exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 100 RSS Feed


FreeBSD-SA-09:05 - telnetd Code Execution
Posted Feb 17, 2009
Site security.freebsd.org

FreeBSD Security Advisory - In order to prevent environment variable based attacks, telnetd scrubs its environment; however, recent changes in FreeBSD's environment-handling code rendered telnetd's scrubbing inoperative, thereby allowing potentially harmful environment variables to be set. An attacker who can place a specially-constructed file onto a target system (either by legitimately logging into the system or by exploiting some other service on the system) can execute arbitrary code with the privileges of the user running the telnet daemon (usually root).

tags | advisory, arbitrary, root
systems | freebsd
SHA-256 | 8fd5f35be1f357357d7faa04aaf55fefca25b625f49ea0f157d81958e7d9b0a6

Related Files

Posted Jun 1, 2006
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-06:15.ypserv: There are two documented methods of restricting access to NIS maps through ypserv(8): through the use of the /var/yp/securenets file, and through the /etc/hosts.allow file. While both mechanisms are implemented in the server, a change in the build process caused the "securenets" access restrictions to be inadvertently disabled.

systems | freebsd
SHA-256 | b939e4d3fddcf9d8f92200b7d05ca27d0a18ae5290b3350ca3d19fac28829a29
Posted Apr 26, 2006
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-06:14.fpu - FPU information disclosure: On affected processors, a local attacker can monitor the execution path of a process which uses floating-point operations. This may allow an attacker to steal cryptographic keys or other sensitive information.

tags | local, info disclosure
systems | freebsd
SHA-256 | 7a90ad481bb181822f4882bcd4d2e967f8919ef69c8cce7ee8b546a06c7dd4b9
Posted Mar 3, 2006
Authored by Evgeny Legerov | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-06:10.nfs - A part of the NFS server code charged with handling incoming RPC messages via TCP had an error which, when the server received a message with a zero-length payload, would cause a NULL pointer dereference which results in a kernel panic. The kernel will only process the RPC messages if a userland nfsd daemon is running.

tags | advisory, kernel, tcp
systems | freebsd
advisories | CVE-2006-0900
SHA-256 | 8712b0c54e6195379a38f208914e6b31aecb2b2ca2355a6a67d8db63219f7a5e
Posted Mar 3, 2006
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-06:09.openssh - Because OpenSSH and OpenPAM have conflicting designs (one is event-driven while the other is callback-driven), it is necessary for OpenSSH to fork a child process to handle calls to the PAM framework. However, if the unprivileged child terminates while PAM authentication is under way, the parent process incorrectly believes that the PAM child also terminated. The parent process then terminates, and the PAM child is left behind. Due to the way OpenSSH performs internal accounting, these orphaned PAM children are counted as pending connections by the master OpenSSH server process. Once a certain number of orphans has accumulated, the master decides that it is overloaded and stops accepting client connections.

tags | advisory
systems | freebsd
advisories | CVE-2006-0883
SHA-256 | 012cb667b2bae94ec1b414c8de659b5091c2732abdfc4cd748a4a6a9557830cd
Posted Feb 2, 2006
Authored by Scott Wood | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-06:08.sack - SACK (Selective Acknowledgment) is an extension to the TCP/IP protocol that allows hosts to acknowledge the receipt of some, but not all, of the packets sent, thereby reducing the cost of retransmissions. When insufficient memory is available to handle an incoming selective acknowledgment, the TCP/IP stack may enter an infinite loop.

tags | advisory, tcp, protocol
systems | freebsd
advisories | CVE-2006-0433
SHA-256 | 8d3f7d980f0020012c292d7bd87a577e7beeedfba74ebfdf5862b03683811826
Posted Jan 15, 2006
Site freebsd.org

FreeBSD Security Advisory - ipfw maintains a pointer to layer 4 header information in the event that it needs to send a TCP reset or ICMP error message to discard packets. Due to incorrect handling of IP fragments, this pointer fails to get initialized.

tags | advisory, tcp
systems | freebsd
advisories | CVE-2006-0054
SHA-256 | b38cd8ef482c561df679f578513cab445b16a6b986a0729f301d0dc0adb15098
Posted Jan 15, 2006
Site freebsd.org

FreeBSD Security Advisory - The ispell_op function used by ee(1) while executing spell check operations employs an insecure method of temporary file generation. This method produces predictable file names based on the process ID and fails to confirm which path will be over written with the user.

tags | advisory
systems | freebsd
advisories | CVE-2006-0055
SHA-256 | aabdd726e7f1d21c64dd7f601f42432a072639283866afd5cb5d75fd085e4063
Posted Sep 8, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05-20.cvsbug - A temporary file is created, used, deleted, and then re-created with the same name. This creates a window during which an attacker could replace the file with a link to another file.

systems | freebsd
advisories | CVE-2005-2693
SHA-256 | 42359b765b65baccde1ce2c51098dbada23fc98d9631451d3ea628c76795611b
Posted Aug 7, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:08 - In many parts of the FreeBSD kernel, names (of mount points, devices, files, etc.) are manipulated as NULL-terminated strings, but are provided to applications within fixed-length buffers.

tags | advisory, kernel
systems | freebsd
advisories | CVE-2005-1406
SHA-256 | 7b6aaa70807a670d6dd9019e62eee21d12cbe814525a0fe9b97d0c2e7ddca5a4
Posted Aug 7, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:07 - The i386_get_ldt(2) system call allows a process to request that a portion of its Local Descriptor Table be copied from the kernel into userland. The i386_get_ldt(2) syscall performs insufficient validation of its input arguments. In particular, negative or very large values may allow inappropriate data to be copied from the kernel.

tags | advisory, kernel, local
systems | freebsd
advisories | CVE-2005-1400
SHA-256 | 04fa0fee6b63c8ba41c37a7811a6462ab62955205b703bf973f33ee92e6da579
Posted Aug 7, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:06 - The default permissions on the /dev/iir device node allow unprivileged local users to open the device and execute ioctl calls. Unprivileged local users can send commands to the hardware supported by the iir(4) driver, allowing destruction of data and possible disclosure of data.

tags | advisory, local
systems | freebsd
advisories | CVE-2005-1399
SHA-256 | 9ebaba97534f52d79c1400d144ce3197429e42a0672b056673e3918480351f3a
Posted Jul 28, 2005
Authored by Yukiyo Akisada | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:19.ipsec - IPsec is a security protocol for the Internet Protocol networking layer. It provides a combination of encryption and authentication of system, using several possible cryptography algorithms. A programming error in the implementation of the AES-XCBC-MAC algorithm for authentication resulted in a constant key being used instead of the key specified by the system administrator.

tags | advisory, protocol
systems | freebsd
advisories | CVE-2005-2359
SHA-256 | 9d75e7d220ed1f61f09ae93e44a8e0ba4c60a6a4d11ff8f03cc972a6df79b6ea
Posted Jul 28, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:18.zlib - A carefully constructed compressed data stream can result in zlib overwriting some data structures. This may cause applications to halt, resulting in a denial of service; or it may result in an attacker gaining elevated privileges.

tags | advisory, denial of service
systems | freebsd
advisories | CVE-2005-1849
SHA-256 | b2d40ae5f59903bd6c1b0e96942c8b40d5b7c0070b211d4957535d4b74ee339c
Posted Jul 21, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:17.devfs - Due to insufficient parameter checking of the node type during device creation, any user can expose hidden device nodes on devfs mounted file systems within their jail. Device nodes will be created in the jail with their normal default access permissions.

tags | advisory
systems | freebsd
advisories | CVE-2005-2218
SHA-256 | e1c7cadcfc9a5b70208783e95f2c0e0102c8c0c89d38162917beeb93216b369c
Posted Jul 8, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:09 - When running on processors supporting Hyper-Threading Technology, it is possible for a malicious thread to monitor the execution of another thread.

tags | advisory
systems | freebsd
advisories | CVE-2005-0109
SHA-256 | 5e666245ff6f81ff72f602f77622595ea80e3cf57ceb0ef27419e4e10cfa5986
Posted Jul 1, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:15 - Two problems have been discovered in the FreeBSD TCP stack. First, when a TCP packets containing a timestamp is received, inadequate checking of sequence numbers is performed, allowing an attacker to artificially increase the internal "recent" timestamp for a connection. Second, a TCP packet with the SYN flag set is accepted for established connections, allowing an attacker to overwrite certain TCP options.

tags | advisory, tcp
systems | freebsd
SHA-256 | 30663ff4e4d6e6643116559b25a849f751e84dc20b68d90c0261a28842688ff7
Posted Jul 1, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:14 - Two problems have been discovered relating to the extraction of bzip2-compressed files. First, a carefully constructed invalid bzip2 archive can cause bzip2 to enter an infinite loop. Second, when creating a new file, bzip2 closes the file before setting its permissions.

tags | advisory
systems | freebsd
SHA-256 | 81c864494c3fb7c1777f84c50d2ea5e1bb96b674001417c3e3f9e573fb1005a0
Posted Jul 1, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:13 - The ipfw tables lookup code caches the result of the last query. The kernel may process multiple packets concurrently, performing several concurrent table lookups. Due to an insufficient locking, a cached result can become corrupted that could cause some addresses to be incorrectly matched against a lookup table.

tags | advisory, kernel
systems | freebsd
advisories | CVE-2005-2019
SHA-256 | 6b7aa2a12074c968569303a922ef2f40cc26ef0aef04894d3fd3b9ebce0d5e08
Posted Jun 21, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:12 - A DNSSEC-related validator function in BIND 9.3.0 contains an inappropriate internal consistency test. When this test is triggered, named(8) will exit.

tags | advisory
systems | freebsd
advisories | CVE-2005-0034
SHA-256 | 8fccf0614b4cae1a8f3081cb6f85fef6c558ed5fcde321cc9167d2225a2c0f87
Posted Jun 1, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:05 - Multiple programming errors were found in CVS. In one case, variable length strings are copied into a fixed length buffer without adequate checks being made; other errors include NULL pointer dereferences, possible use of uninitialized variables, and memory leaks.

tags | advisory, memory leak
systems | freebsd
SHA-256 | 0955613e37e271809f7afef6711a84a64f2032dbe02f04eb08d63144b31158fa
Posted Apr 17, 2005
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:03 - The AMD64 architecture has two mechanisms for permitting processes to access hardware: Kernel code can access hardware directly by reason of its elevated privilege level, while user code can access a subset of hardware determined by a bitmap. The bitmap which determines which hardware can be accessed by unprivileged processes was not initialized properly. Unprivileged users on amd64 systems can gain direct access to some hardware, allowing for denial of service, disclosure of sensitive information, or possible privilege escalation.

tags | advisory, denial of service, kernel
systems | freebsd
SHA-256 | 70032104738efc10dec36f903360b79be790b01eb2ead623c710d5e8b076169f
Posted Apr 17, 2005
Authored by Sven Berkvens, Marc Olzheim | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-05:02 - The sendfile(2) system call allows a server application (such as an HTTP or FTP server) to transmit the contents of a file over a network connection without first copying it to application memory. High performance servers such as Apache and ftpd use sendfile. If the file being transmitted is truncated after the transfer has started but before it completes, sendfile(2) will transfer the contents of more or less random portions of kernel memory in lieu of the missing part of the file.

tags | advisory, web, kernel
systems | freebsd
advisories | CVE-2005-0708
SHA-256 | f23b5fbf03b2582e71dc290dd2da453c3f35c25347c573b97a39ab6a5ff37a46
FreeBSD Security Advisory 2004.17
Posted Dec 12, 2004
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-04:17.procfs - The implementation of the /proc/curproc/cmdline pseudofile in the procfs(5) file system on FreeBSD 4.x and 5.x, and of the /proc/self/cmdline pseudofile in the linprocfs(5) file system on FreeBSD 5.x reads a process' argument vector from the process address space. During this operation, a pointer was dereferenced directly without the necessary validation steps being performed.

tags | advisory
systems | freebsd
advisories | CVE-2004-1066
SHA-256 | 9172f91c6b027b6f7c743ba70a7c8f2026e861b105f1b6f5125ce2249481c20b
FreeBSD Security Advisory 2004.16
Posted Nov 20, 2004
Authored by The FreeBSD Project, Colin Percival | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-04:16.fetch - The fetch utility suffers from an integer overflow condition in the processing of HTTP headers that can result in a buffer overflow.

tags | advisory, web, overflow
systems | freebsd
SHA-256 | 6a018e23dd8de8d84de9f7d1f8a504a855c7a82a0f3059e216c48ef84a19658a
FreeBSD Security Advisory 2004.15
Posted Oct 13, 2004
Authored by The FreeBSD Project, Christer Oberg | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-04:15.syscons - The syscons CONS_SCRSHOT ioctl(2) does insufficient validation of its input arguments. In particular, negative coordinates or large coordinates may cause unexpected behavior.

tags | advisory
systems | freebsd
advisories | CVE-2004-0919
SHA-256 | 088af9d9dc40b2a466a18dea6a434c2f0859fe37e3f6919135f3ac37f610c117
Page 4 of 4

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    20 Files
  • 31
    Jan 31st
    31 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By