FreeBSD Security Advisory FreeBSD-SA-00:46 - The screen port, versions 3.9.5 and before, contains a vulnerability which allows local users to gain root privileges. This is accomplished by inserting string-formatting operators into configuration parameters, which may allow arbitrary code to be executed.
42fc636e75dec72d9698572a3e19f2c6947bfa82773535479548ca93c2d63d53FreeBSD Security Advisory FreeBSD-SA-00:44 - The xlockmore port, versions 4.17 and below, installs the setuid root binary xlock, which contains a vulnerability due to incorrect use of the syslog() function. The xlock program correctly drops root privileges prior to the point of vulnerability, however it may retain in memory part of the hashed password database for the user accounts on the system. Attackers who can retrieve hashed password information from the memory space of the process can mount attacks against the user account passwords and possibly gain access to accounts on the system if successful.
0b1c8c3842f449349927b566da8941978ab4a1c327fb2fcd41431a8cdad32fdfFreeBSD Security Advisory FreeBSD-SA-00:51 - The mailman port, versions prior to 2.0b5, contained several locally exploitable vulnerabilities which could be used to gain root privileges.
dedb3bb4a1ce3ca995f2fb71a6dfc4cc5f55e619fc981e278494f0f87dd01815FreeBSD Security Advisory FreeBSD-SA-00:50 - The listmanager port, versions prior to 2.105.1, contained several locally exploitable buffer overflow vulnerabilities which could be used to gain root privileges.
3e32fb931fa234b663d485febacb30965ed690394c9e151c22d8c8c63ec013ceFreeBSD Security Advisory FreeBSD-SA-00:49 - The eject port is installed setuid root, and contains several exploitable buffers which can be overflowed by local users, yielding root privileges.
031b23226b8c3145fcc2d633e190d78e52aa482d69c5e45788560e7f54bc4834FreeBSD Security Advisory FreeBSD-SA-00:48 - The xchat IRC client provides the ability to launch URLs displayed in an IRC window in a web browser by right clicking on the URL. However this was handled incorrectly in versions prior to 1.4.3, and prior to 1.5.7 in the 1.5 development series, and allowed a malicious IRC user to embed command strings in a URL which could cause an arbitrary command to be executed as the local user if the URL were to be "launched" in a browser as described above.
aed685a66de97edce6729dc5e82feed39ad7397a61a60b4b457ceaf446493e6dFreeBSD Security Advisory FreeBSD-SA-00:47 - The pine4 port, versions 4.21 and before, contained a bug which would cause the program to crash when processing a folder which contains an email message with a malformed X-Keywords header. The message itself could be deleted within pine if identified, but other operations such as closing the folder with the message still present would cause the program to crash with no apparent cause.
fef7796ba9f4008ae05e32e357e31610d2560144adcb1cfbe8ecff674325874cFreeBSD Security Advisory SA-00:45 - esound port allows file permissions to be modified. EsounD is a component of the GNOME desktop environment which is responsible for multiplexing access to audio devices. The esound port, versions 0.2.19 and earlier, creates a world-writable directory in /tmp owned by the user running the EsounD session, which is used for the storage of a unix domain socket. A race condition exists in the creation of this socket which allows a local attacker to cause an arbitrary file or directory owned by the user running esound to become world-writable. This can give the attacker access to the victim's account, or lead to a system compromise if esound is run by root.
09a1768462579f3e6581ae9bbc3d3331249397ca2da3537c18b79471fb7e0de7FreeBSD Security Advisory FreeBSD-SA-00:43 - The brouted port is incorrectly installed setgid kmem, and contains several exploitable buffer overflows in command-line arguments. An attacker exploiting these to gain kmem privilege can easily upgrade to full root access by manipulating kernel memory
11e91750b070a2da94c3d5310490bb38f633a7be33705f3f6dee2e94d8eca474FreebSD Security Advisory FreeBSD-SA-00:42 - The linux binary-compatability module implements a "shadow" filesystem hierarchy rooted in /compat/linux, which is overlayed against the regular filesystem hierarchy so that Linux binaries "see" files in the shadow hierarchy which can mask the native files. Filenames in this shadow hierarchy are treated incorrectly by the linux kernel module under certain circumstances, and a kernel stack overflow leading to a system compromise by an unprivileged user may be possible when very long filenames are used. ~
17e4a4ac716ec87e9f9ec1303ae1ee1e09d2c29f571974e1f8d434cb3024a5d1FreeBSD Security Advisory FreeBSD-SA-00:41 - The ELF image activator did not perform sufficient sanity checks on the ELF image header, and when confronted with an invalid or truncated header it suffered a sign overflow bug which caused the CPU to enter into a very long loop in the kernel. The system will appear to lock up for an extended period of time before control returns. This bug is exploitable by unprivileged local users
8b84f4395969831a9355a1550f9b432dd8dda128b1a0bf5df10f135e44dd85efFreeBSD Security Advisory FreeBSD-SA-00:40 - The mopd port contains several remotely exploitable vulnerabilities. An attacker exploiting these can execute arbitrary code on the local machine as root.
1361bf9e9ae11924e134e948f9e29eb35f02b08131b525421e6fb66cb839c30eFreeBSD Security Advisory FreeBSD-SA-00:39 - the issue involve two security problems involving netscape. A client-side exploit may be possible through a buffer overflow in JPEG-handling code and The Java Virtual Machine implementation has security vulnerabilities allowing a remote user to read the contents of local files accessible to the user running netscape, and to allow these files to be transmitted to any user on the internet.
dbd5f1922da156eff88cd8217ccfd27f3113cec30671c4be81e4fd7da29d55bcFreeBSD Security Advisory FreeBSD-SA-00:38 - The issue involves an inadequately protected method in one of the base classes in the DocumentTemplate package that could allow the contents of DTMLDocuments or DTMLMethods to be changed remotely or through DTML code without forcing proper user authorization.
2c7946820d2ce844168c150997ecaac13fffc19e1a17ce6a21cbf3fb2673e66fFreeBSD Security Advisory FreeBSD-SA-00:37 - The cvsweb port, versions prior to 1.86, contains a vulnerability which allows users with commit access to a CVS repository monitored by cvsweb to execute arbitrary code as the user running the cvsweb.cgi script, which may be located on another machine where the committer has no direct access.
09f40debfcad1cf3bc4043b2e8953260477c781d053e3f643b9e71c1db46c228FreeBSD Security Advisory FreeBSD-SA-00:36 - The ntop software is written in a very insecure style, with many potentially exploitable buffer overflows (including several demonstrated ones) which could in certain conditions allow the local or remote user to execute arbitrary code on the local system with increased privileges.
7c0acd2703b07ca2be23cdd13d8a4ddc0d3ffedbcef8d1fe088ffb25c5bec951FreeBSD Security Advisory FreeBSD-SA-00:35 - The proftpd port, versions prior to 1.2.0rc2, contains a vulnerability which allows FTP users, both anonymous FTP users and those with a valid account, to execute arbitrary code as root on the local machine, by inserting string-formatting operators into command input, which are incorrectly parsed by the FTP server.
76f84091c90af96f01cf6608f849ae0a2517b33712ed0dccad709b014fd49f84FreeBSD Security Advisory FreeBSD-SA-00:34 - ISC-DHCP is an implementation of the DHCP protocol containing client and server. FreeBSD 3.2 and above includes the version 2 client by default in the base system, and the version 2 and version 3 clients and servers in the Ports Collection. The dhclient utility (DHCP client), versions 2.0pl2 and before (for the version 2.x series), and versions 3.0b1pl16 and before (for the version 3.x series) does not correctly validate input from the server, allowing a malicious DHCP server to execute arbitrary commands as root on the client. DHCP may be enabled if your system was initially configured from a DHCP server at install-time, or if you have specifically enabled it after installation. FreeBSD 4.1 is not affected by this problem since it contains the 2.0pl3 client.
731b4459394d525653b202ac1f9670f2fd6318ef0126d6b65c986f45ff803366FreeBSD Security Advisory FreeBSD-SA-00:23 - There are several bugs in the processing of IP options in the FreeBSD IP stack, which fail to correctly bounds-check arguments and contain other coding errors leading to the possibility of data corruption and a kernel panic upon reception of certain invalid IP packets. Patch included.
3052d0a143c61fc8a86ab5e3ab43f9d0ab18e5978918a4144eb90891788886b7FreeBSD-SA-00:33 - Vulnerabilities in the MIT Kerberos 5 port were the subject of an earlier FreeBSD Security Advisory (SA-00:20). At the time it was believed that the implementation of Kerberos distributed with FreeBSD was not vulnerable to these problems, but it was later discovered that FreeBSD 3.x contained an older version of KTH Kerberos 4 which is in fact vulnerable to at least some of these vulnerabilities. FreeBSD 4.0-RELEASE and later are unaffected by this problem, although FreeBSD 3.5-RELEASE is vulnerable.
e072d2724cad65ec47ada96c741fce598aee03be503ae532586cff6b6b3f76b4FreeBSD-SA-00:26 - The popper port, version 2.53 and earlier, incorrectly parses string formatting operators included in part of the email message header. A remote attacker can send a malicious email message to a local user which can cause arbitrary code to be executed on the server when a POP client retrieves the message using the UIDL command. The code is executed as the user who is retrieving mail: thus if root reads email via POP3 this can lead to a root compromise.
7805e554d84ca0867143ca1acddfa28152891c433df64b183b257ce27d1b467aFreeBSD-SA-00:31 - The Canna server, which is not installed by default, contains an overflowable buffer which may be exploited by a remote user to execute arbitrary code on the local system as user 'bin'.
a5c72623b3c311e90c72f4b47d9722fac689db56ba5ef144be25900514208d35FreeBSD-SA-00:29 - The wu-ftpd port, versions 2.6.0 and below, contains a vulnerability which allows remote anonymous FTP users to execute arbitrary code as root on the local machine, by inserting string-formatting operators into command input, which are incorrectly parsed by the FTP server.
bd79217c21c14fb58f503398bbd1738af72e6d6b50c3fa9c2bc3c38460cad46eFreeBSD-SA-00:32 - The bitchx client incorrectly parses string-formatting operators included as part of channel invitation messages sent by remote IRC users. This can cause the local client to crash, and may possibly present the ability to execute arbitrary code as the local user.
e7981774cffd17fc53074acbfb424642e5071b74f399e53d90d11f29736a246fFreeBSD-SA-00:30 - OpenSSH UseLogin directive permits remote root access. OpenSSH has a configuration option, not enabled by default ("UseLogin") which fails to drop privileges when it executes commands, meaning that remote users without root access can execute commands on the local system as root.
cb82b177655948ab3564d4e7aec566508e4686e4196abfb36f05bd8ab77f7c7d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed