Section: .. / advisories / freebsd /
| /// File Name: |
FreeBSD-SA-02:16.netscape |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:16 - Versions 4.76 and earlier of the Netscape browser will execute JavaScript contained in gif and jpeg comment blocks, allowing a hostile web server to see what is in your cache.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 5205 | | Last Modified: | Mar 13 06:00:26 2002 |
| MD5 Checksum: | 099754ac73a348de45bf9561b2616eca |
|
| /// File Name: |
FreeBSD-SA-02:17.mod_frontpage |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:17 - The mod_frontpage port prior to version mod_portname-1.6.1 contains several remotely exploitable buffer overflows in the fpexec wrapper, which is installed setuid root.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3740 | | Last Modified: | Mar 13 06:02:45 2002 |
| MD5 Checksum: | 8729fe12c9ec1ed3d1f04ea9e7d09932 |
|
| /// File Name: |
FreeBSD-SA-02:18.zlib |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:18 - A programming error in zlib may cause segments of dynamically allocated memory to be released more than once (double-freed), allowing attackers to send specially crafted data to applications that use zlib, crashing the application.
| | Homepage: | http://www.freebsd.org | | File Size: | 6676 | | Last Modified: | Apr 25 09:14:36 2002 |
| MD5 Checksum: | f9a566d99804698e4e9e3c6101ca7f87 |
|
| /// File Name: |
FreeBSD-SA-02:19.squid |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:19 - The squid port prior to version 2.4_9 contains a heap overflow in the DNS processing which can be triggered by a DNS server.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3862 | | Last Modified: | Mar 28 05:09:46 2002 |
| MD5 Checksum: | 56fcd18f6322f43091a3af1f0136dc48 |
|
| /// File Name: |
FreeBSD-SA-02:20.syncookies |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:20 - Two denial of service vulnerabilities were found in the syn cookie implementation in FreeBSD. When a SYN was accepted via a syncookie, it used an uninitialized pointer to find the TCP options for the new socket. This pointer may be a null pointer, which will cause the machine to crash. In addition, restarting applications using syn cookie protected sockets can cause a reference to an old inpcb pointer, crashing the system.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4133 | | Last Modified: | Apr 17 09:20:26 2002 |
| MD5 Checksum: | 8dddb28aff356332abf8704f7f92d0e2 |
|
| /// File Name: |
FreeBSD-SA-02:21.tcpip |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:21 - A bug in the FreeBSD kernel's TCP/IP stack's processing of ICMP echo replies can be exploited to create new routing table entries which are never deallocated, using all available memory.
| | Homepage: | http://www.freebsd.org | | File Size: | 4059 | | Last Modified: | Apr 23 07:27:01 2002 |
| MD5 Checksum: | d9a7b78b37e909ba385c74c0d64bb9c3 |
|
| /// File Name: |
FreeBSD-SA-02:22.mmap |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:22 - Local users can cause the FreeBSD system to crash due to a bug in the virtual memory management system involving a failure to check for the existence of a VM object during page invalidation. This bug could be triggered by calling msync(2) on an anonymous, asynchronous memory map (i.e. created using the mmap flags MAP_ANON and MAP_NOSYNC) which had not been accessed previously, causing the system to crash.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3009 | | Last Modified: | Apr 25 08:18:53 2002 |
| MD5 Checksum: | 60895e0707038d7543f12cf88b6df18c |
|
| /// File Name: |
FreeBSD-SA-02:23.stdio |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:23 - Setuid or setgid applications can be used for privilege elevation due to insecure handling of stdio file descriptors on FreeBSD releases up to and including 4.5-RELEASE. It is known that the `keyinit' set-user-id program is exploitable using this method. This vulnerability was discovered by Joost Pol.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 5003 | | Last Modified: | Apr 25 03:43:04 2002 |
| MD5 Checksum: | af9b03df14e62e8c4b9fdf23ef6b6305 |
|
| /// File Name: |
FreeBSD-SA-02:26.accept |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:26 - FreeBSD kernels compiled with accept() filters are vulnerable to a denial of service condition.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 5251 | | Last Modified: | May 30 07:32:04 2002 |
| MD5 Checksum: | 10d481747322bc519f14546021875827 |
|
| /// File Name: |
FreeBSD-SA-02:27.rc |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:27 - The FreeBSD rc scripts allow users may remove the contents of arbitrary directories if the /tmp/.X11-unix directory does not already exist and the system can be enticed to reboot.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3763 | | Last Modified: | May 30 07:34:02 2002 |
| MD5 Checksum: | 2ea504c46f51e35cc51cbbbcfa9e745b |
|
| /// File Name: |
FreeBSD-SA-02:28.resolv |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:28 - The resolver code in libc contains remotely exploitable buffer overflows which can be triggered by specially crafted DNS replies. Since practically all Internet applications utilize the resolver, the severity of this issue is high.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4595 | | Last Modified: | Jun 29 19:35:37 2002 |
| MD5 Checksum: | 19dd23dd6b5d844483b485b09bc3f81a |
|
| /// File Name: |
FreeBSD-SA-02:29.tcpdump |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:29 - A buffer overflow has been found tcpdump v3.7.1 and below which can be triggered through specially crafted NFS packets. Since tcpdump typically runs with root privileges, exploitation of this vulnerability can be used to remotely execute code on systems that are affected.
| | Homepage: | http://www.freebsd.org/security/ | | File Size: | 3088 | | Last Modified: | Jul 15 02:37:51 2002 |
| MD5 Checksum: | e95d61dc21165070e874976c0276d45f |
|
| /// File Name: |
FreeBSD-SA-02:30.ktrace |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:30 - It is possible for normal users to trace processes from setuid / setgid programs that dropped their privileges, leading to the disclosure of sensitive information obtained by the process from before the privileges where dropped. All releases prior to and including 4.6-RELEASE are affected.
| | Homepage: | http://www.freebsd.org/security/ | | File Size: | 3435 | | Last Modified: | Jul 15 02:36:19 2002 |
| MD5 Checksum: | d75b878ba51d4721122a2d4fc9d508f6 |
|
| /// File Name: |
FreeBSD-SA-02:31.openssh |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:31 - OpenSSH included with FreeBSD-CURRENT between 2002-03-18 and 2002-06-25 has a remote root vulnerability because ChallengeResponseAuthentication is turned on by default.
| | Homepage: | http://www.freebsd.org/security/ | | File Size: | 2640 | | Last Modified: | Jul 17 06:29:37 2002 |
| MD5 Checksum: | 45359575af2b8438e6489cffeb7fd6d4 |
|
| /// File Name: |
FreeBSD-SA-02:32.pppd |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:32 - The pppd program shipped with all releases of FreeBSD up to and including 4.6.1-RELEASE-p1 contains a race condition which can be exploited by local users to change the permissions of any file.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4264 | | Last Modified: | Aug 1 20:03:45 2002 |
| MD5 Checksum: | fafb4b1e3f054b1759834dcd4c512dd5 |
|
| /// File Name: |
FreeBSD-SA-02:33.openssl |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:33 - The OpenSSL libraries contain multiple buffer overflows, including errors in the handling of the client master key in the SSL2 protocol implementation; the handling of the session ID in the SSL3 protocol; and in the handling of buffers used for representing integers in ASCII on 64-bit platforms, and overflows in the handling of ASN.1.
| | Homepage: | http://www.freebsd.org | | File Size: | 140466 | | Last Modified: | Aug 6 08:00:15 2002 |
| MD5 Checksum: | f81475956d0b953a689b06020712ffd2 |
|
| /// File Name: |
FreeBSD-SA-02:34.rpc |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:34 - All releases of FreeBSD up to and including 4.6.1-RELEASE-p5 contain an error in the the calculation of memory needed for unpacking arrays in the SunRPC XDR decoder results in a remotely exploitable heap overflow. Many rpc services are vulnerable, including NFS, the NIS server, rpc.statd and more.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4950 | | Last Modified: | Aug 1 20:25:47 2002 |
| MD5 Checksum: | b1e72a2ea5675a95c1324a04c3acf407 |
|
| /// File Name: |
FreeBSD-SA-02:35.ffs |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:35 - FFS, the default FreeBSD filesystem has an overflow in the maximum permitted FFS file size which allows users to create files that are larger than FreeBSD's virtual memory system can handle. The integer overflows that result when such files are accessed can map filesystem metadata into the user file, permitting access to arbitrary filesystem blocks. The bug is encountered only on FFS filesystems with a block size of 16k or greater on the i386 architecture, or 32k or greater on the alpha architecture.
| | Homepage: | http://www.freebsd.org | | File Size: | 5498 | | Last Modified: | Aug 6 08:03:09 2002 |
| MD5 Checksum: | ab3dbf13df753d41c31c26c3cae4cfae |
|
| /// File Name: |
FreeBSD-SA-02:36.nfs |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:36 - A denial of service vulnerability has been discovered in FreeBSD NFS. A part of the NFS server code charged with handling incoming RPC messages had an error which, when the server received a message with a zero-length payload, would cause it to reference the payload from the previous message, creating a loop in the message chain. This would later cause an infinite loop in a different part of the NFS server code which tried to traverse the chain.
| | Homepage: | http://www.freebsd.org | | File Size: | 3888 | | Last Modified: | Aug 6 08:04:45 2002 |
| MD5 Checksum: | 6073dea31e45eb3a874042e3dbd1aebc |
|
| /// File Name: |
FreeBSD-SA-02:37.kqueue |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:37 - Local users can cause a kernel panic using the kqueue system. If a pipe was created with the pipe(2) system call, and one end of the pipe was closed, registering an EVFILT_WRITE filter on the other end would cause a kernel panic.
| | Homepage: | http://www.freebsd.org | | File Size: | 3373 | | Last Modified: | Aug 6 08:06:05 2002 |
| MD5 Checksum: | 850959a290a0e6dfa2392b1f4ac94044 |
|
| /// File Name: |
FreeBSD-SA-02:38.signed-error |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:38 - Several FreeBSD system calls can be called with large negative arguments, causing the kernel to return a large portion of kernel memory. Such memory often contains sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way. Terminal buffers often include user entered passwords.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4227 | | Last Modified: | Aug 20 08:41:19 2002 |
| MD5 Checksum: | 8f1b399750ad1732b5f59c91357c32e9 |
|
| /// File Name: |
FreeBSD-SA-02:39.libkvm |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:39 - The kvm(3) library, which provides a uniform interface for accessing kernel virtual memory images, leaves open file descriptors to /dev/mem and /dev/kmem, allowing other processes to read kernel memory and disclose sensitive information. Affected applications include asmon, ascpu, bubblemon, wmmon, and wmnet2.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 5156 | | Last Modified: | Sep 17 14:19:53 2002 |
| MD5 Checksum: | 3f11fcc475cb8268565f7245f8213f95 |
|
| /// File Name: |
FreeBSD-SA-02:40.kadmind |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:40 - The Kerberos administrative servers, kadmind and k5admind contain stack overflows that allow remote code execution as root from non-authenticated attackers. According to the MIT security team, there is evidence that this bug is being actively exploited.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 7901 | | Last Modified: | Nov 13 09:30:32 2002 |
| MD5 Checksum: | af0135f35ca1b09af7acfeb50a9bd61c |
|
| /// File Name: |
FreeBSD-SA-02:41.smrsh |
Description:
|
The sendmail restricted shell command, smrsh, has handling errors that will allow for command arguments with || or spaces to execute commands outside of its target directory. This shell was originally intended to replace /bin/sh to limit built-in shell commands being used via sendmail.
| | Homepage: | http://www.freebsd.org | | File Size: | 4704 | | Last Modified: | Nov 17 06:10:53 2002 |
| MD5 Checksum: | 56bc24cb1514d9e5c1f70e9ad3458284 |
|
| /// File Name: |
FreeBSD-SA-02:42.resolv |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:42 - Several libc functions --- including getaddrinfo(), gethostbyname(), getnetbyname(), and others --- utilize the DNS resolver functions res_search, res_query, and/or res_send which contain buffer overflow vulnerabilities which allow remote denial of service attacks against many applications.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4975 | | Last Modified: | Nov 13 09:42:55 2002 |
| MD5 Checksum: | 2790c8a66ed70f9a318481e64bc1e712 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
