what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 190 RSS Feed

Files from The FreeBSD Project

Email addresssecurity at freebsd.org
First Active2000-04-11
Last Active2006-10-04
FreeBSD Security Advisory 2001.21
Posted Feb 12, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:21 - The ja-elvis and ko-helvis ports, versions prior to ja-elvis-1.8.4_1 and ko-helvis-1.8h2_1, contain an exploitable buffer overflow in the elvrec utility. Because elvrec is setuid root, unprivileged local users may gain root privileges on the local system.

tags | overflow, local, root
systems | freebsd
SHA-256 | 1a869b62905af8904b8403041846cf5d771ff31293af4c383220241db9779734
FreeBSD Security Advisory 2001.20
Posted Feb 12, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:20 - The mars_nwe port, versions prior to 0.99.b19_1, contains a remote format string vulnerability. Because of this vulnerability, a malicious remote user sending specially-crafted packets may be able to execute arbitrary code on the local system, gaining root access.

tags | remote, arbitrary, local, root
systems | freebsd
SHA-256 | 82dc603952f8799c8d452e6428abd2aef95221b5e642ce2ef35c1ff993c0c960
FreeBSD Security Advisory 2001.19
Posted Feb 12, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:19 - The ja-xklock port, versions 2.7.1 and earlier, contains an exploitable buffer overflow. Because the xklock program is also setuid root, unprivileged local users may gain root privileges on the local system.

tags | overflow, local, root
systems | freebsd
SHA-256 | 3c6cd6aa00e8cf396936b0c72ab70929ad0b9c020f6adcef73f20aabb1587858
FreeBSD Security Advisory 2001.11
Posted Feb 12, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:11 - The ident server included with FreeBSD inetd contains a vulnerability which allows remote users to read the first 16 bytes of files which are accessible by group wheel. The inetd internal ident server is not enabled by default - if you have not enabled the ident portion of inetd, you are not vulnerable.

tags | remote
systems | freebsd
SHA-256 | 6273536180124ce566ee041fbe174c87037903e5135ad44363d389827459892e
FreeBSD Security Advisory 2001.8
Posted Feb 12, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:08 - A vulnerability in ipfw and ip6fw allows bypassing of firewalls which make use of the 'established' qualifier, such as "allow tcp from any to any established". Due to overloading of the TCP reserved flags field, ipfw incorrectly treats all TCP packets with the ECE flag set as being part of an established TCP connection, which will therefore match a corresponding ipfw rule containing the 'established' qualifier, even if the packet is not part of an established connection. The ECE flag is part of an experimental extension to TCP. At least one other major operating system will emit TCP packets with the ECE flag set under certain operating conditions. All released versions of FreeBSD prior to the correction date including FreeBSD 3.5.1 and FreeBSD 4.2 are vulnerable.

tags | tcp
systems | freebsd
SHA-256 | a86476e1628aed06b3b85bb5a0723201799197b19fa72a9457265207364bde18
FreeBSD Security Advisory 2001.10
Posted Feb 12, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:10 - A vulnerability exists with the bind nameserver prior to v8.2.3-REL which allows remote attackers to execute arbitrary code as root.

tags | remote, arbitrary, root
systems | freebsd
SHA-256 | d045fe7d70cc4c35244fc03cf6f26e6408e42a804a5cb6915ef7e3e3aa2fa584
FreeBSD Security Advisory 2001.18
Posted Feb 1, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:18 - An overflowable buffer related to the processing of transaction signatures (TSIG) exists in all versions of BIND prior to 8.2.3-RELEASE. The vulnerability is exploitable regardless of configuration options and affects both recursive and non-recursive DNS servers.

tags | overflow
systems | freebsd
SHA-256 | 5e91111bb54539b59b65f448d0e27bdf893cd206dcbc161e9c6cb098614fea12
FreeBSD Security Advisory 2001.17
Posted Feb 1, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:17 - The exmh2 port, versions prior to 2.3.1, contains a local temp file vulnerability at startup.

tags | local
systems | freebsd
SHA-256 | 96e5fe291b7642d9f29512df60460e31d894dace776d62f0a211213e29fe1b65
FreeBSD Security Advisory 2001.16
Posted Feb 1, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:16 - The mysql323-server port, versions prior to 3.23.22, and all mysql322-server ports contain remote vulnerabilities. Due to a buffer overflow, a malicious remote user can access to all databases and have the ability to leverage other local attacks as the mysqld user.

tags | remote, overflow, local, vulnerability
systems | freebsd
SHA-256 | 5042f4f9576393ff5bc422e393f0fbdaa672752e9ceb13bc6bcfd9a7faf4f68f
FreeBSD Security Advisory 2001.15
Posted Feb 1, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:15 - The tinyproxy port, versions prior to 1.3.3a, contains remote vulnerabilities: due to a heap overflow, malicious remote users can cause arbitrary code to be executed as the user running tinyproxy.

tags | remote, overflow, arbitrary, vulnerability
systems | freebsd
SHA-256 | 8ab124d8f193e2fd06bc0b8a238ccead0da8be819e9e440d63812f0b175b987f
FreeBSD Security Advisory 2001.14
Posted Feb 1, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:14 - The micq port, versions prior to 0.4.6.1, contains a remote vulnerability: due to a buffer overflow, a malicious remote user sending specially-crafted packets may be able to execute arbitrary code on the local system with the privileges of the micq process.

tags | remote, overflow, arbitrary, local
systems | freebsd
SHA-256 | 691e5322ca5bbc8ac5680820e80dcfdccf4028b1db7857e4b583b367041adc19
FreeBSD Security Advisory 2001.7
Posted Feb 1, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:07 - The XFree86-3.3.6 port, versions prior to 3.3.6_1, has multiple vulnerabilities that may allow local or remote users to cause a denial of service attack against a vulnerable X server. Additionally, local users can often obtain elevated privileges. A malformed packet to TCP port 6000 causes the X server to freeze for several minutes. Due to various coding flaws in libX11, privileged programs linked against libX11 allow local users to obtain privileged access. In addition, any application using libICE to listen on a network port can be crashed due to inadequate bounds checking in libICE.

tags | remote, denial of service, local, tcp, vulnerability
systems | freebsd
SHA-256 | f38b8c5e38dd0bfd7f6a70b76bcfecc7bdd44b20ce9d030ccf9afb74f2db810d
FreeBSD Security Advisory 2001.13
Posted Jan 31, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:13 - Sort(1), a program to sort text, can be caused to stop working by local users if they guess the next tempfile name it will attempt to use. This failure mode could be used to hide the reporting of malicious activity which would otherwise be detected by a management script.

tags | local
systems | freebsd
SHA-256 | f27123c1c0d7f9965ffff38440fd54b4765fb3f9ce14c6f3405e7df2e5c553d0
FreeBSD Security Advisory 2001.12
Posted Jan 31, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:12 - Periodic, a program to run periodic system functions, uses tempfiles insecurely. This allows a malicious local user to cause arbitrary files on the system to be corrupted. In a default state, periodic is normally called by cron for daily, weekly, and monthly maintenance. Because these scripts run as root, an attacker may potentially corrupt any file on the system.

tags | arbitrary, local, root
systems | freebsd
SHA-256 | cb1de316c63cb25e3c459dc1c739fa6f0a501909fda822bda9a9102eb8664fe2
FreeBSD Security Advisory 2001.9
Posted Jan 26, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:09 - Crontab contains a vulnerability which allows local users to read any file on the system which conforms to a valid cron syntax. This allows other users crontab files to be read, in addition to any file which has every line commented out.

tags | local
systems | freebsd
SHA-256 | fd92735a188ed65d858f555a094b40c039f37116c9cb3dd904afe640d0b04a59
FreeBSD Security Advisory 2001.6
Posted Jan 17, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:06.zope - The zope port, versions prior to 2.2.4, contains a vulnerability due to the computation of local roles not climbing the correct hierarchy of folders, sometimes granting local roles inappropriately. This may allow users with privileges in one folder to gain the same privileges in another folder.

tags | local
systems | freebsd
SHA-256 | b323c62c5b987d5e6e0211ddab3b764ef17b36e4ccbbc9734c6b7feb96bad1cc
FreeBSD Security Advisory 2001.5
Posted Jan 17, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:05.stunnel - The stunnel port, versions prior to 3.9, contains a vulnerability which could allow remote compromise. When debugging is turned on (using the -d 7 option), stunnel will perform identd queries of remote connections, and the username returned by the remote identd server is written to the log file. Due to incorrect usage of syslog(), a malicious remote user who can manipulate their identd username can take advantage of string-formatting operators to execute arbitrary code on the local system as the user running stunnel, often the root user.

tags | remote, arbitrary, local, root
systems | freebsd
SHA-256 | b91d2a7a3e13a492ee77077982de8a0b0f376d4227f75cdabafa301dbda8341c
FreeBSD Security Advisory 2001.4
Posted Jan 17, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:04.joe - The joe port, versions prior to 2.8_2, contains a local temp file bug if it exits abnormally.

tags | local
systems | freebsd
SHA-256 | 00037be4e0d1c766ed432a8316c8e6314298518eaca35c21ca04875b1ec242c0
FreeBSD Security Advisory 2001.3
Posted Jan 17, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:03.bash1 - Bash creates insecure tempfiles when the double-lessthan operator is used.

tags | bash
systems | freebsd
SHA-256 | cf90bc27e3206126c4f7c687bfa745ad6079111fcfcab7d99c48ae462d0b3398
FreeBSD Security Advisory 2001.2
Posted Jan 17, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:02.syslog-ng - Syslog-ng prior to v1.4.9 contains a remote denial of service vulnerability due to incorrect log parsing.

tags | remote, denial of service
systems | freebsd
SHA-256 | 4420927e1983a6c3b82261c6912b27b74876d93576c2fcdc9403ffa6f98dd025
FreeBSD Security Advisory 2001.1
Posted Jan 17, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:01.openssh - OpenSSH clients still allow X11 / Agent forwarding even if it is disabled, allowing hostile SSH servers can access your X11 display or your ssh-agent when connected to.

systems | freebsd
SHA-256 | e3c07c256493482277a2b91f16fa873dd1a3572e056cf3a6c3f8522e67ea340f
FreeBSD Security Advisory 2000.77
Posted Jan 1, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory - Three problems affect the /proc filesystem on FreeBSD. The first allows unprivileged local users can gain superuser privileges due to insufficient access control checks on the /proc//ctl files, which gives access to a process address space and perform various control operations on the process respectively. The second allows local users to deny service to a machine by mmap()ing a processes own /proc//mem file in the procfs filesystem. The third allows users with superuser privileges on the machine, including users with root privilege in a jail(8) virtual machine, to overflow a buffer in the kernel and bypass access control checks placed on the abilities of the superuser. This allows root users to break out of the jail environment, lower the securelevel, and load modules in kernels where module loading has been disabled.

tags | overflow, kernel, local, root
systems | freebsd
SHA-256 | 1be1e19e18220a02b70cfb8ea9e3cbd761ff6f228fe93d6cbd2e541f870d4df1
FreeBSD Security Advisory 2000.78
Posted Jan 1, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory - The BitchX port, versions prior to 1.0c17_1, contains a remote vulnerability. Through a stack overflow in the DNS parsing code, a malicious remote user in control of their reverse DNS records may crash a BitchX session, or cause arbitrary code to be executed by the user running BitchX.

tags | remote, overflow, arbitrary
systems | freebsd
SHA-256 | 716fb15322642749f5eca910e3091b28b14df85543d8631e488adbb658af1d9e
FreeBSD Security Advisory 2000.81
Posted Dec 21, 2000
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory - The ethereal port, versions prior to 0.8.14, contains buffer overflows which allow a remote attacker to crash ethereal or execute arbitrary code on the local system as the user running ethereal, typically the root user. These vulnerabilities are identical to those described in advisory 00:61 relating to tcpdump.

tags | remote, overflow, arbitrary, local, root, vulnerability
systems | freebsd
SHA-256 | 828d9cfad5c76c7fc333df6b49ded0d2f3b1ea88ab3e81fd1bddf8577f739383
FreeBSD Security Advisory 2000.80
Posted Dec 21, 2000
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory - The halflifeserver port, versions prior to 3.1.0.4, contains local and remote vulnerabilities through buffer overflows and format string vulnerabilities which allow remote users to execute arbitrary code as the user running halflifeserver.

tags | remote, overflow, arbitrary, local, vulnerability
systems | freebsd
SHA-256 | 27876be2ead88fd843b314f7f73a541d4c1743b24d63ebd0aa8adc22052508b3
Page 5 of 8
Back34567Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close