Section: .. / advisories / freebsd /
| /// File Name: |
FreeBSD-SA-01:22.dc20ctrl |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:22 - The dc20ctrl port, versions prior to 0.4_1, contains a locally exploitable buffer overflow. Because the dc20ctrl program is also setgid dialer, unprivileged local users may gain gid dialer on the local system. This may allow the users to gain unauthorized access to the serial port devices.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4198 | | Last Modified: | Feb 12 04:19:30 2001 |
| MD5 Checksum: | 6bc1b49462b8556170a81e7cef7db5f1 |
|
| /// File Name: |
FreeBSD-SA-02:14.pam-pgsql |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:14.pam-pgsql - The pam-pgsql port prior to v0.5.2 contains a vulnerability which allows remote users to cause arbitrary SQL code to be executed because the username and password given are inserted into a SQL statement with no safety checks.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4187 | | Last Modified: | Mar 13 05:51:27 2002 |
| MD5 Checksum: | d799efbff811756eaeb6c76595102e41 |
|
| /// File Name: |
FreeBSD-SA-02:03.mod_auth_pgsq |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:03 - The mod_auth_pgsql port, versions prior to mod_auth_pgsql-0.9.9, contain a vulnerability that may allow a remote user to cause arbitrary SQL code to be execute. mod_auth_pgsql constructs a SQL statement to be executed by the PostgreSQL server in order to lookup user information. The username given by the remote user is inserted into the SQL statement without any quoting or other safety checks.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4182 | | Last Modified: | Jan 8 07:28:05 2002 |
| MD5 Checksum: | 87cc1c8e36c4f927313ce7af08cd8e10 |
|
| /// File Name: |
FreeBSD-SA-01:33.ftpd-glob |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:33 - The glob() function contains buffer overflows that are exploitable through the FTP daemon. If a directory with a name of a certain length is present, a remote user specifying a pathname using globbing characters may cause arbitrary code to be executed on the FTP server as user running ftpd, usually root. Additionally, when given a path containing numerous globbing characters, the glob() functions may consume significant system resources when expanding the path. This can be controlled by setting user limits via /etc/login.conf and setting limits on globbing expansion.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4158 | | Last Modified: | Apr 24 03:38:53 2001 |
| MD5 Checksum: | a453b49a4b62f9680a258521bb5f9eb1 |
|
| /// File Name: |
FreeBSD-SA-02:01.pkg_add |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:01 - Pkg_add allows local attackers to modify the package contents and potentially elevate privileges or otherwise compromise the system.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4150 | | Last Modified: | Jan 11 06:04:23 2002 |
| MD5 Checksum: | 8c47552cc1bc260be26ebcefc5aca401 |
|
| /// File Name: |
FreeBSD-SA-00:08.lynx |
Description:
|
FreeBSD Security Advisory SA-00:08 - lynx revised. Versions of the lynx software prior to version 2.8.3pre.5 were written in a very insecure style and contain numerous potential and several proven security vulnerabilities. A malicious server which is visited by a user with the lynx browser can exploit the browser security holes in order to execute arbitrary code as the local user. The Lynx development team conducted an audit of the source code, and have corrected the known vulnerabilities in lynx. As of lynx-2.8.3pre.5, we consider it safe enough to use again.
| | Homepage: | http://www.freebsd.org | | File Size: | 4150 | | Last Modified: | May 18 11:51:05 2000 |
| MD5 Checksum: | 9218016018e4595c71dab132a499dcf2 |
|
| /// File Name: |
FreeBSD-SA-02:20.syncookies |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:20 - Two denial of service vulnerabilities were found in the syn cookie implementation in FreeBSD. When a SYN was accepted via a syncookie, it used an uninitialized pointer to find the TCP options for the new socket. This pointer may be a null pointer, which will cause the machine to crash. In addition, restarting applications using syn cookie protected sockets can cause a reference to an old inpcb pointer, crashing the system.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4133 | | Last Modified: | Apr 17 09:20:26 2002 |
| MD5 Checksum: | 8dddb28aff356332abf8704f7f92d0e2 |
|
| /// File Name: |
FreeBSD-SA-01:60.procmail |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:60 - Procmail versions prior to procmail 3.20 performed unsafe actions while in the signal handlers. If a signal is delivered while procmail is already in an unsafe signal handler, undefined behavior may result, possibly leading to the ability to perform actions as the superuser under unprivileged local user control.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4129 | | Last Modified: | Sep 27 06:47:20 2001 |
| MD5 Checksum: | 380eca29133cf6e85db4ddf85f4cbe35 |
|
| /// File Name: |
FreeBSD-SA-00:45 |
Description:
|
FreeBSD Security Advisory SA-00:45 - esound port allows file permissions to be modified. EsounD is a component of the GNOME desktop environment which is responsible for multiplexing access to audio devices. The esound port, versions 0.2.19 and earlier, creates a world-writable directory in /tmp owned by the user running the EsounD session, which is used for the storage of a unix domain socket. A race condition exists in the creation of this socket which allows a local attacker to cause an arbitrary file or directory owned by the user running esound to become world-writable. This can give the attacker access to the victim's account, or lead to a system compromise if esound is run by root.
| | Homepage: | http://www.freebsd.org | | File Size: | 4124 | | Last Modified: | Sep 1 03:29:54 2000 |
| MD5 Checksum: | 8d7fca84918b728d0f1974a5b01cf1f6 |
|
| /// File Name: |
FreeBSD-SA-00:71.mgetty |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:71 - The mgetty port, versions prior to 1.1.22.8.17, contains a vulnerability that may allow local users to create or overwrite any file on the system. This is due to the faxrunqd daemon (which usually runs as root) following symbolic links when creating a .last_run file in the world-writable /var/spool/fax/outgoing/ directory. This presents a denial of service attack since the attacker can cause critical system files to be overwritten, but it is not believed the attacker has the ability to control the contents of the overwritten file. Therefore the possibility of using this attack to elevate privileges is believed to be minimal.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4115 | | Last Modified: | Nov 26 04:07:21 2000 |
| MD5 Checksum: | d1564452a5a43f32304296d39ae1c78b |
|
| /// File Name: |
FreeBSD-SA-01:64.wu-ftpd |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:64.wu-ftpd - Wu-ftpd v2.6.1 and below contains a remote root vulnerability which allows ftp users with anonymous accounts or user accounts to execute code. This may be accomplished by inserting invalid globbing parameters which are incorrectly parsed by the FTP server into command input.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4113 | | Last Modified: | Dec 9 04:49:50 2001 |
| MD5 Checksum: | e3ba0a862974b9e5a3647de6bb36a86c |
|
| /// File Name: |
sa96-11 |
Description:
|
security compromise from man page utility
| | File Size: | 4111 | | Last Modified: | Sep 23 05:52:22 1999 |
| MD5 Checksum: | 82b52c7eec9104d80fd649f5eb6fabf7 |
|
| /// File Name: |
FreeBSD-SA-01:35.licq |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:35.licq - The licq port, versions prior to 1.0.3, contains a vulnerability in URL parsing. URLs received by the licq program are passed to the web browser using the system() function. Since licq performs no sanity checking, a remote attacker will be able to pipe commands contained in the URL causing the client to execute arbitrary commands.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4111 | | Last Modified: | Apr 25 02:53:57 2001 |
| MD5 Checksum: | 20a23af63b1ba9a677c8588d31eb368c |
|
| /// File Name: |
FreeBSD-SA-00:31.canna |
Description:
|
FreeBSD-SA-00:31 - The Canna server, which is not installed by default, contains an overflowable buffer which may be exploited by a remote user to execute arbitrary code on the local system as user 'bin'.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4098 | | Last Modified: | Jul 13 00:50:50 2000 |
| MD5 Checksum: | e85cfbd11cbdc2826ee284b437ef426e |
|
| /// File Name: |
freebsd.sa-00.04.delegate |
Description:
|
An optional third-party port distributed with FreeBSD (Delegate) contains numerous remotely-exploitable buffer overflows which allow an attacker to execute arbitrary commands on the local system, typically as the 'nobody' user.
| | Homepage: | http://www.freebsd.org | | File Size: | 4084 | | Last Modified: | Feb 23 11:16:00 2000 |
| MD5 Checksum: | def7b320311a96898c82289fe813100a |
|
| /// File Name: |
FreeBSD-SA-02:21.tcpip |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:21 - A bug in the FreeBSD kernel's TCP/IP stack's processing of ICMP echo replies can be exploited to create new routing table entries which are never deallocated, using all available memory.
| | Homepage: | http://www.freebsd.org | | File Size: | 4059 | | Last Modified: | Apr 23 07:27:01 2002 |
| MD5 Checksum: | d9a7b78b37e909ba385c74c0d64bb9c3 |
|
| /// File Name: |
FreeBSD-SA-00:55.xpdf |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:55 - The xpdf port, a PDF viewer for X, contains a race condition which allows local users to overwrite arbitrary files as the user running xpdf. Additionally no shell metacharacter checking is done when visiting URLs.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4057 | | Last Modified: | Oct 15 20:34:38 2000 |
| MD5 Checksum: | 91850965055515bbc3ea2fbc11dc172f |
|
| /// File Name: |
FreeBSD-SA-01:20.mars_nwe |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:20 - The mars_nwe port, versions prior to 0.99.b19_1, contains a remote format string vulnerability. Because of this vulnerability, a malicious remote user sending specially-crafted packets may be able to execute arbitrary code on the local system, gaining root access.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4048 | | Last Modified: | Feb 12 04:14:55 2001 |
| MD5 Checksum: | 61253820dc5acd762dbca186595952d0 |
|
| /// File Name: |
FreeBSD-SA-02_24.k5su |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:24.k5su - The k5su utility fails to limit super-user access to the 'wheel' group. This affects FreeBSD 4.4-RELEASE, 4.5-RELEASE and FreeBSD-STABLE (prior to 2002-05-15).
| | Author: | FreeBSD Security Officer Team | | Homepage: | http://www.freebsd.org/security/ | | File Size: | 4047 | | Last Modified: | May 22 08:38:48 2002 |
| MD5 Checksum: | 4ad2c580d48e4301dd615c562f567664 |
|
| /// File Name: |
FreeBSD-SA-02:44.filedesc |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:44 - FreeBSD 4.3 and later is vulnerable to a local denial service attack due to a bug in the fpathconf system call which crashes the system by repeatedly calling fpathconf on a file descriptor until the reference count wraps to a negative value, then closing the file descriptor. See Pine-cert-20030101.txt for more information.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4035 | | Last Modified: | Jan 9 09:57:48 2003 |
| MD5 Checksum: | afc45e10c1049f4c6192cae828f02f2d |
|
| /// File Name: |
sa96-01 |
Description:
|
sliplogin unauthorized access vulnerability
| | File Size: | 4024 | | Last Modified: | Sep 23 05:52:22 1999 |
| MD5 Checksum: | bbda10952b624cde7ccc3e4654719728 |
|
| /// File Name: |
FreeBSD-SA-01:05.stunnel |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:05.stunnel - The stunnel port, versions prior to 3.9, contains a vulnerability which could allow remote compromise. When debugging is turned on (using the -d 7 option), stunnel will perform identd queries of remote connections, and the username returned by the remote identd server is written to the log file. Due to incorrect usage of syslog(), a malicious remote user who can manipulate their identd username can take advantage of string-formatting operators to execute arbitrary code on the local system as the user running stunnel, often the root user.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4018 | | Last Modified: | Jan 17 07:48:40 2001 |
| MD5 Checksum: | 4ea2a22d7656e916c1862544b87919e0 |
|
| /// File Name: |
FreeBSD-SA-00:58.passwd |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:58 - Passwd, chfn, chpass, chsh, ypchfn, ypchpass, and ypchsh are suid root utilities for changing account information. Format string buffer overflow vulnerabilities have been found in code shared by these commands which allows local users to obtain root access.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4004 | | Last Modified: | Oct 31 08:33:33 2000 |
| MD5 Checksum: | f205d022301f149cd7610ec955fdc991 |
|
| /// File Name: |
FreeBSD-SA-00:35.proftpd |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:35 - The proftpd port, versions prior to 1.2.0rc2, contains a vulnerability which allows FTP users, both anonymous FTP users and those with a valid account, to execute arbitrary code as root on the local machine, by inserting string-formatting operators into command input, which are incorrectly parsed by the FTP server.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4004 | | Last Modified: | Aug 15 05:25:03 2000 |
| MD5 Checksum: | 1fafc695df1bf3446f681406dc90b01d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
