Section: .. / advisories / freebsd /
| /// File Name: |
FreeBSD-SA-01:68.xsane |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:68 - The XSane port has insecure temp file vulnerabilities allowing local users to overwrite files by exploiting a race condition.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4351 | | Last Modified: | Dec 18 06:26:58 2001 |
| MD5 Checksum: | b0f9ada2ed840a9a9450d48283d459a7 |
|
| /// File Name: |
FreeBSD-SA-01_41.hanterm |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:41 - The hanterm binary is installed with setuid root permissions, but contains insecure code which allows unprivileged local users to obtain root access on the local system.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3842 | | Last Modified: | Aug 11 08:13:33 2001 |
| MD5 Checksum: | faba6140ec7ce2713e95656d73a11730 |
|
| /// File Name: |
FreeBSD-SA-01_42.signal.v1.1.asc |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:42 - A flaw exists in FreeBSD signal handler clearing that would allow for some signal handlers to remain in effect after the exec. Most of the signals were cleared, but some signal handlers were not. This allowed an attacker to execute arbitrary code in the context of a setuid binary. All versions of 4.x prior to the correction date including and 4.3-RELEASE are vulnerable to this problem.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4604 | | Last Modified: | Aug 11 08:15:37 2001 |
| MD5 Checksum: | 4da3fdfef63b51cc780ceb4cef6054ca |
|
| /// File Name: |
FreeBSD-SA-01_43.fetchmail |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:43 - The fetchmail port, versions prior to fetchmail-5.8.6, contains a potentially exploitable buffer overflow when rewriting headers longer than 512 bytes. This problem may allow remote users to cause fetchmail to crash and potentially execute arbitrary code as the user running fetchmail.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3287 | | Last Modified: | Aug 11 10:47:09 2001 |
| MD5 Checksum: | 47cc58956152252004ed982602ba618a |
|
| /// File Name: |
FreeBSD-SA-01_44.gnupg |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:44 - The gnupg port, versions prior to gnupg-1.0.6, contains a format string vulnerability. If gnupg attempts to decrypt a file whose filename does not end in '.gpg', the filename is copied to the prompt string, allowing a user-supplied format string. This may allow a malicious user to cause arbitrary code to be executed as the user running gnupg.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3308 | | Last Modified: | Aug 11 10:48:41 2001 |
| MD5 Checksum: | 68ece65d26ef0b4d9edbdf4b9550b512 |
|
| /// File Name: |
FreeBSD-SA-01_45.samba |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01_45 - The samba ports, versions prior to samba-2.0.10, samba-devel-2.2.0a, and ja-samba-2.0.9.j1.0_1, fail to properly validate NetBIOS names. Sending a specially crafted NetBIOS name containing unix path characters, a remote user may be able to cause the samba server to write the log files to arbitrary locations on the local filesystems.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4291 | | Last Modified: | Aug 11 10:50:12 2001 |
| MD5 Checksum: | 1e2742b83fabe7fcb3f3b8695342c429 |
|
| /// File Name: |
FreeBSD-SA-01_46.w3m |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:46 - The w3m port, versions prior to w3m-0.2.1_1, contains a buffer overflow in the parsing of MIME headers. A malicious server which is visited by a user with the w3m browser can exploit the browser security holes in order to execute arbitrary code on the local machine as the local user.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3432 | | Last Modified: | Aug 11 10:51:45 2001 |
| MD5 Checksum: | c7130aa80cbed9e1dafac7c145e5a78c |
|
| /// File Name: |
FreeBSD-SA-01_47.xinetd |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:47 - The xinetd port, versions prior to xinetd-2.3.0, contains a potentially exploitable buffer overflow in the logging routines. If xinetd is configured to log the userid of remote clients obtained via the RFC1413 ident service, a remote user may be able to cause xinetd to crash by returning a specially-crafted ident response. This may also potentially execute arbitrary code as the user running xinetd, normally root.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3613 | | Last Modified: | Aug 11 10:53:19 2001 |
| MD5 Checksum: | bd04640e39c1ed7270b7729a372acbec |
|
| /// File Name: |
FreeBSD-SA-01_48.tcpdump |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:48 - An overflowable buffer was found in the version of tcpdump included with FreeBSD 4.x. Due to incorrect string length handling in the decoding of AFS RPC packets, a remote user may be able to overflow a buffer causing the local tcpdump process to crash. In addition, it may be possible to execute arbitrary code with the privileges of the user running tcpdump, often root.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4628 | | Last Modified: | Aug 11 10:55:23 2001 |
| MD5 Checksum: | 737aacf656253e40460951a6a5274418 |
|
| /// File Name: |
FreeBSD-SA-01_49.telnetd.v1.1 |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:49 - An overflowable buffer was found in the version of telnetd included with FreeBSD. Due to incorrect bounds checking of data buffered for output to the remote client, an attacker can cause the telnetd process to overflow the buffer and crash, or execute arbitrary code as the user running telnetd, usually root. A valid user account and password is not required to exploit this vulnerability, only the ability to connect to a telnetd server. The telnetd service is enabled by default on all FreeBSD installations if the 'high' security setting is not selected at install-time. This vulnerability is known to be exploitable, and is being actively exploited in the wild. All released versions of FreeBSD prior to the correction date including 3.5.1-RELEASE and 4.3-RELEASE are vulnerable to this problem.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 9141 | | Last Modified: | Aug 11 10:58:09 2001 |
| MD5 Checksum: | 1b9952cdc0a2a21e3dc59744061ddd98 |
|
| /// File Name: |
FreeBSD-SA-01_50.windowmaker |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01_50 - The windowmaker ports, versions prior to windowmaker-0.65.0_2 and windowmaker-i18n-0.65.0_1, contain a potentially exploitable buffer overflow when displaying a very long window title in the window list menu. Since programs such as web browsers will include the contents of a webpage's title tag in window titles, this problem may allow authors of malicious webpages to cause windowmaker to crash and potentially execute arbitrary code as the user running windowmaker.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3767 | | Last Modified: | Aug 11 11:01:47 2001 |
| MD5 Checksum: | 2af8ce4e621e62b8612a2c714d77cb41 |
|
| /// File Name: |
FreeBSD-SA-01_52.fragment |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-01:52 - Remote users may be able to prevent a FreeBSD system from communicating with other systems on the network by transmitting large numbers of fragmented IPv4 datagrams. For the attack to be effective, the attacker must have a high-bandwidth connection to the target system. IP datagram fragments destined to the target system will be queued for 30 seconds, to allow fragmented datagrams to be reassembled. There was no upper limit in the number of reassembly queues. Therefore, a malicious party may be able to transmit a lot of bogus fragmented datagrams (with different IPv4 identification field) and cause the target system to exhaust its mbuf pool, preventing further network traffic processing or generation while the starvation condition continues.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 7204 | | Last Modified: | Aug 11 11:05:24 2001 |
| MD5 Checksum: | 19f7d5279c35e7d48521319f37def0e3 |
|
| /// File Name: |
FreeBSD-SA-02:01.pkg_add |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:01 - Pkg_add allows local attackers to modify the package contents and potentially elevate privileges or otherwise compromise the system.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4150 | | Last Modified: | Jan 11 06:04:23 2002 |
| MD5 Checksum: | 8c47552cc1bc260be26ebcefc5aca401 |
|
| /// File Name: |
FreeBSD-SA-02:02.pw |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:02 - When creating, removing, or modifying system users, the pw utility modifies the system password file `/etc/master.passwd'. This file contains the users' encrypted passwords and is normally only readable by root. During the modification, a temporary copy of the file is created. However, this temporary file is mistakenly created with permissions that allow it to be read by any user. A race condition is created.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3907 | | Last Modified: | Jan 8 07:27:04 2002 |
| MD5 Checksum: | 17ba2012de0e3fd6cc0c8941f017d085 |
|
| /// File Name: |
FreeBSD-SA-02:03.mod_auth_pgsq |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:03 - The mod_auth_pgsql port, versions prior to mod_auth_pgsql-0.9.9, contain a vulnerability that may allow a remote user to cause arbitrary SQL code to be execute. mod_auth_pgsql constructs a SQL statement to be executed by the PostgreSQL server in order to lookup user information. The username given by the remote user is inserted into the SQL statement without any quoting or other safety checks.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4182 | | Last Modified: | Jan 8 07:28:05 2002 |
| MD5 Checksum: | 87cc1c8e36c4f927313ce7af08cd8e10 |
|
| /// File Name: |
FreeBSD-SA-02:04.mutt |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:04 - The mutt ports, versions prior to mutt-1.2.25_1 and mutt-devel-1.3.24_2, contain a buffer overflow in the handling of email addresses in headers.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4533 | | Last Modified: | Jan 8 07:47:53 2002 |
| MD5 Checksum: | d09bbb8901217ededbbef00dce9d236d |
|
| /// File Name: |
FreeBSD-SA-02:05.pine |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:05 - The pine port, versions previous to pine-4.40, handles URLs in messages insecurely. PINE allows users to launch a web browser to visit a URL embedded in a message. Due to a programming error, PINE does not properly escape meta-characters in the URL before passing it to the command shell as an argument to the web browser.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 5521 | | Last Modified: | Jan 11 07:18:46 2002 |
| MD5 Checksum: | 8b8ab8367a586b71c4575f237d8b0141 |
|
| /// File Name: |
FreeBSD-SA-02:06.sudo |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:06 - The sudo port prior to sudo-1.6.4.1 contains a local root vulnerability. If a user who has not been authorized by the system administrator (listed in the `sudoers' file) attempts to use sudo, sudo will send an email alert. When it does so, it invokes the system mailer with superuser privileges, and with most of the user's environment intact.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3996 | | Last Modified: | Jan 17 07:32:27 2002 |
| MD5 Checksum: | 7f294ea7b1a6a0173d80f56c6a973e86 |
|
| /// File Name: |
FreeBSD-SA-02:07.k5su |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:07 - The k5su command included with FreeBSD, versions prior to 4.5-RELEASE, and the su command included in the heimdal port, versions prior to heimdal-0.4e_2, use the getlogin system call in order to determine whether the currently logged-in user is `root'. In some circumstances, it is possible for a non-privileged process to have `root' as the login name returned by getlogin. You don't actually want that to happen, trust us.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 6838 | | Last Modified: | Jan 19 06:02:51 2002 |
| MD5 Checksum: | 208b22a679028eed6a4f847a57e20216 |
|
| /// File Name: |
FreeBSD-SA-02:08.exec |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:08 - A race condition during exec allows local root compromise. A race condition exists in the FreeBSD exec system call implementation. It is possible for a user to attach a debugger to a process while it is exec'ing, but before the kernel has determined that the process is set-user-ID or set-group-ID. All versions of FreeBSD 4.x prior to FreeBSD 4.5-RELEASE are vulnerable to this problem. The problem has been corrected by marking processes that have started.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 8502 | | Last Modified: | Jan 25 08:29:24 2002 |
| MD5 Checksum: | d01d62114dbd97adf1fd167c813cd187 |
|
| /// File Name: |
FreeBSD-SA-02:11.ucdsnmp |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:11 - ucd-snmp/net-snmp remotely exploitable vulnerabilities. The Net-SNMP (previously known as UCD-SNMP) package is a set of Simple Network Management Protocol tools, including an agent, library, and applications for generating and handling requests and traps. The Net-SNMP port, versions prior to 4.2.3, contains several remotely exploitable vulnerabilities which includes SNMPv1 request and trap handling in both managers and agents.
| | Homepage: | http://www.freebsd.org | | File Size: | 5006 | | Last Modified: | Feb 13 03:02:07 2002 |
| MD5 Checksum: | df2e21b42af8e16ccd0df289f6d5d525 |
|
| /// File Name: |
FreeBSD-SA-02:12.squid |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:12 - The Squid port prior to 2.4-STABLE4 (port version 2.4_8) contains multiple vulnerabilities, one of which allows authenticated users to overflow buffers.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 5448 | | Last Modified: | Feb 22 08:25:42 2002 |
| MD5 Checksum: | 7e7fe0843e24f2f4c28c19f9dfcc4aea |
|
| /// File Name: |
FreeBSD-SA-02:13.openssh |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:13 - OpenSSH v2.0 through v3.0.2p1 contains an exploitable off by one error which allows a authenticated users to run code on the server as root. A malicious server may be able to cause a connecting ssh client to execute arbitrary code with the privileges of the client user.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 8053 | | Last Modified: | Mar 8 04:51:05 2002 |
| MD5 Checksum: | 746cb37b1db4bf4ece58a21c0fb90970 |
|
| /// File Name: |
FreeBSD-SA-02:14.pam-pgsql |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:14.pam-pgsql - The pam-pgsql port prior to v0.5.2 contains a vulnerability which allows remote users to cause arbitrary SQL code to be executed because the username and password given are inserted into a SQL statement with no safety checks.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4187 | | Last Modified: | Mar 13 05:51:27 2002 |
| MD5 Checksum: | d799efbff811756eaeb6c76595102e41 |
|
| /// File Name: |
FreeBSD-SA-02:15.cyrus-sasl |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-02:15 - The port of the cyrus-sasl library prior to v1.5.24_8 contains a format string overflow in the syslog() call. Applications linked to that library could be affected.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4205 | | Last Modified: | Mar 13 05:56:18 2002 |
| MD5 Checksum: | 470549b2b966b41f4e916916e7b2e42b |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
