The implementation of the /proc/curproc/cmdline pseudofile in the procfs(5) file system on FreeBSD 4.x and 5.x, and of the /proc/self/cmdline pseudofile in the linprocfs(5) file system on FreeBSD 5.x reads a process' argument vector from the process address space. During this operation, a pointer was dereferenced directly without the necessary validation steps being performed.

tags | advisory
systems | freebsd
advisories | CVE-2004-1066
SHA-256 | 9172f91c6b027b6f7c743ba70a7c8f2026e861b105f1b6f5125ce2249481c20b
FreeBSD Security Advisory 2004.15
Posted Oct 13, 2004
Authored by The FreeBSD Project, Christer Oberg | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-04:15.syscons - The syscons CONS_SCRSHOT ioctl(2) does insufficient validation of its input arguments. In particular, negative coordinates or large coordinates may cause unexpected behavior.

tags | advisory
systems | freebsd
advisories | CVE-2004-0919
SHA-256 | 088af9d9dc40b2a466a18dea6a434c2f0859fe37e3f6919135f3ac37f610c117
Page 4 of 4

File Archive:

May 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    16 Files
  • 3
    May 3rd
    38 Files
  • 4
    May 4th
    15 Files
  • 5
    May 5th
    35 Files
  • 6
    May 6th
    0 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    8 Files
  • 9
    May 9th
    65 Files
  • 10
    May 10th
    19 Files
  • 11
    May 11th
    27 Files
  • 12
    May 12th
    8 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    1 Files
  • 15
    May 15th
    19 Files
  • 16
    May 16th
    66 Files
  • 17
    May 17th
    28 Files
  • 18
    May 18th
    32 Files
  • 19
    May 19th
    13 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    23 Files
  • 23
    May 23rd
    15 Files
  • 24
    May 24th
    49 Files
  • 25
    May 25th
    20 Files
  • 26
    May 26th
    13 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By