FreeBSD Security Advisory FreeBSD-SA-01:21 - The ja-elvis and ko-helvis ports, versions prior to ja-elvis-1.8.4_1 and ko-helvis-1.8h2_1, contain an exploitable buffer overflow in the elvrec utility. Because elvrec is setuid root, unprivileged local users may gain root privileges on the local system.
1a869b62905af8904b8403041846cf5d771ff31293af4c383220241db9779734
FreeBSD Security Advisory FreeBSD-SA-01:20 - The mars_nwe port, versions prior to 0.99.b19_1, contains a remote format string vulnerability. Because of this vulnerability, a malicious remote user sending specially-crafted packets may be able to execute arbitrary code on the local system, gaining root access.
82dc603952f8799c8d452e6428abd2aef95221b5e642ce2ef35c1ff993c0c960
FreeBSD Security Advisory FreeBSD-SA-01:19 - The ja-xklock port, versions 2.7.1 and earlier, contains an exploitable buffer overflow. Because the xklock program is also setuid root, unprivileged local users may gain root privileges on the local system.
3c6cd6aa00e8cf396936b0c72ab70929ad0b9c020f6adcef73f20aabb1587858
FreeBSD Security Advisory FreeBSD-SA-01:11 - The ident server included with FreeBSD inetd contains a vulnerability which allows remote users to read the first 16 bytes of files which are accessible by group wheel. The inetd internal ident server is not enabled by default - if you have not enabled the ident portion of inetd, you are not vulnerable.
6273536180124ce566ee041fbe174c87037903e5135ad44363d389827459892e
FreeBSD Security Advisory FreeBSD-SA-01:08 - A vulnerability in ipfw and ip6fw allows bypassing of firewalls which make use of the 'established' qualifier, such as "allow tcp from any to any established". Due to overloading of the TCP reserved flags field, ipfw incorrectly treats all TCP packets with the ECE flag set as being part of an established TCP connection, which will therefore match a corresponding ipfw rule containing the 'established' qualifier, even if the packet is not part of an established connection. The ECE flag is part of an experimental extension to TCP. At least one other major operating system will emit TCP packets with the ECE flag set under certain operating conditions. All released versions of FreeBSD prior to the correction date including FreeBSD 3.5.1 and FreeBSD 4.2 are vulnerable.
a86476e1628aed06b3b85bb5a0723201799197b19fa72a9457265207364bde18
FreeBSD Security Advisory FreeBSD-SA-01:10 - A vulnerability exists with the bind nameserver prior to v8.2.3-REL which allows remote attackers to execute arbitrary code as root.
d045fe7d70cc4c35244fc03cf6f26e6408e42a804a5cb6915ef7e3e3aa2fa584
FreeBSD Security Advisory FreeBSD-SA-01:18 - An overflowable buffer related to the processing of transaction signatures (TSIG) exists in all versions of BIND prior to 8.2.3-RELEASE. The vulnerability is exploitable regardless of configuration options and affects both recursive and non-recursive DNS servers.
5e91111bb54539b59b65f448d0e27bdf893cd206dcbc161e9c6cb098614fea12
FreeBSD Security Advisory FreeBSD-SA-01:17 - The exmh2 port, versions prior to 2.3.1, contains a local temp file vulnerability at startup.
96e5fe291b7642d9f29512df60460e31d894dace776d62f0a211213e29fe1b65
FreeBSD Security Advisory FreeBSD-SA-01:16 - The mysql323-server port, versions prior to 3.23.22, and all mysql322-server ports contain remote vulnerabilities. Due to a buffer overflow, a malicious remote user can access to all databases and have the ability to leverage other local attacks as the mysqld user.
5042f4f9576393ff5bc422e393f0fbdaa672752e9ceb13bc6bcfd9a7faf4f68f
FreeBSD Security Advisory FreeBSD-SA-01:15 - The tinyproxy port, versions prior to 1.3.3a, contains remote vulnerabilities: due to a heap overflow, malicious remote users can cause arbitrary code to be executed as the user running tinyproxy.
8ab124d8f193e2fd06bc0b8a238ccead0da8be819e9e440d63812f0b175b987f
FreeBSD Security Advisory FreeBSD-SA-01:14 - The micq port, versions prior to 0.4.6.1, contains a remote vulnerability: due to a buffer overflow, a malicious remote user sending specially-crafted packets may be able to execute arbitrary code on the local system with the privileges of the micq process.
691e5322ca5bbc8ac5680820e80dcfdccf4028b1db7857e4b583b367041adc19
FreeBSD Security Advisory FreeBSD-SA-01:07 - The XFree86-3.3.6 port, versions prior to 3.3.6_1, has multiple vulnerabilities that may allow local or remote users to cause a denial of service attack against a vulnerable X server. Additionally, local users can often obtain elevated privileges. A malformed packet to TCP port 6000 causes the X server to freeze for several minutes. Due to various coding flaws in libX11, privileged programs linked against libX11 allow local users to obtain privileged access. In addition, any application using libICE to listen on a network port can be crashed due to inadequate bounds checking in libICE.
f38b8c5e38dd0bfd7f6a70b76bcfecc7bdd44b20ce9d030ccf9afb74f2db810d
FreeBSD Security Advisory FreeBSD-SA-01:13 - Sort(1), a program to sort text, can be caused to stop working by local users if they guess the next tempfile name it will attempt to use. This failure mode could be used to hide the reporting of malicious activity which would otherwise be detected by a management script.
f27123c1c0d7f9965ffff38440fd54b4765fb3f9ce14c6f3405e7df2e5c553d0
FreeBSD Security Advisory FreeBSD-SA-01:12 - Periodic, a program to run periodic system functions, uses tempfiles insecurely. This allows a malicious local user to cause arbitrary files on the system to be corrupted. In a default state, periodic is normally called by cron for daily, weekly, and monthly maintenance. Because these scripts run as root, an attacker may potentially corrupt any file on the system.
cb1de316c63cb25e3c459dc1c739fa6f0a501909fda822bda9a9102eb8664fe2
FreeBSD Security Advisory FreeBSD-SA-01:09 - Crontab contains a vulnerability which allows local users to read any file on the system which conforms to a valid cron syntax. This allows other users crontab files to be read, in addition to any file which has every line commented out.
fd92735a188ed65d858f555a094b40c039f37116c9cb3dd904afe640d0b04a59
FreeBSD Security Advisory FreeBSD-SA-01:06.zope - The zope port, versions prior to 2.2.4, contains a vulnerability due to the computation of local roles not climbing the correct hierarchy of folders, sometimes granting local roles inappropriately. This may allow users with privileges in one folder to gain the same privileges in another folder.
b323c62c5b987d5e6e0211ddab3b764ef17b36e4ccbbc9734c6b7feb96bad1cc
FreeBSD Security Advisory FreeBSD-SA-01:05.stunnel - The stunnel port, versions prior to 3.9, contains a vulnerability which could allow remote compromise. When debugging is turned on (using the -d 7 option), stunnel will perform identd queries of remote connections, and the username returned by the remote identd server is written to the log file. Due to incorrect usage of syslog(), a malicious remote user who can manipulate their identd username can take advantage of string-formatting operators to execute arbitrary code on the local system as the user running stunnel, often the root user.
b91d2a7a3e13a492ee77077982de8a0b0f376d4227f75cdabafa301dbda8341c
FreeBSD Security Advisory FreeBSD-SA-01:04.joe - The joe port, versions prior to 2.8_2, contains a local temp file bug if it exits abnormally.
00037be4e0d1c766ed432a8316c8e6314298518eaca35c21ca04875b1ec242c0
FreeBSD Security Advisory FreeBSD-SA-01:03.bash1 - Bash creates insecure tempfiles when the double-lessthan operator is used.
cf90bc27e3206126c4f7c687bfa745ad6079111fcfcab7d99c48ae462d0b3398
FreeBSD Security Advisory FreeBSD-SA-01:02.syslog-ng - Syslog-ng prior to v1.4.9 contains a remote denial of service vulnerability due to incorrect log parsing.
4420927e1983a6c3b82261c6912b27b74876d93576c2fcdc9403ffa6f98dd025
FreeBSD Security Advisory FreeBSD-SA-01:01.openssh - OpenSSH clients still allow X11 / Agent forwarding even if it is disabled, allowing hostile SSH servers can access your X11 display or your ssh-agent when connected to.
e3c07c256493482277a2b91f16fa873dd1a3572e056cf3a6c3f8522e67ea340f
FreeBSD Security Advisory - Three problems affect the /proc filesystem on FreeBSD. The first allows unprivileged local users can gain superuser privileges due to insufficient access control checks on the /proc//ctl files, which gives access to a process address space and perform various control operations on the process respectively. The second allows local users to deny service to a machine by mmap()ing a processes own /proc//mem file in the procfs filesystem. The third allows users with superuser privileges on the machine, including users with root privilege in a jail(8) virtual machine, to overflow a buffer in the kernel and bypass access control checks placed on the abilities of the superuser. This allows root users to break out of the jail environment, lower the securelevel, and load modules in kernels where module loading has been disabled.
1be1e19e18220a02b70cfb8ea9e3cbd761ff6f228fe93d6cbd2e541f870d4df1
FreeBSD Security Advisory - The BitchX port, versions prior to 1.0c17_1, contains a remote vulnerability. Through a stack overflow in the DNS parsing code, a malicious remote user in control of their reverse DNS records may crash a BitchX session, or cause arbitrary code to be executed by the user running BitchX.
716fb15322642749f5eca910e3091b28b14df85543d8631e488adbb658af1d9e
FreeBSD Security Advisory - The ethereal port, versions prior to 0.8.14, contains buffer overflows which allow a remote attacker to crash ethereal or execute arbitrary code on the local system as the user running ethereal, typically the root user. These vulnerabilities are identical to those described in advisory 00:61 relating to tcpdump.
828d9cfad5c76c7fc333df6b49ded0d2f3b1ea88ab3e81fd1bddf8577f739383
FreeBSD Security Advisory - The halflifeserver port, versions prior to 3.1.0.4, contains local and remote vulnerabilities through buffer overflows and format string vulnerabilities which allow remote users to execute arbitrary code as the user running halflifeserver.
27876be2ead88fd843b314f7f73a541d4c1743b24d63ebd0aa8adc22052508b3