FreeBSD Security Advisory FreeBSD-SA-01:57 - Sendmail contains an input validation error which may lead to the execution of arbitrary code as root by local users. Upgrade to 8.11.6.
bed188af5bfdd7efb668c67329a344bdb8e00d1441d38cbf72f74b9170f6eafb
FreeBSD Security Advisory FreeBSD-SA-01:56 - Tcp_wrappers PARANOID option was not properly implemented and did not provide any more protection than regular host ACL's. This allows an attacker that can influence the results of reverse DNS lookups to get away with providing false information in his dns server.
ad80e6faf5a6c9ffb38faa496b3545f0d0fe76f6e412914ac56ca0b2f075ab46
FreeBSD Security Advisory FreeBSD-SA-01:55 - The FreeBSD procfs can leak the memory of protected programs, including password hashes. The procfs code checks for gid kmem privilege when granting access to the /proc/<pid>/mem file - however, the code which is used to allow read-only access via the kmem group was incorrect, and inappropriately granted read access to the caller as long as they already had an open file descriptor for the procfs mem file. All released versions of FreeBSD 4.x including FreeBSD 4.3-RELEASE are vulnerable to this problem if the procfs filesystem is in use.
0a288600619eeb1888a92b14ed7fd19618b8ff990063c47f632e1cbb3627cff2
FreeBSD Security Advisory FreeBSD-SA-01:54 - Three optional 3rd party telnetd daemons included in the FreeBSD ports collection have remote root vulnerabilities. They are MIT Kerberos V (security/krb5) prior to version 1.2.2_2, Heimdal (security/heimdal) prior to version 0.4b_1, and SSLtelnet (net/SSLtelnet) (not fixed yet).
e5956729554912a4ae3d2e89e5e280809207c76fef37e6bedae7efacadce2c90
FreeBSD Security Advisory FreeBSD-SA-01:53 - Ipfw "me" rules sometimes pass more packets than the administrator realizes when used in conjunction with point-to-point interfaces. Do not use ipfw me, instead give explicit IP addresses.
a2d87cb7ab8f828d0959d0a851d6ddc776013123d5d1775133168ef5b53cc05d
FreeBSD Security Advisory FreeBSD-SA-01:40 - The fts routines are vulnerable to a race condition when ascending a file hierarchy, which allows an attacker who has control over part of the hierarchy into which fts is descending to cause the application to ascend beyond the starting point of the file traversal, and enter other parts of the filesystem. If the fts routines are being used by an application to perform operations on the filesystem hierarchy, such as find(1) with a keyword such as -exec or -delete, or rm(1) with the -r flag, these operations can be incorrectly applied to files outside the intended hierarchy, which may result in system damage or compromise. All versions of FreeBSD prior to the correction date including 4.3-RELEASE are vulnerable to this problem.
1087d9a7ee3c61a0c63ce3f436fd87e2a0503f1603655ffc14376ef19a967eb0
FreeBSD Security Advisory FreeBSD-SA-01:51.openssl - OpenSSL prior to v0.9.6b contains random number errors which allow the key to be computed. An attack taking advantage of this flaw has been identified that can recover the complete state of the PRNG from the output of one carefully sized PRNG request followed by a few hundred consecutive 1-byte PRNG requests.
241b617fae5c8dd7ddf0074d818f8e3e8a95d8944af97aa6cf25faa8b300157e
FreeBSD Security Advisory FreeBSD-SA-01:39.tcp-isn - FreeBSD systems prior to 4.3-RELEASE contain vulnerabilities in the TCP ISN's. Protocols which authenticate solely based on IP address are vulnerable to blind spoofing attacks.
700f3059198dd27dcf3b53b265bad6f0fc17a276e98cf8ee1f2a96aa3ccd7ba9
FreeBSD Security Advisory FreeBSD-SA-01:38.sudo - The sudo port, versions prior to sudo-1.6.3.7, contains a local command-line buffer overflow allowing local users to gain root privileges on the local system.
ee17e318cbfabdca5e6419afbcd93bf8c6e4b3fa76924d4ad7175977535f0963
FreeBSD Security Advisory FreeBSD-SA-01:37.slrn - The slrn port, versions prior to slrn-0.9.7.0, contains a buffer overflow in the wrapping/unwrapping functions of message header parsing. If a sufficiently long header is parsed, a buffer may overflow allowing the execution of arbitrary code contained in a message header as the user running the slrn program.
10eadabec9a8b1d16ad4939869c7126222596ddd4abf6d163d490a36532df582
FreeBSD Security Advisory FreeBSD-SA-01:36.samba - The samba ports, versions prior to samba-2.0.8 and samba-devel-2.2.0, contain /tmp races that may allow local users to cause arbitrary files and devices to be overwritten. Due to easily predictable printer queue cache file names, local users may create symbolic links to any file or device causing it to be corrupted when a remote user accesses a printer. In addition, the file will be left with world writable permission allowing any user to enter their own data.
83fe638951363ccd0063fc9691856f2ac00bfa75e1104a56acf4148f8d68d5c3
FreeBSD Security Advisory FreeBSD-SA-01:35.licq - The licq port, versions prior to 1.0.3, contains a vulnerability in URL parsing. URLs received by the licq program are passed to the web browser using the system() function. Since licq performs no sanity checking, a remote attacker will be able to pipe commands contained in the URL causing the client to execute arbitrary commands.
aaa396a811cf768bab9589ce4c8251c23bc9dac97e476c3e35b94efa6a51e522
FreeBSD Security Advisory FreeBSD-SA-01:34 - The hylafax port, versions prior to hylafax-4.1.b2_2, contains a format string bug in the hfaxd program. A local user may execute the hfaxd program with command-line arguments containing format string characters, gaining root privileges on the local system.
e2e3043bd622200fe9ab2ce74472e03447529ab973b612d2bc4f89be0afbfad5
FreeBSD Security Advisory FreeBSD-SA-01:33 - The glob() function contains buffer overflows that are exploitable through the FTP daemon. If a directory with a name of a certain length is present, a remote user specifying a pathname using globbing characters may cause arbitrary code to be executed on the FTP server as user running ftpd, usually root. Additionally, when given a path containing numerous globbing characters, the glob() functions may consume significant system resources when expanding the path. This can be controlled by setting user limits via /etc/login.conf and setting limits on globbing expansion.
8aea5ad4592fa0042500e15dc47d91bc6db21f66c3891d0fd68df72d09b94fe3
FreeBSD Security Advisory FreeBSD-SA-01:32.ipfilter - When matching a packet fragment, insufficient checks were performed to ensure the fragment is valid. In addition, the fragment cache is checked before any rules are checked. Even if all fragments are blocked with a rule, fragment cache entries can be created by packets that match currently held state information. Because of these discrepancies, certain packets may bypass filtering rules. All versions of FreeBSD prior to the correction date, including FreeBSD 3.5.1 and 4.2, contain this problem.
676d7b34644214514010b70aa759e96c9a540b745e87d5da8d0d7e0854b95fb7
FreeBSD Security Advisory FreeBSD-SA-01:31.ntpd - An overflowable buffer exists in the ntpd daemon related to the building of a response for a query with a large readvar argument. Due to insufficient bounds checking, a remote attacker may be able to cause arbitrary code to be executed as the user running the ntpd daemon, usually root. All versions of FreeBSD prior to the correction date, including FreeBSD 3.5.1 and 4.2, and versions of the ntpd port prior to ntp-4.0.99k_2 contain this problem.
db62a64df5fc4a1f4b35e133e3e769d11a44d1101cdb9842fc7edcb3682a6e2c
FreeBSD Security Advisory FreeBSD-SA-01:30.ufs-ext2fs - A bug in the UFS filesystem allows users to obtain access to areas of the filesystem containing data from deleted files. The filesystem code is supposed to ensure that all filesystem blocks are zeroed before becoming available to user processes, but in a certain specific case this zeroing does not occur, and unzeroed blocks are passed to the user with their previous contents intact. Thus, if the block contains data which used to be part of a file or directory to which the user did not have access, the operation results in unauthorized access of data.
28062553c3721f91be4f08810986bf91bc9a87a82efa87d05c91000b3619552c
FreeBSD Security Advisory FreeBSD-SA-01:29.rwhod - Malformed packets sent to the rwhod daemon via UDP port 513 could cause it to crash, thereby denying service to clients.
d0e5626fc0a114aca4d206ed884b059d29eb84f5db39bad6f452ffdbbdb3ec07
FreeBSD Security Advisory FreeBSD-SA-01:28 - Malformed packets sent to the timed daemon on UDP port 525 could cause it to crash, thereby denying service to clients.
4b53ee36f6fd34c4b54d687a1dac18792fc95ea30d370ff8f2d80275bbbe55ff
FreeBSD Security Advisory FreeBSD-SA-01:27 - The cfengine port, versions prior to 1.6.1, contained several format string vulnerabilities which allow a remote attacker to execute arbitrary code on the local system as the user running cfengine, usually user root.
a7f47cec624617cb484ffc0d9e3ccf954f580bd00348310894bd1aac303a4cd2
FreeBSD Security Advisory FreeBSD-SA-01:26 - The interbase port has a hard coded backdoor which has full read and write access to databases stored on the server, and also gives the ability to write to arbitrary files on the server as the user running the interbase server (usually user root). Remote attackers may connect to the database on TCP port 3050.
a541aa5579236a77051e5dcbc2246ce72182fdea0f95eaace89c3acbd18ad1ef
FreeBSD Security Advisory FreeBSD-SA-01:23 - The icecast port, versions prior to 1.3.7_1, contains multiple format string vulnerabilities, which allow a remote attacker to execute arbitrary code as the user running icecast, usually the root user.
e32a64dc0b3ab0cbabbdccc9b1c5ab6d87888e20dac4061a5944907543de4e36
FreeBSD Security Advisory FreeBSD-SA-01:25 - Systems which have installed the optional Kerberos IV distribution are vulnerable to attacks via the telnet daemon due to an overflow in the libkrb KerberosIV authentication library and improper filtering of environmental variables by the KerberosIV-adapted telnet daemon.
f9a7aa773a778f96ba38dd1ff4ca14f8f41dbeeb995305ea23832d652efb4616
FreeBSD Security Advisory FreeBSD-SA-01:24 - OpenSSH prior to v2.3.0p1 contains remote vulnerabilities.
c8d01ec11d4656a2768dbc2a418fdabf47ce3f917951c88bacd99e7807798064
FreeBSD Security Advisory FreeBSD-SA-01:22 - The dc20ctrl port, versions prior to 0.4_1, contains a locally exploitable buffer overflow. Because the dc20ctrl program is also setgid dialer, unprivileged local users may gain gid dialer on the local system. This may allow the users to gain unauthorized access to the serial port devices.
0b247d5f97114dcbe7da125fd3e8270ef6b0e8f6fe5c722c4ea4d9364d807536