FreeBSD Security Advisory - The oops port, versions prior to 1.5.2, contains remote vulnerabilities through buffer and stack overflows in the HTML parsing code. These vulnerabilities may allow remote users to execute arbitrary code as the user running oops.
6b5297110c94a870cd6dd4a7328fcc42fc3c830171f96973fba0b7a54701dd6aFreeBSD Security Advisory FreeBSD-SA-00:76 - The csh and tcsh code creates temporary files when the double less than operator is used, however these are created insecurely and use a predictable filename based on the process ID of the shell. An attacker can exploit this vulnerability to overwrite an arbitrary file writable by the user running the shell. The contents of the file are overwritten with the text being entered using the double less than operator, so it will usually not be under the control of the attacker, limiting the scope of this vulnerability to denial of service.
be8f6c3e160a0ea83173f5e5486851ebfb012f33ef4d42e7b67502790ec59fc2FreeBSD Security Advisory - The ncurses library, which comes with the base install of FreeBSD, contains exploitable buffer overflows. /usr/sbin/lpc, /usr/bin/top, and /usr/bin/systat link against ncurses and may be exploitable.
6e2f643e0e68e2fe8e83e3707adb527bf755e474093377e4e504f6b2a2f21ed4FreeBSD Security Advisory FreeBSD-SA-00:69 - A denial of service attack in telnetd has been found. When changing the TERMCAP environment variable, it can be tricked into searching for termcap entries in any file on the system, taking up CPU resources. A valid account is not required.
c10b2eda2360930b488077073a58a118e5d945a59df23d21ef8f67775aa6fb3cFreeBSD Security Advisory FreeBSD-SA-00:75 - The mod_php ports, versions prior to 3.0.17 (mod_php3) and 4.0.3 (mod_php4), contain a potential vulnerability that may allow a malicious remote user to execute arbitrary code as the user running the web server, typically user 'nobody'. The vulnerability is due to a format string vulnerability in the error logging routines. A web server is vulnerable if error logging is enabled in php.ini. Additionally, individual php scripts may cause the web server to be vulnerable if the script uses the syslog() php function regardless of error logging in php.ini.
6208a915ee52a59e988f0b678651fb6acdef1d0677c5b028ebdf9315a9ff99feFreeBSD Security Advisory FreeBSD-SA-00:73 - The thttpd port, versions prior to 2.20, allows remote viewing of arbitrary files on the local server. The 'ssi' cgi script does not correctly restrict URL-encoded requests containing ".." in the path. In addition, the cgi script does not have the same restrictions as the web server for preventing requests outside of the web root. These two flaws allow remote users to access any file on the system accessible to the web server user (user 'nobody' in the default configuration).
1210c9a3793c9fb08ef4e606ba72b7bca4134f0c2984df6629ecd32948baebf5FreeBSD Security Advisory FreeBSD-SA-00:73 - The curl port, versions prior to 7.4.1, allows a client-side exploit through a buffer overflow in the error handling code. A malicious ftp server operator can cause arbitrary code to be executed by the user running the curl client.
46fd9282ad36acaec6a207f12d372b71771bbb5250c4d02f53c4ebeeef664a3fFreeBSD Security Advisory FreeBSD-SA-00:71 - The mgetty port, versions prior to 1.1.22.8.17, contains a vulnerability that may allow local users to create or overwrite any file on the system. This is due to the faxrunqd daemon (which usually runs as root) following symbolic links when creating a .last_run file in the world-writable /var/spool/fax/outgoing/ directory. This presents a denial of service attack since the attacker can cause critical system files to be overwritten, but it is not believed the attacker has the ability to control the contents of the overwritten file. Therefore the possibility of using this attack to elevate privileges is believed to be minimal.
7148bbf5711dfeabe1b1da003e0c40816ea594618c43fc3f0851614fb702aacbFreeBSD Security Advisory FreeBSD-SA-00:70 - The firewall deny feature in ppp(8) is broken in recent releases, accidently accepting all packets. Thus, users who are using the deny_incoming functionality in the expectation that it provides a "deny by default" firewall which only allows through packets known to be part of an existing NAT session, are in fact allowing other types of unsolicited IP traffic into their internal network.
bf75016fdfea8f24b3b567d3785ad4b397a9101963c3f7d83f7f046f2f3ed3b3FreeBSD Security Advisory FreeBSD-SA-00:67 - Versions of gnupg prior to 1.04 fail to correctly verify multiple signatures contained in a single document. Only the first signature encountered is actually verified, meaning that other data with invalid signatures (e.g. data which has been tampered with by an attacker) will not be verified, and the entire document will be treated as having valid signatures.
a79ef9d112b3f21955d63e09eb31c1dc6abb17aee2ef031519b559057f4f28efFreeBSD Security Advisory FreeBSD-SA-00:66 - Versions of netscape prior to 4.76 allow a client-side exploit through a buffer overflow in html code. A malicious website operator can cause arbitrary code to be executed by the user running the netscape client.
6e9f7a6e9855d353e35c969e55788ff9775ac88de6c8f9af94a3ee99a703e079FreeBSD Security Advisory FreeBSD-SA-00:65 - Xfce, a window manager for X from the ports collection, contains vulnerabilities which allows local users to access the X display, allowing them to monitor and control the contents of the display window as well as recording keyboard input.
9178d7e504e662994503094e70da1fc45a56dfbeed221d4ca64f88ce7ed52d6eFreeBSD Security Advisory FreeBSD-SA-00:64 - The global port, versions 3.5 through to 3.55, contains a vulnerability in the CGI script generated by the htags utility which allows a remote attacker to execute code on the local system as the user running the script, typically user nobody.
93f76f28b9aef63615b9bb7cffca7c24d985c7fb7fc351fa967890f84f92bce5FreeBSD Security Advisory FreeBSD-SA-00:62 - A "format string vulnerability" was discovered in the top(1) utility which allows unprivileged local users to cause the top process to execute arbitrary code. The top utility runs with increased privileges as a member of the kmem group, which allows it to read from kernel memory (but not write to it). A process with the ability to read from kernel memory can monitor privileged data such as network traffic, disk buffers and terminal activity, and may be able to leverage this to obtain further privileges on the local system or on other systems, including root privileges.
3ab0f4e33fa035dd7ca77ba44a7c739bf0d6f61c7187b1137d96f61e64211fe6FreeBSD Security Advisory FreeBSD-SA-00:61 - Several overflowable buffers were discovered in the version of tcpdump included in FreeBSD, including one in the decoding of AFS ACL packets in the more recent version of tcpdump (v 3.5) which allows a a remote attacker to execute arbitrary code on the local system as root.
706d94c7c7504e53be34d78ef142332aa19f0db9244abff13bb31abd555e9e33FreeBSD Security Advisory FreeBSD-SA-00:63 - Remote users may be able to cause a very small class of network servers to terminate abnormally, causing a denial of service condition. None of the standard services are affected, and the attacker needs to have control of the nameserver.
cb98eeef570862c807d9d6db07a8469d640640c07c812d5a8b510cbd09fbfc65FreeBSD Security Advisory FreeBSD-SA-00:60 - The boa port, versions after 0.92 but prior to 0.94.8.3, contains a vulnerability which allows remote users to view arbitrary files outside the document root, because it did not correctly restrict URL-encoded requests containing ".." in the path. In addition, if CGI support is enabled, a request for any file ending in .cgi will result in the file being executed with the privileges of the user id running the web server, allowing untrusted binary execution.
62dc6503a4f7104ca90055b77c10f1e33e686c834aef01bda51f317de99c4cb4FreeBSD Security Advisory - The pine4 port, versions 4.21 and before, contains a buffer overflow vulnerability which allows a remote user to execute arbitrary code on the local client by the sending of a special-crafted email message. The overflow occurs during the periodic "new mail" checking of an open folder.
22f95fa5a1bb94352d57dbff940db325531e61a409d28dea0615f9726b8a7e94FreeBSD Security Advisory FreeBSD-SA-00:58 - Passwd, chfn, chpass, chsh, ypchfn, ypchpass, and ypchsh are suid root utilities for changing account information. Format string buffer overflow vulnerabilities have been found in code shared by these commands which allows local users to obtain root access.
0239919c44b289f0c7136f858a10eef64a286094e512d74b2268e52d62481e96FreeBSD Security Advisory FreeBSD-SA-00:57 - The muh port, an IRC bouncer, versions 2.05c and below contains a vulnerability which allows remote users to gain the privileges of the user running muh. This is accomplished by sending a carefully crafted exploit string containing string format operators to a user using muh but who is not connected. When the user reconnects and executes '/muh read', muh will allow the remote attacker to execute arbitrary code as the local user.
8f36eb60edcb01ea36fa29e159e50ecf301ee4326c181259fc41a4249d047569FreeBSD Security Advisory FreeBSD-SA-00:56 - The LPRng port, versions prior to 3.6.24, contains a vulnerability in syslog() which allows remote and local root compromise.
383a13988913ece81c3d550a90cc2d095ebcae22e3dc9547ad51506fae541281FreeBSD Security Advisory FreeBSD-SA-00:55 - The xpdf port, a PDF viewer for X, contains a race condition which allows local users to overwrite arbitrary files as the user running xpdf. Additionally no shell metacharacter checking is done when visiting URLs.
fffc0e765e6068b8f2afe53e82d8918165e1e3bcbe5fa3d10ea50b7380a44a68FreeBSD Security Advisory FreeBSD-SA-00:54 - Shortly before the release of FreeBSD 4.1.1, code was added to finger(1) intended to allow the utility to send the contents of administrator-specified files in response to a finger request. However the code incorrectly allowed users to specify a filename directly, the contents of which would be returned to the user.
4b5af2dc80b56a25748f70615e7b9bee970529fb40be4967c4a47cf39c2e6d1eFreeBSD Security Advisory FreeBSD-SA-00:52 - FreeBSD has a predictable initial sequence number and is vulnerable to a TCP sequence number prediction attack. Programs which rely solely on IP address authentication such as rsh/rlogin and lpr are potentially exploitable.
109102cf876ef28915ebd1497ee8eb6bfb6a0ceedc7637fcfc39f58e3d962f95FreeBSD Security Advisory - catopen() may pose security risk for third party code. The catopen() function did not correctly bounds-check an internal buffer which could be indirectly overflowed by the setting of an environment variable. A privileged application which uses catopen() could be made to execute arbitrary code by an unprivileged local user. The catopen() and setlocale() functions could be made to use an arbitrary file as the source for localized data and message catalogs, instead of one of the system files. An attacker could create a file which is a valid locale file or message catalog but which contains special formatting characters which may allow certain badly written privileged applications to be exploited and execute arbitrary code as the privileged user. Patches are available.
7cb98675a822bc8edd2fd3f6bd3b7b4a6cf3569063738705e6b569c0c74c79bf
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed