FreeBSD Security Advisory FreeBSD-SA-01:34 - The hylafax port, versions prior to hylafax-4.1.b2_2, contains a format string bug in the hfaxd program. A local user may execute the hfaxd program with command-line arguments containing format string characters, gaining root privileges on the local system.
36f4e44196ff626f346ead7a6cccca5bFreeBSD Security Advisory FreeBSD-SA-01:33 - The glob() function contains buffer overflows that are exploitable through the FTP daemon. If a directory with a name of a certain length is present, a remote user specifying a pathname using globbing characters may cause arbitrary code to be executed on the FTP server as user running ftpd, usually root. Additionally, when given a path containing numerous globbing characters, the glob() functions may consume significant system resources when expanding the path. This can be controlled by setting user limits via /etc/login.conf and setting limits on globbing expansion.
a453b49a4b62f9680a258521bb5f9eb1FreeBSD Security Advisory FreeBSD-SA-01:32.ipfilter - When matching a packet fragment, insufficient checks were performed to ensure the fragment is valid. In addition, the fragment cache is checked before any rules are checked. Even if all fragments are blocked with a rule, fragment cache entries can be created by packets that match currently held state information. Because of these discrepancies, certain packets may bypass filtering rules. All versions of FreeBSD prior to the correction date, including FreeBSD 3.5.1 and 4.2, contain this problem.
2c3f0fdd3246c06da4aca3af30fb026fFreeBSD Security Advisory FreeBSD-SA-01:31.ntpd - An overflowable buffer exists in the ntpd daemon related to the building of a response for a query with a large readvar argument. Due to insufficient bounds checking, a remote attacker may be able to cause arbitrary code to be executed as the user running the ntpd daemon, usually root. All versions of FreeBSD prior to the correction date, including FreeBSD 3.5.1 and 4.2, and versions of the ntpd port prior to ntp-4.0.99k_2 contain this problem.
d864a26e6213f1b5aaec55118c817579FreeBSD Security Advisory FreeBSD-SA-01:30.ufs-ext2fs - A bug in the UFS filesystem allows users to obtain access to areas of the filesystem containing data from deleted files. The filesystem code is supposed to ensure that all filesystem blocks are zeroed before becoming available to user processes, but in a certain specific case this zeroing does not occur, and unzeroed blocks are passed to the user with their previous contents intact. Thus, if the block contains data which used to be part of a file or directory to which the user did not have access, the operation results in unauthorized access of data.
f493d4622ae7dc321d22468b5d4abc7eFreeBSD Security Advisory FreeBSD-SA-01:29.rwhod - Malformed packets sent to the rwhod daemon via UDP port 513 could cause it to crash, thereby denying service to clients.
7b5cba14d4fddfbbcd57118866a9f05aFreeBSD Security Advisory FreeBSD-SA-01:28 - Malformed packets sent to the timed daemon on UDP port 525 could cause it to crash, thereby denying service to clients.
966eb434860dcea9e93ca3134e57b93fFreeBSD Security Advisory FreeBSD-SA-01:27 - The cfengine port, versions prior to 1.6.1, contained several format string vulnerabilities which allow a remote attacker to execute arbitrary code on the local system as the user running cfengine, usually user root.
e4dba87acf45fc7dc236b41d82793082FreeBSD Security Advisory FreeBSD-SA-01:26 - The interbase port has a hard coded backdoor which has full read and write access to databases stored on the server, and also gives the ability to write to arbitrary files on the server as the user running the interbase server (usually user root). Remote attackers may connect to the database on TCP port 3050.
1757f4c716432f5a102856a2e81db743FreeBSD Security Advisory FreeBSD-SA-01:23 - The icecast port, versions prior to 1.3.7_1, contains multiple format string vulnerabilities, which allow a remote attacker to execute arbitrary code as the user running icecast, usually the root user.
49782dde2f7496fcd56b54e2724b1adeFreeBSD Security Advisory FreeBSD-SA-01:25 - Systems which have installed the optional Kerberos IV distribution are vulnerable to attacks via the telnet daemon due to an overflow in the libkrb KerberosIV authentication library and improper filtering of environmental variables by the KerberosIV-adapted telnet daemon.
12e298711b3565cf86c2c893dd40ff8cFreeBSD Security Advisory FreeBSD-SA-01:24 - OpenSSH prior to v2.3.0p1 contains remote vulnerabilities.
d2a7ccb95086e582faf599061c21806fFreeBSD Security Advisory FreeBSD-SA-01:22 - The dc20ctrl port, versions prior to 0.4_1, contains a locally exploitable buffer overflow. Because the dc20ctrl program is also setgid dialer, unprivileged local users may gain gid dialer on the local system. This may allow the users to gain unauthorized access to the serial port devices.
6bc1b49462b8556170a81e7cef7db5f1FreeBSD Security Advisory FreeBSD-SA-01:21 - The ja-elvis and ko-helvis ports, versions prior to ja-elvis-1.8.4_1 and ko-helvis-1.8h2_1, contain an exploitable buffer overflow in the elvrec utility. Because elvrec is setuid root, unprivileged local users may gain root privileges on the local system.
68f456f494bb526ce9563ae482002eeaFreeBSD Security Advisory FreeBSD-SA-01:20 - The mars_nwe port, versions prior to 0.99.b19_1, contains a remote format string vulnerability. Because of this vulnerability, a malicious remote user sending specially-crafted packets may be able to execute arbitrary code on the local system, gaining root access.
61253820dc5acd762dbca186595952d0FreeBSD Security Advisory FreeBSD-SA-01:19 - The ja-xklock port, versions 2.7.1 and earlier, contains an exploitable buffer overflow. Because the xklock program is also setuid root, unprivileged local users may gain root privileges on the local system.
ff6040fb443c98edc814f2427d49db47FreeBSD Security Advisory FreeBSD-SA-01:11 - The ident server included with FreeBSD inetd contains a vulnerability which allows remote users to read the first 16 bytes of files which are accessible by group wheel. The inetd internal ident server is not enabled by default - if you have not enabled the ident portion of inetd, you are not vulnerable.
d8e006208ec79428de3fd3055a9c2280FreeBSD Security Advisory FreeBSD-SA-01:08 - A vulnerability in ipfw and ip6fw allows bypassing of firewalls which make use of the 'established' qualifier, such as "allow tcp from any to any established". Due to overloading of the TCP reserved flags field, ipfw incorrectly treats all TCP packets with the ECE flag set as being part of an established TCP connection, which will therefore match a corresponding ipfw rule containing the 'established' qualifier, even if the packet is not part of an established connection. The ECE flag is part of an experimental extension to TCP. At least one other major operating system will emit TCP packets with the ECE flag set under certain operating conditions. All released versions of FreeBSD prior to the correction date including FreeBSD 3.5.1 and FreeBSD 4.2 are vulnerable.
f4eb00e56e7849cc7ce25e59538b4166FreeBSD Security Advisory FreeBSD-SA-01:10 - A vulnerability exists with the bind nameserver prior to v8.2.3-REL which allows remote attackers to execute arbitrary code as root.
5155a78ab04fbc9669e9710bf77c29b2FreeBSD Security Advisory FreeBSD-SA-01:18 - An overflowable buffer related to the processing of transaction signatures (TSIG) exists in all versions of BIND prior to 8.2.3-RELEASE. The vulnerability is exploitable regardless of configuration options and affects both recursive and non-recursive DNS servers.
a4e3c7a0035789341f555949942c636eFreeBSD Security Advisory FreeBSD-SA-01:17 - The exmh2 port, versions prior to 2.3.1, contains a local temp file vulnerability at startup.
a9faebebaef977c6020f28b19c735bfdFreeBSD Security Advisory FreeBSD-SA-01:16 - The mysql323-server port, versions prior to 3.23.22, and all mysql322-server ports contain remote vulnerabilities. Due to a buffer overflow, a malicious remote user can access to all databases and have the ability to leverage other local attacks as the mysqld user.
2d1285973a3e43c402f9c0272c2f2d5fFreeBSD Security Advisory FreeBSD-SA-01:15 - The tinyproxy port, versions prior to 1.3.3a, contains remote vulnerabilities: due to a heap overflow, malicious remote users can cause arbitrary code to be executed as the user running tinyproxy.
77b21498d6a7813c74b86046e787d2cfFreeBSD Security Advisory FreeBSD-SA-01:14 - The micq port, versions prior to 0.4.6.1, contains a remote vulnerability: due to a buffer overflow, a malicious remote user sending specially-crafted packets may be able to execute arbitrary code on the local system with the privileges of the micq process.
80b14bb792b0f28d7de89dbd80818eb1FreeBSD Security Advisory FreeBSD-SA-01:07 - The XFree86-3.3.6 port, versions prior to 3.3.6_1, has multiple vulnerabilities that may allow local or remote users to cause a denial of service attack against a vulnerable X server. Additionally, local users can often obtain elevated privileges. A malformed packet to TCP port 6000 causes the X server to freeze for several minutes. Due to various coding flaws in libX11, privileged programs linked against libX11 allow local users to obtain privileged access. In addition, any application using libICE to listen on a network port can be crashed due to inadequate bounds checking in libICE.
00cd49abff2b6a4bdf775d92d318191d
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed