Section: .. / advisories / freebsd /
| /// File Name: |
FreeBSD-SA-01:07.xfree86 |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:07 - The XFree86-3.3.6 port, versions prior to 3.3.6_1, has multiple vulnerabilities that may allow local or remote users to cause a denial of service attack against a vulnerable X server. Additionally, local users can often obtain elevated privileges. A malformed packet to TCP port 6000 causes the X server to freeze for several minutes. Due to various coding flaws in libX11, privileged programs linked against libX11 allow local users to obtain privileged access. In addition, any application using libICE to listen on a network port can be crashed due to inadequate bounds checking in libICE.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 6465 | | Last Modified: | Feb 1 01:44:56 2001 |
| MD5 Checksum: | 00cd49abff2b6a4bdf775d92d318191d |
|
| /// File Name: |
FreeBSD-SA-01:08.ipfw |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:08 - A vulnerability in ipfw and ip6fw allows bypassing of firewalls which make use of the 'established' qualifier, such as "allow tcp from any to any established". Due to overloading of the TCP reserved flags field, ipfw incorrectly treats all TCP packets with the ECE flag set as being part of an established TCP connection, which will therefore match a corresponding ipfw rule containing the 'established' qualifier, even if the packet is not part of an established connection. The ECE flag is part of an experimental extension to TCP. At least one other major operating system will emit TCP packets with the ECE flag set under certain operating conditions. All released versions of FreeBSD prior to the correction date including FreeBSD 3.5.1 and FreeBSD 4.2 are vulnerable.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 6922 | | Last Modified: | Feb 12 04:07:03 2001 |
| MD5 Checksum: | f4eb00e56e7849cc7ce25e59538b4166 |
|
| /// File Name: |
FreeBSD-SA-01:09.crontab |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:09 - Crontab contains a vulnerability which allows local users to read any file on the system which conforms to a valid cron syntax. This allows other users crontab files to be read, in addition to any file which has every line commented out.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3442 | | Last Modified: | Jan 26 08:16:53 2001 |
| MD5 Checksum: | c4ad7feb6bba40a4c3f596bfb09652f0 |
|
| /// File Name: |
FreeBSD-SA-01:10.bind |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:10 - A vulnerability exists with the bind nameserver prior to v8.2.3-REL which allows remote attackers to execute arbitrary code as root.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4586 | | Last Modified: | Feb 12 04:04:44 2001 |
| MD5 Checksum: | 5155a78ab04fbc9669e9710bf77c29b2 |
|
| /// File Name: |
FreeBSD-SA-01:11.inetd |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:11 - The ident server included with FreeBSD inetd contains a vulnerability which allows remote users to read the first 16 bytes of files which are accessible by group wheel. The inetd internal ident server is not enabled by default - if you have not enabled the ident portion of inetd, you are not vulnerable.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3929 | | Last Modified: | Feb 12 04:07:30 2001 |
| MD5 Checksum: | d8e006208ec79428de3fd3055a9c2280 |
|
| /// File Name: |
FreeBSD-SA-01:12.periodic |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:12 - Periodic, a program to run periodic system functions, uses tempfiles insecurely. This allows a malicious local user to cause arbitrary files on the system to be corrupted. In a default state, periodic is normally called by cron for daily, weekly, and monthly maintenance. Because these scripts run as root, an attacker may potentially corrupt any file on the system.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 2924 | | Last Modified: | Feb 1 00:47:07 2001 |
| MD5 Checksum: | 539d23e99ad484d40720942653845a83 |
|
| /// File Name: |
FreeBSD-SA-01:13.sort |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:13 - Sort(1), a program to sort text, can be caused to stop working by local users if they guess the next tempfile name it will attempt to use. This failure mode could be used to hide the reporting of malicious activity which would otherwise be detected by a management script.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3332 | | Last Modified: | Feb 1 00:49:58 2001 |
| MD5 Checksum: | a42baf7bf6a720df835b125ba7327955 |
|
| /// File Name: |
FreeBSD-SA-01:14.micq |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:14 - The micq port, versions prior to 0.4.6.1, contains a remote vulnerability: due to a buffer overflow, a malicious remote user sending specially-crafted packets may be able to execute arbitrary code on the local system with the privileges of the micq process.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3737 | | Last Modified: | Feb 1 01:46:29 2001 |
| MD5 Checksum: | 80b14bb792b0f28d7de89dbd80818eb1 |
|
| /// File Name: |
FreeBSD-SA-01:15.tinyproxy |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:15 - The tinyproxy port, versions prior to 1.3.3a, contains remote vulnerabilities: due to a heap overflow, malicious remote users can cause arbitrary code to be executed as the user running tinyproxy.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3633 | | Last Modified: | Feb 1 01:47:36 2001 |
| MD5 Checksum: | 77b21498d6a7813c74b86046e787d2cf |
|
| /// File Name: |
FreeBSD-SA-01:16.mysql |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:16 - The mysql323-server port, versions prior to 3.23.22, and all mysql322-server ports contain remote vulnerabilities. Due to a buffer overflow, a malicious remote user can access to all databases and have the ability to leverage other local attacks as the mysqld user.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4339 | | Last Modified: | Feb 1 01:49:18 2001 |
| MD5 Checksum: | 2d1285973a3e43c402f9c0272c2f2d5f |
|
| /// File Name: |
FreeBSD-SA-01:17.exmh2 |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:17 - The exmh2 port, versions prior to 2.3.1, contains a local temp file vulnerability at startup.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4001 | | Last Modified: | Feb 1 01:50:59 2001 |
| MD5 Checksum: | a9faebebaef977c6020f28b19c735bfd |
|
| /// File Name: |
FreeBSD-SA-01:18.bind |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:18 - An overflowable buffer related to the processing of transaction signatures (TSIG) exists in all versions of BIND prior to 8.2.3-RELEASE. The vulnerability is exploitable regardless of configuration options and affects both recursive and non-recursive DNS servers.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 9485 | | Last Modified: | Feb 1 01:53:58 2001 |
| MD5 Checksum: | a4e3c7a0035789341f555949942c636e |
|
| /// File Name: |
FreeBSD-SA-01:19.ja-xklock |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:19 - The ja-xklock port, versions 2.7.1 and earlier, contains an exploitable buffer overflow. Because the xklock program is also setuid root, unprivileged local users may gain root privileges on the local system.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 2671 | | Last Modified: | Feb 12 04:10:15 2001 |
| MD5 Checksum: | ff6040fb443c98edc814f2427d49db47 |
|
| /// File Name: |
FreeBSD-SA-01:20.mars_nwe |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:20 - The mars_nwe port, versions prior to 0.99.b19_1, contains a remote format string vulnerability. Because of this vulnerability, a malicious remote user sending specially-crafted packets may be able to execute arbitrary code on the local system, gaining root access.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4048 | | Last Modified: | Feb 12 04:14:55 2001 |
| MD5 Checksum: | 61253820dc5acd762dbca186595952d0 |
|
| /// File Name: |
FreeBSD-SA-01:21.ja-elvis |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:21 - The ja-elvis and ko-helvis ports, versions prior to ja-elvis-1.8.4_1 and ko-helvis-1.8h2_1, contain an exploitable buffer overflow in the elvrec utility. Because elvrec is setuid root, unprivileged local users may gain root privileges on the local system.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4415 | | Last Modified: | Feb 12 04:17:11 2001 |
| MD5 Checksum: | 68f456f494bb526ce9563ae482002eea |
|
| /// File Name: |
FreeBSD-SA-01:22.dc20ctrl |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:22 - The dc20ctrl port, versions prior to 0.4_1, contains a locally exploitable buffer overflow. Because the dc20ctrl program is also setgid dialer, unprivileged local users may gain gid dialer on the local system. This may allow the users to gain unauthorized access to the serial port devices.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4198 | | Last Modified: | Feb 12 04:19:30 2001 |
| MD5 Checksum: | 6bc1b49462b8556170a81e7cef7db5f1 |
|
| /// File Name: |
FreeBSD-SA-01:23.icecast |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:23 - The icecast port, versions prior to 1.3.7_1, contains multiple format string vulnerabilities, which allow a remote attacker to execute arbitrary code as the user running icecast, usually the root user.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3827 | | Last Modified: | Mar 16 02:35:16 2001 |
| MD5 Checksum: | 49782dde2f7496fcd56b54e2724b1ade |
|
| /// File Name: |
FreeBSD-SA-01:24.ssh |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:24 - OpenSSH prior to v2.3.0p1 contains remote vulnerabilities.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 10524 | | Last Modified: | Feb 14 08:24:10 2001 |
| MD5 Checksum: | d2a7ccb95086e582faf599061c21806f |
|
| /// File Name: |
FreeBSD-SA-01:25.kerberosIV |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:25 - Systems which have installed the optional Kerberos IV distribution are vulnerable to attacks via the telnet daemon due to an overflow in the libkrb KerberosIV authentication library and improper filtering of environmental variables by the KerberosIV-adapted telnet daemon.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 5407 | | Last Modified: | Feb 16 02:23:36 2001 |
| MD5 Checksum: | 12e298711b3565cf86c2c893dd40ff8c |
|
| /// File Name: |
FreeBSD-SA-01:26.interbase |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:26 - The interbase port has a hard coded backdoor which has full read and write access to databases stored on the server, and also gives the ability to write to arbitrary files on the server as the user running the interbase server (usually user root). Remote attackers may connect to the database on TCP port 3050.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3658 | | Last Modified: | Mar 16 02:36:41 2001 |
| MD5 Checksum: | 1757f4c716432f5a102856a2e81db743 |
|
| /// File Name: |
FreeBSD-SA-01:27.cfengine |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:27 - The cfengine port, versions prior to 1.6.1, contained several format string vulnerabilities which allow a remote attacker to execute arbitrary code on the local system as the user running cfengine, usually user root.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3936 | | Last Modified: | Mar 16 02:39:42 2001 |
| MD5 Checksum: | e4dba87acf45fc7dc236b41d82793082 |
|
| /// File Name: |
FreeBSD-SA-01:28.timed |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:28 - Malformed packets sent to the timed daemon on UDP port 525 could cause it to crash, thereby denying service to clients.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3647 | | Last Modified: | Mar 16 02:41:44 2001 |
| MD5 Checksum: | 966eb434860dcea9e93ca3134e57b93f |
|
| /// File Name: |
FreeBSD-SA-01:29.rwhod |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:29.rwhod - Malformed packets sent to the rwhod daemon via UDP port 513 could cause it to crash, thereby denying service to clients.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3449 | | Last Modified: | Mar 16 02:43:04 2001 |
| MD5 Checksum: | 7b5cba14d4fddfbbcd57118866a9f05a |
|
| /// File Name: |
FreeBSD-SA-01:30.ufs-ext2fs |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:30.ufs-ext2fs - A bug in the UFS filesystem allows users to obtain access to areas of the filesystem containing data from deleted files. The filesystem code is supposed to ensure that all filesystem blocks are zeroed before becoming available to user processes, but in a certain specific case this zeroing does not occur, and unzeroed blocks are passed to the user with their previous contents intact. Thus, if the block contains data which used to be part of a file or directory to which the user did not have access, the operation results in unauthorized access of data.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3394 | | Last Modified: | Mar 27 01:48:05 2001 |
| MD5 Checksum: | f493d4622ae7dc321d22468b5d4abc7e |
|
| /// File Name: |
FreeBSD-SA-01:31.ntpd |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:31.ntpd - An overflowable buffer exists in the ntpd daemon related to the building of a response for a query with a large readvar argument. Due to insufficient bounds checking, a remote attacker may be able to cause arbitrary code to be executed as the user running the ntpd daemon, usually root. All versions of FreeBSD prior to the correction date, including FreeBSD 3.5.1 and 4.2, and versions of the ntpd port prior to ntp-4.0.99k_2 contain this problem.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 5600 | | Last Modified: | Apr 15 17:12:37 2001 |
| MD5 Checksum: | d864a26e6213f1b5aaec55118c817579 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
