what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

FreeBSD Local Denial Of Service
Posted Jan 28, 2011
Authored by Kingcope

FreeBSD local denial of service exploit that causes a forced reboot.

tags | exploit, denial of service, local
systems | freebsd
SHA-256 | 74e9ff916c830d783aa31aad9f51279b50bb6492d981404c7bf0b44fa6c5ff54

Related Files

FreeBSD 13.0 aio_aqueue Kernel Refcount Local Privilege Escalation
Posted Aug 18, 2022
Authored by Chris J-D | Site accessvector.net

FreeBSD versions 11.0 through 13.0 suffers from a local privilege escalation vulnerability via an aio_aqueue kernel refcount bug. This research post goes into great depth on how the researcher traversed the logic flow and achieved exploitability.

tags | exploit, paper, kernel, local
systems | freebsd, bsd
advisories | CVE-2022-23090
SHA-256 | 326b5e8f7907c92be98ab7e3ac35bb7766ebdf09bf20a0f1659fef3debf9aa56
FreeBSD Update On Spectre / Meltdown Patching
Posted Jan 9, 2018
Authored by Gordon Tetlow

This is a note from the FreeBSD team that they were notified of the issue in late December and received a briefing under NDA with the original embargo date of January 9th. Since they received relatively late notice of the issue, their ability to provide fixes is delayed.

tags | advisory
systems | freebsd, bsd
advisories | CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
SHA-256 | 6ca4e042704f1c11c5f3b11989e130de889f46523779b326d9cbaf056da654ca
FreeBSD setrlimit Stack Clash Proof Of Concept
Posted Jun 29, 2017
Site qualys.com

FreeBSD setrlimit stack clash proof of concept exploit.

tags | exploit, proof of concept
systems | freebsd, bsd
advisories | CVE-2017-1085
SHA-256 | 55fb8566c8dcae52540b3d92f7a1228604de1093d9d64e40a1cebbbe5ec1f611
FreeBSD FGPE Stack Clash Proof Of Concept
Posted Jun 29, 2017
Site qualys.com

FreeBSD FGPE stack clash proof of concept exploit.

tags | exploit, proof of concept
systems | freebsd, bsd
advisories | CVE-2017-1084
SHA-256 | 2dddaf6810e24694581a3d0559ab7f60f9bdef61855acef6f9cdc6c393b35315
FreeBSD FGPU Stack Clash Proof Of Concept
Posted Jun 29, 2017
Site qualys.com

FreeBSD FGPU stack clash proof of concept exploit.

tags | exploit, proof of concept
systems | freebsd, bsd
advisories | CVE-2017-1084
SHA-256 | fa4055aa1f668bb096eafa433dace0e75f81c48fefa47f2d5271474380116c6b
FreeBSD mbufs() Sendfile Cache Poisoning Exploit
Posted Aug 19, 2010
Authored by Kingcope

FreeBSD mbufs() sendfile cache poisoning local privilege escalation exploit that throws a setuid shell in /tmp. Works on 7.x and 8.x builds prior to 12Jul2010.

tags | exploit, shell, local
systems | freebsd
SHA-256 | 52de447adb0cf2da2d0293e293c0bb572852ec6114e07299e2dfc735fc81b5ce
freebsd-passwd.txt
Posted Sep 10, 2008
Authored by suN8Hclf | Site dark-coders.pl

112 byte connect back.send.exit /etc/passwd shellcode for freebsd/x86.

tags | x86, shellcode
systems | freebsd
SHA-256 | 2a9e2dbe79087eeea63c69f7234f0b2c4331c511246dc7eb688bdbeb4f82ae76
freebsd-revcon.txt
Posted Sep 5, 2008
Authored by sm4x

90 byte rev connect, recv, jmp, return results shellcode for freebsd/x86.

tags | x86, shellcode
systems | freebsd
SHA-256 | de490e98a88f7b49dff7f3980d441bd35d41b81ed25838e1932e19ea8e9dabdf
freebsd-master.txt
Posted Aug 26, 2008
Authored by sm4x

65 byte NULL free /bin/cat /etc/master.passwd shellcode for freebsd/x86.

tags | x86, shellcode
systems | freebsd
SHA-256 | bf75fbba65f9c2d9805dac05cb9b181b3ddf504b414102d4ab8ea326f74b262d
freebsd-reverse.txt
Posted Aug 22, 2008
Authored by sm4x

89 byte /bin/sh reverse portbind FreeBSD/x86 shellcode.

tags | x86, shellcode
systems | freebsd
SHA-256 | 0a238804877bad73cf1b4557abc7680cc941f298ece195636d9753a3010c5ca6
freebsd-firewire.txt
Posted Nov 16, 2006
Authored by Rodrigo Rubira Branco | Site kernelhacking.com

The Firewire device enabled by default in the GENERIC kernel for FreeBSD defines an IOCTL function which can be malicious called passing a negative buffer length value. This value will bypass the length check (because the value is negative) and will be used in a copyout operation. This is a kernel bug and the system can be compromised by local users and important system information can be disclosed.

tags | advisory, kernel, local
systems | freebsd
SHA-256 | 82423b755e39255304cd291c2c1e57430c3c394fcfe1bff6e87af69b61b6bb54
freebsd-ftruncate-dos.c
Posted Oct 18, 2006
Authored by Knud Erik Hojgaard

FreeBSD ftruncate() DoS exploit. Causes system reboot.

tags | exploit
systems | freebsd
SHA-256 | d95dd783029e8b621927a0eaedae18fe266fbfc1532f3764ac0ae810567a9229
freebsd-ptrace-dos.c
Posted Oct 17, 2006
Authored by Knud Erik Hojgaard

FreeBSD 5.4 and 6.0 ptrace DoS exploit.

tags | exploit
systems | freebsd
SHA-256 | c8e8152518cb4731fedaa7dfdfdc1ac3fba3471053b6dd67d6f9611d95fb62a2
FreeBSD-SA-01_52.fragment
Posted Aug 11, 2001
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:52 - Remote users may be able to prevent a FreeBSD system from communicating with other systems on the network by transmitting large numbers of fragmented IPv4 datagrams. For the attack to be effective, the attacker must have a high-bandwidth connection to the target system. IP datagram fragments destined to the target system will be queued for 30 seconds, to allow fragmented datagrams to be reassembled. There was no upper limit in the number of reassembly queues. Therefore, a malicious party may be able to transmit a lot of bogus fragmented datagrams (with different IPv4 identification field) and cause the target system to exhaust its mbuf pool, preventing further network traffic processing or generation while the starvation condition continues.

tags | remote
systems | freebsd
SHA-256 | 2972addf4a608d78056fb160604edc584e28bdaa94b04465877d6a8a8703c371
FreeBSD-SA-01_50.windowmaker
Posted Aug 11, 2001
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01_50 - The windowmaker ports, versions prior to windowmaker-0.65.0_2 and windowmaker-i18n-0.65.0_1, contain a potentially exploitable buffer overflow when displaying a very long window title in the window list menu. Since programs such as web browsers will include the contents of a webpage's title tag in window titles, this problem may allow authors of malicious webpages to cause windowmaker to crash and potentially execute arbitrary code as the user running windowmaker.

tags | web, overflow, arbitrary
systems | freebsd
SHA-256 | f5f9cbaff9ebb65ced3a13b3c86bdd040d1610658fabba9d5dff8d9042bfe8e7
FreeBSD-SA-01_49.telnetd.v1.1
Posted Aug 11, 2001
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:49 - An overflowable buffer was found in the version of telnetd included with FreeBSD. Due to incorrect bounds checking of data buffered for output to the remote client, an attacker can cause the telnetd process to overflow the buffer and crash, or execute arbitrary code as the user running telnetd, usually root. A valid user account and password is not required to exploit this vulnerability, only the ability to connect to a telnetd server. The telnetd service is enabled by default on all FreeBSD installations if the 'high' security setting is not selected at install-time. This vulnerability is known to be exploitable, and is being actively exploited in the wild. All released versions of FreeBSD prior to the correction date including 3.5.1-RELEASE and 4.3-RELEASE are vulnerable to this problem.

tags | remote, overflow, arbitrary, root
systems | freebsd
SHA-256 | 9c1445cec7a0d6ec09dada59a4d65d65632fc6cb6348d8ffeb707e4260bb06b7
FreeBSD-SA-01_48.tcpdump
Posted Aug 11, 2001
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:48 - An overflowable buffer was found in the version of tcpdump included with FreeBSD 4.x. Due to incorrect string length handling in the decoding of AFS RPC packets, a remote user may be able to overflow a buffer causing the local tcpdump process to crash. In addition, it may be possible to execute arbitrary code with the privileges of the user running tcpdump, often root.

tags | remote, overflow, arbitrary, local, root
systems | freebsd
SHA-256 | 9a822bec0fcd7051f39647d8d5f8c4fdefd0fa597a5a930cbfe8581b2738de6f
FreeBSD-SA-01_47.xinetd
Posted Aug 11, 2001
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:47 - The xinetd port, versions prior to xinetd-2.3.0, contains a potentially exploitable buffer overflow in the logging routines. If xinetd is configured to log the userid of remote clients obtained via the RFC1413 ident service, a remote user may be able to cause xinetd to crash by returning a specially-crafted ident response. This may also potentially execute arbitrary code as the user running xinetd, normally root.

tags | remote, overflow, arbitrary, root
systems | freebsd
SHA-256 | eccfcea8d2ee4eab56c39fb1af4bb79cb8e037169f4831c3514d687c16af83b4
FreeBSD-SA-01_46.w3m
Posted Aug 11, 2001
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:46 - The w3m port, versions prior to w3m-0.2.1_1, contains a buffer overflow in the parsing of MIME headers. A malicious server which is visited by a user with the w3m browser can exploit the browser security holes in order to execute arbitrary code on the local machine as the local user.

tags | overflow, arbitrary, local
systems | freebsd
SHA-256 | e0a43372bad9d7749bdcf363380729a9a5451d15ef8149646d3b8984982832b2
FreeBSD-SA-01_45.samba
Posted Aug 11, 2001
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01_45 - The samba ports, versions prior to samba-2.0.10, samba-devel-2.2.0a, and ja-samba-2.0.9.j1.0_1, fail to properly validate NetBIOS names. Sending a specially crafted NetBIOS name containing unix path characters, a remote user may be able to cause the samba server to write the log files to arbitrary locations on the local filesystems.

tags | remote, arbitrary, local
systems | unix, freebsd
SHA-256 | c3e99512614ab0dff34a38b9cfb9ed1f616023df53de84a83f02728b336d9ec3
FreeBSD-SA-01_44.gnupg
Posted Aug 11, 2001
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:44 - The gnupg port, versions prior to gnupg-1.0.6, contains a format string vulnerability. If gnupg attempts to decrypt a file whose filename does not end in '.gpg', the filename is copied to the prompt string, allowing a user-supplied format string. This may allow a malicious user to cause arbitrary code to be executed as the user running gnupg.

tags | arbitrary
systems | freebsd
SHA-256 | 30fcf073612ca484650733359c5dc934eb0bca1ab927c014077ef1b77b09da2f
FreeBSD-SA-01_43.fetchmail
Posted Aug 11, 2001
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:43 - The fetchmail port, versions prior to fetchmail-5.8.6, contains a potentially exploitable buffer overflow when rewriting headers longer than 512 bytes. This problem may allow remote users to cause fetchmail to crash and potentially execute arbitrary code as the user running fetchmail.

tags | remote, overflow, arbitrary
systems | freebsd
SHA-256 | 0ce42eb29df0ee11755da8eb304904f95adb31e6e6856b57c3c372a659305744
FreeBSD-SA-01_42.signal.v1.1.asc
Posted Aug 11, 2001
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:42 - A flaw exists in FreeBSD signal handler clearing that would allow for some signal handlers to remain in effect after the exec. Most of the signals were cleared, but some signal handlers were not. This allowed an attacker to execute arbitrary code in the context of a setuid binary. All versions of 4.x prior to the correction date including and 4.3-RELEASE are vulnerable to this problem.

tags | arbitrary
systems | freebsd
SHA-256 | e5355fe831c6a5d26c53474d7ecbf52ae5441d2812933d8a8e46f1f1e1730760
FreeBSD-SA-01_41.hanterm
Posted Aug 11, 2001
Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:41 - The hanterm binary is installed with setuid root permissions, but contains insecure code which allows unprivileged local users to obtain root access on the local system.

tags | local, root
systems | freebsd
SHA-256 | 61c26ff5be9c094bd4598f02b374f1f3a82a7d93409d3b8d57c3e0d82b1d810c
FreeBSD Security Advisory 2001.1
Posted Jan 17, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:01.openssh - OpenSSH clients still allow X11 / Agent forwarding even if it is disabled, allowing hostile SSH servers can access your X11 display or your ssh-agent when connected to.

systems | freebsd
SHA-256 | e3c07c256493482277a2b91f16fa873dd1a3572e056cf3a6c3f8522e67ea340f
Page 1 of 4
Back1234Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close