seeing is believing
Showing 1 - 25 of 100 RSS Feed

Files

FreeBSD 8.1 / 7.3 vm.pmap Kernel Race Condition
Posted Sep 9, 2010
Authored by Maksymilian Arciemowicz

FreeBSD versions 7.3 and 8.1 suffer from a vm.pmap kernel local race condition denial of service vulnerability.

tags | exploit, denial of service, kernel, local
systems | freebsd
MD5 | 1b199d7aac81714fd93982f73df8a96d

Related Files

Secunia Security Advisory 50189
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IOActive has discovered a vulnerability in FreeBSD, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | freebsd
MD5 | 32a45c41ea7a1acf54504e4db086874b
FreeBSD Security Advisory - named Denial Of Service
Posted Aug 8, 2012
Authored by Einar Lonn | Site security.freebsd.org

FreeBSD Security Advisory - BIND 9 stores a cache of query names that are known to be failing due to misconfigured name servers or a broken chain of trust. Under high query loads, when DNSSEC validation is active, it is possible for a condition to arise in which data from this cache of failing queries could be used before it was fully initialized, triggering an assertion failure. A remote attacker that is able to generate high volume of DNSSEC validation enabled queries can trigger the assertion failure that causes it to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | freebsd
advisories | CVE-2012-3817
MD5 | 0ef228d154a335e008640bab911b82dd
Secunia Security Advisory 50177
Posted Aug 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - FreeBSD has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | freebsd
MD5 | 7e87b1c227cfde3b6a9abcba5c33e4c3
FreeBSD Kernel SCTP Denial Of Service
Posted Aug 3, 2012
Authored by Shaun Colley

The SCTP implementation used by FreeBSD ("reference implementation") is vulnerable to a remote NULL pointer dereference in kernel due to a logic bug. When parsing ASCONF chunks, an attempt is made to find an association by address. if the address found is INADDR_ANY, sctp_findassoc_by_vtag() is called and an attempt is made to find an association by vtag. Before searching for the vtag in a hash table, a pointer is set to NULL, with the intention of redefining it after finding the association. However, if the specified vtag is not found, the function returns and the ptr is never reinitialized, causing a kernel panic when the NULL pointer is later dereferenced by the SCTP_INP_DECR_REF macro when flow returns to sctp_process_control(). This is a proof of concept denial of service exploit.

tags | exploit, remote, denial of service, kernel, proof of concept
systems | freebsd
MD5 | 05cc888759970d3a27b3dd8dfef71014
Debian Security Advisory 2508-1
Posted Jul 23, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2508-1 - Rafal Wojtczuk from Bromium discovered that FreeBSD wasn't handling correctly uncanonical return addresses on Intel amd64 CPUs, allowing privilege escalation to kernel for local users.

tags | advisory, kernel, local
systems | linux, freebsd, debian
advisories | CVE-2012-0217
MD5 | 8a6f7c22e18fe0913aca5494b2f79a20
Secunia Security Advisory 49985
Posted Jul 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for kfreebsd-8. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | linux, debian
MD5 | b22ad68bbb74592aae730de5706c654d
UK CPNI IPv6 Toolkit 1.1
Posted Jul 6, 2012
Authored by Fernando Gont

This toolkit house various IPv6 tool that have been tested to compile and run on Debian GNU/Linux 6.0, FreeBSD 8.2, NetBSD 5.1, OpenBSD 5.0, and Ubuntu 11.10.

tags | tool, scanner
systems | linux, netbsd, unix, freebsd, openbsd, debian, ubuntu
MD5 | 462267262837e1e1eeaef194da4cad1c
strongSwan IPsec Implementation 5.0.0
Posted Jul 3, 2012
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The IKEv1 protocol was re-implemented from scratch by extending the successful IKEv2 code. The charon keying daemon now supports both protocols, which allowed the old IKEv1 pluto daemon to be removed. Support for the IKEv1 Aggressive and Hybrid Modes has been added.
tags | tool, encryption, protocol
systems | linux, freebsd, apple, osx
MD5 | 1d7bccb50f01020bb04d06e9755e0eec
Secunia Security Advisory 49549
Posted Jun 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - FreeBSD has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | freebsd
MD5 | 1e7a2cb39b52db5e6bdf77172d60b097
Secunia Security Advisory 49518
Posted Jun 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in FreeBSD, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | freebsd
MD5 | bcade23a3e63763ce245f861ef6eeab5
FreeBSD Security Advisory - Kernel Privilege Escalation
Posted Jun 12, 2012
Authored by Rafal Wojtczuk, John Baldwin | Site security.freebsd.org

FreeBSD Security Advisory - The FreeBSD operating system implements a rings model of security, where privileged operations are done in the kernel, and most applications request access to these operations by making a system call, which puts the CPU into the required privilege level and passes control to the kernel. FreeBSD/amd64 runs on CPUs from different vendors. Due to varying behaviour of CPUs in 64 bit mode a sanity check of the kernel may be insufficient when returning from a system call. Successful exploitation of the problem can lead to local kernel privilege escalation, kernel data corruption and/or crash.

tags | advisory, kernel, local
systems | freebsd
advisories | CVE-2012-0217
MD5 | 56d3bf6b6e660c92e8067bdb14796166
FreeBSD Security Advisory - BIND 9 Incorrect Handling
Posted Jun 12, 2012
Authored by Dan Luther, Jeffrey A. Spain | Site security.freebsd.org

FreeBSD Security Advisory - The named(8) server does not properly handle DNS resource records where the RDATA field is zero length, which may cause various issues for the servers handling them. Resolving servers may crash or disclose some portion of memory to the client. Authoritative servers may crash on restart after transferring a zone containing records with zero-length RDATA fields. These would result in a denial of service, or leak of sensitive information.

tags | advisory, denial of service
systems | freebsd
advisories | CVE-2012-1667
MD5 | 1675828df069117e998188dd43be8f3b
Secunia Security Advisory 49304
Posted May 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in FreeBSD, which can be exploited by malicious people to conduct brute force attacks.

tags | advisory
systems | freebsd
MD5 | 2a1cb47b48761380ed739034edf4b343
FreeBSD Security Advisory - Incorrect crypt() Hashing
Posted May 30, 2012
Site security.freebsd.org

FreeBSD Security Advisory - There is a programming error in the DES implementation used in crypt() when handling input which contains characters that can not be represented with 7-bit ASCII. When the input contains characters with only the most significant bit set (0x80), that character and all characters after it will be ignored.

tags | advisory
systems | freebsd
advisories | CVE-2012-2143
MD5 | e4d4e2b2811a3cf4254d7ba2637b5c40
Secunia Security Advisory 49077
Posted May 5, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - FreeBSD has issued an update for OpenSSL. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially compromise an application using the library.

tags | advisory, denial of service, vulnerability
systems | freebsd
MD5 | f039eba3939c25ae5c686e471af56427
FreeBSD Security Advisory - OpenSSL
Posted May 3, 2012
Site security.freebsd.org

FreeBSD Security Advisory - OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. OpenSSL support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. Various other OpenSSL issues have also been addressed.

tags | advisory
systems | freebsd
advisories | CVE-2011-4576, CVE-2011-4619, CVE-2011-4109, CVE-2012-0884, CVE-2012-2110
MD5 | 7bb6fa53ebc04c577e47228a696aaba5
strongSwan IPsec Implementation 4.6.3
Posted May 3, 2012
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: An extended EAP-RADIUS interfaces allows one to enforce Session-Timeout attributes using RFC4478 repeated authentication, and acts upon RADIUS Dynamic Authorization extensions (RFC 5176). Currently supported are disconnect requests and CoA messages containing a Session-Timeout. The tnc-pdp plugin implements a RADIUS server interface allowing a strongSwan TNC server to act as a Policy Decision Point.
tags | encryption, protocol
systems | linux, unix, freebsd, apple, osx
MD5 | 2a1b0bca846a966a56f662f855ced9fb
strongSwan IPsec Implementation 4.6.2
Posted Feb 22, 2012
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: The Trusted Computing Group Attestation Platform Trust Service (PTS) protocol was implemented. TPM-based remote attestation of Linux IMA (Integrity Measurement Architecture) is now possible. Measurement reference values are automatically stored in a SQLite database. A RADIUS accounting interface was provided along with support for PKCS#8 encoded private keys.
tags | encryption, protocol
systems | linux, unix, freebsd, apple, osx
MD5 | b25956639dcd31137e4ec6372376fcc2
FreeBSD telnetd Remote Root
Posted Jan 16, 2012
Authored by knull | Site leethack.info

This python script tests for the remote root vulnerability in encryption support for telnetd on FreeBSD systems.

tags | exploit, remote, root, python
systems | freebsd
advisories | CVE-2011-4862
MD5 | 9336a7d20f740a0088cc23c558102714
FreeBSD based telnetd encrypt_key_id brute force
Posted Jan 11, 2012
Site metasploit.com

This Metasploit module exploits a buffer overflow in the encryption option handler of the FreeBSD telnet service.

tags | exploit, overflow
systems | freebsd
advisories | CVE-2011-4862, OSVDB-78020
MD5 | 46f07bef598df5bb1112060900d918ee
FreeBSD Security Advisory - pam_start() Improper Validation
Posted Dec 28, 2011
Site security.freebsd.org

FreeBSD Security Advisory - Some third-party applications, including KDE's kcheckpass command, allow the user to specify the name of the policy on the command line. Since OpenPAM treats the policy name as a path relative to /etc/pam.d or /usr/local/etc/pam.d, users who are permitted to run such an application can craft their own policies and cause the application to load and execute their own modules. If an application that runs with root privileges allows the user to specify the name of the PAM policy to load, users who are permitted to run that application will be able to execute arbitrary code with root privileges.

tags | advisory, arbitrary, local, root
systems | freebsd
advisories | CVE-2011-4122
MD5 | caa126cad91f718487fa321f42006890
FreeBSD Security Advisory - pam_ssh Improper Access Grant
Posted Dec 28, 2011
Site security.freebsd.org

FreeBSD Security Advisory - The OpenSSL library call used to decrypt private keys ignores the passphrase argument if the key is not encrypted. Because the pam_ssh module only checks whether the passphrase provided by the user is null, users with unencrypted SSH private keys may successfully authenticate themselves by providing a dummy passphrase. If the pam_ssh module is enabled, attackers may be able to gain access to user accounts which have unencrypted SSH private keys.

tags | advisory
systems | freebsd
MD5 | 21b2c3939bdfec2873616135f939d843
FreeBSD Telnet Service Encyption Key ID Buffer Overflow
Posted Dec 28, 2011
Site metasploit.com

This Metasploit module exploits a buffer overflow in the encryption option handler of the FreeBSD telnet service.

tags | exploit, overflow
systems | freebsd
advisories | CVE-2011-4862
MD5 | d09b6881028c58649a318f37ded124a5
FreeBSD Security Advisory - telnetd Code Execution
Posted Dec 27, 2011
Site security.freebsd.org

FreeBSD Security Advisory - When an encryption key is supplied via the TELNET protocol, its length is not validated before the key is copied into a fixed-size buffer. An attacker who can connect to the telnetd daemon can execute arbitrary code with the privileges of the daemon (which is usually the "root" superuser).

tags | advisory, arbitrary, root, protocol
systems | freebsd
advisories | CVE-2011-4862
MD5 | 3f3e697e2ae19d73a5dbaaa61c9f7128
FreeBSD Security Advisory - Chrooted ftpd Code Execution
Posted Dec 27, 2011
Site security.freebsd.org

FreeBSD Security Advisory - The nsdispatch API has no mechanism to alert it to whether it is operating within a chroot environment in which the standard paths for configuration files and shared libraries may be untrustworthy. The FreeBSD ftpd daemon can be configured to use chroot, and also uses the nsdispatch API.

tags | advisory
systems | freebsd
MD5 | 07e28abb4e87d4c9ebb11746c5dc884f
Page 1 of 4
Back1234Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close