Section: .. / advisories / freebsd /
| /// File Name: |
FreeBSD-SA-01:36.samba |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:36.samba - The samba ports, versions prior to samba-2.0.8 and samba-devel-2.2.0, contain /tmp races that may allow local users to cause arbitrary files and devices to be overwritten. Due to easily predictable printer queue cache file names, local users may create symbolic links to any file or device causing it to be corrupted when a remote user accesses a printer. In addition, the file will be left with world writable permission allowing any user to enter their own data.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4417 | | Last Modified: | Apr 25 02:56:17 2001 |
| MD5 Checksum: | 6e3ceef276318afeaf178ec18d0d80b2 |
|
| /// File Name: |
FreeBSD-SA-01:21.ja-elvis |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:21 - The ja-elvis and ko-helvis ports, versions prior to ja-elvis-1.8.4_1 and ko-helvis-1.8h2_1, contain an exploitable buffer overflow in the elvrec utility. Because elvrec is setuid root, unprivileged local users may gain root privileges on the local system.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4415 | | Last Modified: | Feb 12 04:17:11 2001 |
| MD5 Checksum: | 68f456f494bb526ce9563ae482002eea |
|
| /// File Name: |
FreeBSD-SA-00:27.XFree86-4 |
Description:
|
FreeBSD-SA-00:27 - XFree86 4.0 contains a local root vulnerability in the XFree86 server binary, due to incorrect bounds checking of command-line arguments. The server binary is setuid root, in contrast to previous versions which had a small setuid wrapper which performed (among other things) argument sanitizing.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4405 | | Last Modified: | Jul 6 03:21:40 2000 |
| MD5 Checksum: | 5150a2fda32981c2badd01d1938b9a78 |
|
| /// File Name: |
sa96-13 |
Description:
|
unauthorized mail reading via comsat
| | File Size: | 4401 | | Last Modified: | Sep 23 05:52:22 1999 |
| MD5 Checksum: | 701630c5daa2776d73734bbaef109cd7 |
|
| /// File Name: |
FreeBSD-SA-00:64.global |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:64 - The global port, versions 3.5 through to 3.55, contains a vulnerability in the CGI script generated by the htags utility which allows a remote attacker to execute code on the local system as the user running the script, typically user nobody.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4401 | | Last Modified: | Nov 7 06:30:31 2000 |
| MD5 Checksum: | f5a7cf85e7461bed79930ecb37bb0a9e |
|
| /// File Name: |
sa97-03 |
Description:
|
sysinstall bug
| | File Size: | 4399 | | Last Modified: | Sep 23 05:52:22 1999 |
| MD5 Checksum: | 8decfe475bbcefd92b46410e5ba538da |
|
| /// File Name: |
FreeBSD-SA-00:18.gnapster |
Description:
|
FreeBSD Security Advisory SA-00:18 - The gnapster port (version 1.3.8 and earlier), and the knapster port (version 0.9 and earlier) contain a vulnerability which allows remote napster users to view any file on the local system which is accessible to the user running gnapster/knapster.
| | Homepage: | http://www.freebsd.org | | File Size: | 4375 | | Last Modified: | May 18 11:53:32 2000 |
| MD5 Checksum: | cad7637000608b796d833b69beb65902 |
|
| /// File Name: |
FreeBSD-SA-01:67.htdig |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:67 - Htsearch, part of the htdig port, contains remote denial of service vulnerabilities. It also can allow files on the webserver to be written, but only if the attacker can anon-ftp in files. Version 3.1.5 and below are affected.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4361 | | Last Modified: | Dec 18 06:25:23 2001 |
| MD5 Checksum: | 3c85314147ec36ddaf394d086181b406 |
|
| /// File Name: |
FreeBSD-SA-00:61.tcpdump |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:61 - Several overflowable buffers were discovered in the version of tcpdump included in FreeBSD, including one in the decoding of AFS ACL packets in the more recent version of tcpdump (v 3.5) which allows a a remote attacker to execute arbitrary code on the local system as root.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4353 | | Last Modified: | Nov 7 06:26:56 2000 |
| MD5 Checksum: | 52932ef1727c595062d61e641ebe30bc |
|
| /// File Name: |
FreeBSD-SA-01:68.xsane |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:68 - The XSane port has insecure temp file vulnerabilities allowing local users to overwrite files by exploiting a race condition.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4351 | | Last Modified: | Dec 18 06:26:58 2001 |
| MD5 Checksum: | b0f9ada2ed840a9a9450d48283d459a7 |
|
| /// File Name: |
FreeBSD-SA-01:16.mysql |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:16 - The mysql323-server port, versions prior to 3.23.22, and all mysql322-server ports contain remote vulnerabilities. Due to a buffer overflow, a malicious remote user can access to all databases and have the ability to leverage other local attacks as the mysqld user.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4339 | | Last Modified: | Feb 1 01:49:18 2001 |
| MD5 Checksum: | 2d1285973a3e43c402f9c0272c2f2d5f |
|
| /// File Name: |
FreeBSD-SA-00:47.pine |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:47 - The pine4 port, versions 4.21 and before, contained a bug which would cause the program to crash when processing a folder which contains an email message with a malformed X-Keywords header. The message itself could be deleted within pine if identified, but other operations such as closing the folder with the message still present would cause the program to crash with no apparent cause.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4326 | | Last Modified: | Sep 14 00:48:33 2000 |
| MD5 Checksum: | 7f1152a7dca9e542570ffdc0b188d1cf |
|
| /// File Name: |
FreeBSD-SA-01_45.samba |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01_45 - The samba ports, versions prior to samba-2.0.10, samba-devel-2.2.0a, and ja-samba-2.0.9.j1.0_1, fail to properly validate NetBIOS names. Sending a specially crafted NetBIOS name containing unix path characters, a remote user may be able to cause the samba server to write the log files to arbitrary locations on the local filesystems.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4291 | | Last Modified: | Aug 11 10:50:12 2001 |
| MD5 Checksum: | 1e2742b83fabe7fcb3f3b8695342c429 |
|
| /// File Name: |
sa96-03 |
Description:
|
*suggested action only* sendmail smrsh now available
| | File Size: | 4286 | | Last Modified: | Sep 23 05:52:22 1999 |
| MD5 Checksum: | d475715f64b1ee8a981045e2a6798d41 |
|
| /// File Name: |
FreeBSD-SA-00:59.pine |
Description:
|
FreeBSD Security Advisory - The pine4 port, versions 4.21 and before, contains a buffer overflow vulnerability which allows a remote user to execute arbitrary code on the local client by the sending of a special-crafted email message. The overflow occurs during the periodic "new mail" checking of an open folder.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4266 | | Last Modified: | Oct 31 08:41:35 2000 |
| MD5 Checksum: | 5863963316b7c02276c9cae2c0ee630b |
|
| /// File Name: |
FreeBSD-SA-02:32.pppd |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:32 - The pppd program shipped with all releases of FreeBSD up to and including 4.6.1-RELEASE-p1 contains a race condition which can be exploited by local users to change the permissions of any file.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4264 | | Last Modified: | Aug 1 20:03:45 2002 |
| MD5 Checksum: | fafb4b1e3f054b1759834dcd4c512dd5 |
|
| /// File Name: |
sa96-10 |
Description:
|
system stability compromise via mount_union program
| | File Size: | 4259 | | Last Modified: | Sep 23 05:52:22 1999 |
| MD5 Checksum: | d9c01b0e5700019d2835d5565f9b1c62 |
|
| /// File Name: |
FreeBSD-SA-01:04.joe |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:04.joe - The joe port, versions prior to 2.8_2, contains a local temp file bug if it exits abnormally.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4256 | | Last Modified: | Jan 17 07:43:59 2001 |
| MD5 Checksum: | abe6f14221438537d7144779e2282d89 |
|
| /// File Name: |
FreeBSD-SA-00:14.imap-uw |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:14 - imap-uw contains security vulnerabilities for "closed" mail servers. There are numerous buffer overflows available to an imap user after they have successfully logged into their mail account. Thus, the vulnerability is only relevant on a "closed" mail server, i.e. one which does not normally allow interactive logins by mail users.
| | Homepage: | http://www.freebsd.org | | File Size: | 4242 | | Last Modified: | Apr 25 19:30:15 2000 |
| MD5 Checksum: | a4690203293f3e292bf0241444c792e8 |
|
| /// File Name: |
FreeBSD-SA-02:38.signed-error |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:38 - Several FreeBSD system calls can be called with large negative arguments, causing the kernel to return a large portion of kernel memory. Such memory often contains sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way. Terminal buffers often include user entered passwords.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4227 | | Last Modified: | Aug 20 08:41:19 2002 |
| MD5 Checksum: | 8f1b399750ad1732b5f59c91357c32e9 |
|
| /// File Name: |
FreeBSD-SA-00:60.boa |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:60 - The boa port, versions after 0.92 but prior to 0.94.8.3, contains a vulnerability which allows remote users to view arbitrary files outside the document root, because it did not correctly restrict URL-encoded requests containing ".." in the path. In addition, if CGI support is enabled, a request for any file ending in .cgi will result in the file being executed with the privileges of the user id running the web server, allowing untrusted binary execution.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4213 | | Last Modified: | Oct 31 08:53:20 2000 |
| MD5 Checksum: | 00ea3bdd3b34ba4f6137a3d8831839bc |
|
| /// File Name: |
FreeBSD-SA-02:15.cyrus-sasl |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:15 - The port of the cyrus-sasl library prior to v1.5.24_8 contains a format string overflow in the syslog() call. Applications linked to that library could be affected.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4205 | | Last Modified: | Mar 13 05:56:18 2002 |
| MD5 Checksum: | 470549b2b966b41f4e916916e7b2e42b |
|
| /// File Name: |
FreeBSD-SA-00:26.popper |
Description:
|
FreeBSD-SA-00:26 - The popper port, version 2.53 and earlier, incorrectly parses string formatting operators included in part of the email message header. A remote attacker can send a malicious email message to a local user which can cause arbitrary code to be executed on the server when a POP client retrieves the message using the UIDL command. The code is executed as the user who is retrieving mail: thus if root reads email via POP3 this can lead to a root compromise.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4202 | | Last Modified: | Jul 13 00:51:47 2000 |
| MD5 Checksum: | b0261aeb3ace81e12dcc09fd5286ec18 |
|
| /// File Name: |
FreeBSD-SA-01:61.squid |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:61 - If the squid proxy port is configured in acceleration-only mode, ACL's are ignored, allowing a remote attacker to use the squid server in order to issue requests to hosts that are otherwise inaccessible. Because the squid server processes these requests as HTTP requests, the attacker cannot send or retrieve arbitrary data. However, the attacker could use squid's response to determine if a particular port is open on a victim host. Therefore, the squid server may be used to conduct a port scan.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4201 | | Last Modified: | Oct 11 06:22:33 2001 |
| MD5 Checksum: | 3a5eadce78ebd78879fe27fb8d2f1278 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
