Section: .. / advisories / freebsd /
| /// File Name: |
FreeBSD-SA-02:08.exec |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:08 - A race condition during exec allows local root compromise. A race condition exists in the FreeBSD exec system call implementation. It is possible for a user to attach a debugger to a process while it is exec'ing, but before the kernel has determined that the process is set-user-ID or set-group-ID. All versions of FreeBSD 4.x prior to FreeBSD 4.5-RELEASE are vulnerable to this problem. The problem has been corrected by marking processes that have started.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 8502 | | Last Modified: | Jan 25 08:29:24 2002 |
| MD5 Checksum: | d01d62114dbd97adf1fd167c813cd187 |
|
| /// File Name: |
freebsd.sa-00.01.make |
Description:
|
FreeBSD Security Advisory - The -j option to make uses /tmp in an insecure mannor, making it vulnerable to a race condition. All versions of NetBSD and OpenBSD are also believed to be vulnerable to this problem. Other systems using a BSD-derived make(1) binary may also be vulnerable.
| | File Size: | 8477 | | Last Modified: | Jan 22 04:32:58 2000 |
| MD5 Checksum: | 8b703fc1e0f12956fb08838bd0c0e58b |
|
| /// File Name: |
sa97-06 |
Description:
|
Pentium processors have flaw allowing unpriviledged crashes
| | File Size: | 8433 | | Last Modified: | Sep 23 05:52:22 1999 |
| MD5 Checksum: | 8ccf7917db398c89169497b5c4493ea1 |
|
| /// File Name: |
freebsd.sa-97.06.pentium.proc |
Description:
|
Pentium processors have flaw allowing unpriviledged crashes
| | File Size: | 8433 | | Last Modified: | Sep 23 05:52:22 1999 |
| MD5 Checksum: | 8ccf7917db398c89169497b5c4493ea1 |
|
| /// File Name: |
FreeBSD-SA-00:77.procfs |
Description:
|
FreeBSD Security Advisory - Three problems affect the /proc filesystem on FreeBSD. The first allows unprivileged local users can gain superuser privileges due to insufficient access control checks on the /proc//mem and /proc//ctl files, which gives access to a process address space and perform various control operations on the process respectively. The second allows local users to deny service to a machine by mmap()ing a processes own /proc//mem file in the procfs filesystem. The third allows users with superuser privileges on the machine, including users with root privilege in a jail(8) virtual machine, to overflow a buffer in the kernel and bypass access control checks placed on the abilities of the superuser. This allows root users to break out of the jail environment, lower the securelevel, and load modules in kernels where module loading has been disabled.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 8308 | | Last Modified: | Jan 1 06:48:15 2001 |
| MD5 Checksum: | a20dd7da0916f260a090e370ce3de80b |
|
| /// File Name: |
FreeBSD-SA-00:69.telnetd |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:69 - A denial of service attack in telnetd has been found. When changing the TERMCAP environment variable, it can be tricked into searching for termcap entries in any file on the system, taking up CPU resources. A valid account is not required.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 8189 | | Last Modified: | Nov 26 04:22:28 2000 |
| MD5 Checksum: | c041533f5283167eebc39dc3fd3587e8 |
|
| /// File Name: |
sa97-01 |
Description:
|
setlocale() bug in all released versions of FreeBSD
| | File Size: | 8139 | | Last Modified: | Sep 23 05:52:22 1999 |
| MD5 Checksum: | 8801bd1f324c362d25c6b556841b614f |
|
| /// File Name: |
FreeBSD-SA-02:13.openssh |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:13 - OpenSSH v2.0 through v3.0.2p1 contains an exploitable off by one error which allows a authenticated users to run code on the server as root. A malicious server may be able to cause a connecting ssh client to execute arbitrary code with the privileges of the client user.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 8053 | | Last Modified: | Mar 8 04:51:05 2002 |
| MD5 Checksum: | 746cb37b1db4bf4ece58a21c0fb90970 |
|
| /// File Name: |
FreeBSD-SN-02:02 |
Description:
|
FreeBSD Security Notice for Ports - The following software included with FreeBSD contains security vulnerabilities if it is older than: analog-5.22, radius (several), dnews-5.5h2, ethereal-0.9.3, icecast-1.3.12, dhcp-3.0.1.r8_1, mozilla-1.0.rc1_3,1, mod_python-2.7.8, ntop, p5-SOAP-Lite-0.55, puf-0.93.1, sudo-1.6.6, webalizer-2.1.10, and xpilot-4.5.2.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 8008 | | Last Modified: | May 14 07:42:18 2002 |
| MD5 Checksum: | 8f7bc25e41354117df1d83f96e1f31f3 |
|
| /// File Name: |
FreeBSD-SA-02:40.kadmind |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:40 - The Kerberos administrative servers, kadmind and k5admind contain stack overflows that allow remote code execution as root from non-authenticated attackers. According to the MIT security team, there is evidence that this bug is being actively exploited.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 7901 | | Last Modified: | Nov 13 09:30:32 2002 |
| MD5 Checksum: | af0135f35ca1b09af7acfeb50a9bd61c |
|
| /// File Name: |
sa96-15 |
Description:
|
security compromise from ppp
| | File Size: | 7868 | | Last Modified: | Sep 23 05:52:22 1999 |
| MD5 Checksum: | 98f3a6790f1ef8c14de7408a370a8efa |
|
| /// File Name: |
FreeBSD-SA-01:55.procfs |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:55 - The FreeBSD procfs can leak the memory of protected programs, including password hashes. The procfs code checks for gid kmem privilege when granting access to the /proc//mem file - however, the code which is used to allow read-only access via the kmem group was incorrect, and inappropriately granted read access to the caller as long as they already had an open file descriptor for the procfs mem file. All released versions of FreeBSD 4.x including FreeBSD 4.3-RELEASE are vulnerable to this problem if the procfs filesystem is in use.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 7787 | | Last Modified: | Aug 22 05:46:03 2001 |
| MD5 Checksum: | acb8dc544a433d11c51b06b9e807bbda |
|
| /// File Name: |
freebsd.sa-97.05.open |
Description:
|
security compromise via open()
| | File Size: | 7533 | | Last Modified: | Sep 23 05:52:22 1999 |
| MD5 Checksum: | eaf7b191049a4b83413533075cccab49 |
|
| /// File Name: |
freebsd.sa-99.01.file_flags |
Description:
|
BSD File Flags and Programming Techniques
| | File Size: | 7456 | | Last Modified: | Sep 23 05:52:22 1999 |
| MD5 Checksum: | 28814b3b50879186b5bc973dc5428991 |
|
| /// File Name: |
FreeBSD-SA-06-14.fpu.txt |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-06:14.fpu - FPU information disclosure: On affected processors, a local attacker can monitor the execution path of a process which uses floating-point operations. This may allow an attacker to steal cryptographic keys or other sensitive information.
| | Homepage: | http://www.freebsd.org/security/ | | File Size: | 7267 | | Last Modified: | Apr 26 09:04:19 2006 |
| MD5 Checksum: | d416397c0cde6ec1455f60ec239ed5c6 |
|
| /// File Name: |
FreeBSD-SN-02:04.apache |
Description:
|
FreeBSD Security Notice FreeBSD-SN-02:04 - FreeBSD ports of apache 1.3.24 and below contain a remote vulnerability. Also affects apache+ssl, mod_ssl, and apache 2.x below 2.0.39. Vulnerability number CAN-2002-0392. The following software included with FreeBSD contains security vulnerabilities if it is older than: Bind9 v9.2.1, courier-imap-1.4.3_1, ethereal-0.9.4, fakebo-0.4.1_1, fragroute-1.2_1, ghostscript-6.53, icmpmonitor-1.11_1, imap-uw (all versions), mnews (all versions), nn-6.6.2_1, sharity-light-1.2_1, slurp-1.10_1, and xchat-1.8.9.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 7224 | | Last Modified: | Jun 20 10:37:12 2002 |
| MD5 Checksum: | 72ba3d776419c0e874d4eccfcfcf4941 |
|
| /// File Name: |
FreeBSD-SA-01_52.fragment |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:52 - Remote users may be able to prevent a FreeBSD system from communicating with other systems on the network by transmitting large numbers of fragmented IPv4 datagrams. For the attack to be effective, the attacker must have a high-bandwidth connection to the target system. IP datagram fragments destined to the target system will be queued for 30 seconds, to allow fragmented datagrams to be reassembled. There was no upper limit in the number of reassembly queues. Therefore, a malicious party may be able to transmit a lot of bogus fragmented datagrams (with different IPv4 identification field) and cause the target system to exhaust its mbuf pool, preventing further network traffic processing or generation while the starvation condition continues.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 7204 | | Last Modified: | Aug 11 11:05:24 2001 |
| MD5 Checksum: | 19f7d5279c35e7d48521319f37def0e3 |
|
| /// File Name: |
freebsd.sa-98.04.mmap |
Description:
|
security compromise via mmap
| | File Size: | 7105 | | Last Modified: | Sep 23 05:52:22 1999 |
| MD5 Checksum: | 58c42eb6ece971d93b135a6512e001db |
|
| /// File Name: |
FreeBSD-SA-03:01.cvs.txt |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-03:01 - It has been found that the CVS server can be tricked to free memory more then once, which can be used for remote code execution. Additionally, the CVS server allowed clients with write access to specify arbitrary commands to execute as part of an update (update-prog) or commit (checkin-prog). This behavior has been restricted. This affects all FreeBSD versions prior to 4.6-RELEASE-p7, 4.7-RELEASE-p4 and 5.0-RELEASE-p1.
| | Homepage: | http://www.freebsd.org | | File Size: | 7074 | | Last Modified: | Feb 5 11:55:37 2003 |
| MD5 Checksum: | ccd2161dff5274f9b0a3ec177c73b23e |
|
| /// File Name: |
FreeBSD-SA-01:08.ipfw |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:08 - A vulnerability in ipfw and ip6fw allows bypassing of firewalls which make use of the 'established' qualifier, such as "allow tcp from any to any established". Due to overloading of the TCP reserved flags field, ipfw incorrectly treats all TCP packets with the ECE flag set as being part of an established TCP connection, which will therefore match a corresponding ipfw rule containing the 'established' qualifier, even if the packet is not part of an established connection. The ECE flag is part of an experimental extension to TCP. At least one other major operating system will emit TCP packets with the ECE flag set under certain operating conditions. All released versions of FreeBSD prior to the correction date including FreeBSD 3.5.1 and FreeBSD 4.2 are vulnerable.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 6922 | | Last Modified: | Feb 12 04:07:03 2001 |
| MD5 Checksum: | f4eb00e56e7849cc7ce25e59538b4166 |
|
| /// File Name: |
FreeBSD-SA-02:07.k5su |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:07 - The k5su command included with FreeBSD, versions prior to 4.5-RELEASE, and the su command included in the heimdal port, versions prior to heimdal-0.4e_2, use the getlogin system call in order to determine whether the currently logged-in user is `root'. In some circumstances, it is possible for a non-privileged process to have `root' as the login name returned by getlogin. You don't actually want that to happen, trust us.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 6838 | | Last Modified: | Jan 19 06:02:51 2002 |
| MD5 Checksum: | 208b22a679028eed6a4f847a57e20216 |
|
| /// File Name: |
FreeBSD-SA-02:18.zlib |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:18 - A programming error in zlib may cause segments of dynamically allocated memory to be released more than once (double-freed), allowing attackers to send specially crafted data to applications that use zlib, crashing the application.
| | Homepage: | http://www.freebsd.org | | File Size: | 6676 | | Last Modified: | Apr 25 09:14:36 2002 |
| MD5 Checksum: | f9a566d99804698e4e9e3c6101ca7f87 |
|
| /// File Name: |
freebsd.sa-00.02.procfs |
Description:
|
FreeBSD Security Advisory - Old procfs hole incompletely filled. In 1997 a flaw was discoverd in *BSD procfs code involving /proc/pid/mem interface, leading to a local root compromise. Since then *BSD kernels contained a simple fix which was meant to close this hole. Unfortunately, throughout these three years it was still possible to abuse /proc/pid/mem in a similar, though more complicated fashion, which could lead to local root compromise. FreeBSD security site here.
| | File Size: | 6650 | | Last Modified: | Jan 29 00:09:24 2000 |
| MD5 Checksum: | 866572f4f87725889eb53e1c2bf83084 |
|
| /// File Name: |
FreeBSD-SA-00:36.ntop |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:36 - The ntop software is written in a very insecure style, with many potentially exploitable buffer overflows (including several demonstrated ones) which could in certain conditions allow the local or remote user to execute arbitrary code on the local system with increased privileges.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 6624 | | Last Modified: | Aug 15 05:26:42 2000 |
| MD5 Checksum: | 48d403c9f5188212026ee6f08d289224 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
