.:[ packet storm ]:.
                             
the one stop shop
the one stop shop

 Section:  .. / advisories / freebsd  /

Page 1 of 11
<< 1 2 3 4 5 6 7 8 9 10 11 >> Files 1 - 25 of 257
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: FreeBSD-SA-00:08.lynx
Description:
 FreeBSD Security Advisory SA-00:08 - lynx revised. Versions of the lynx software prior to version 2.8.3pre.5 were written in a very insecure style and contain numerous potential and several proven security vulnerabilities. A malicious server which is visited by a user with the lynx browser can exploit the browser security holes in order to execute arbitrary code as the local user. The Lynx development team conducted an audit of the source code, and have corrected the known vulnerabilities in lynx. As of lynx-2.8.3pre.5, we consider it safe enough to use again.
Homepage:http://www.freebsd.org
File Size:4150
Last Modified:May 18 11:51:05 2000
MD5 Checksum:9218016018e4595c71dab132a499dcf2

 ///  File Name: FreeBSD-SA-00:11.ircii
Description:
 FreeBSD Security Advisory - ircII port contains a remote overflow. ircII version 4.4 distributed with freebsd contained a remotely-exploitable buffer overflow in the /DCC CHAT command which allows remote users to execute arbitrary code as the client user.
Homepage:http://www.freebsd.org
File Size:3653
Last Modified:Apr 12 01:29:55 2000
MD5 Checksum:4a910a22b02cf1eda7375d8b9143969b

 ///  File Name: FreeBSD-SA-00:12.healthd
Description:
 FreeBSD Security Advisory - healthd allows a local root compromise. healthd v0.3 installs a utility which is setuid root in order to monitor the system status. This utility contains a trivial buffer overflow which allows an unprivileged local user to obtain root privileges on the system. healthd is part of the freebsd ports collection.
Homepage:http://www.freebsd.org
File Size:3147
Last Modified:Apr 12 01:31:33 2000
MD5 Checksum:4dbe1b0f094e95a89ef2c570d54c73bc

 ///  File Name: FreeBSD-SA-00:13.generic-nqs
Description:
 FreeBSD Security Advisory FreeBSD-SA-00:13 - generic-nqs v3.50.7 and earlier from the ports connection contains a local root compromise.
Homepage:http://www.freebsd.org
File Size:3352
Last Modified:Apr 20 00:34:44 2000
MD5 Checksum:fed344ca687999e3687be67c0f61f78c

 ///  File Name: FreeBSD-SA-00:14.imap-uw
Description:
 FreeBSD Security Advisory FreeBSD-SA-00:14 - imap-uw contains security vulnerabilities for "closed" mail servers. There are numerous buffer overflows available to an imap user after they have successfully logged into their mail account. Thus, the vulnerability is only relevant on a "closed" mail server, i.e. one which does not normally allow interactive logins by mail users.
Homepage:http://www.freebsd.org
File Size:4242
Last Modified:Apr 25 19:30:15 2000
MD5 Checksum:a4690203293f3e292bf0241444c792e8

 ///  File Name: FreeBSD-SA-00:15.imap-uw
Description:
 FreeBSD Security Advisory FreeBSD-SA-00:15 - The imap-uw port supplies a "libc-client" library which provides various functionality common to mail servers. The algorithm used for locking of mailbox files contains a weakness which allows an unprivileged local user to lock an arbitrary local mailbox.
Homepage:http://www.freebsd.org
File Size:3373
Last Modified:Apr 25 19:33:17 2000
MD5 Checksum:b16f4783d7a4c96ca780a1e05bd8f879

 ///  File Name: FreeBSD-SA-00:18.gnapster
Description:
 FreeBSD Security Advisory SA-00:18 - The gnapster port (version 1.3.8 and earlier), and the knapster port (version 0.9 and earlier) contain a vulnerability which allows remote napster users to view any file on the local system which is accessible to the user running gnapster/knapster.
Homepage:http://www.freebsd.org
File Size:4375
Last Modified:May 18 11:53:32 2000
MD5 Checksum:cad7637000608b796d833b69beb65902

 ///  File Name: FreeBSD-SA-00:19.semconfig
Description:
 FreeBSD-SA-00:19 - A bug in the BSD kernel allows local users to cause every process on the system to hang during exiting. An undocumented system call is incorrectly exported from the kernel without access-control checks, allowing for a denial of service attack. Kernel patch included for FreeBSD.
Homepage:http://www.freebsd.org
File Size:12277
Last Modified:May 26 22:52:16 2000
MD5 Checksum:d9f5e31eea5a0101d0a59f17b2845923

 ///  File Name: FreeBSD-SA-00:20.krb5
Description:
 FreeBSD-SA-00:20 - The MIT Kerberos 5 port version 1.1.1 and earlier contains remote and local root vulnerabilities. Note that the implementations of Kerberos shipped in the FreeBSD base system is not the MIT version and not vulnerable to these problems. However, a very old release of FreeBSD dating from 1997 (FreeBSD 2.2.5) did ship with a closely MIT-derived Kerberos implementation ("eBones") and may be vulnerable to attacks of the kind described here.
Homepage:http://www.freebsd.org
File Size:3827
Last Modified:May 26 22:59:12 2000
MD5 Checksum:8bb5db5d646af71dc8e63b725797f28e

 ///  File Name: FreeBSD-SA-00:21.apsfilter
Description:
 FreeBSD-SA-00:22 - The apsfilter port, versions 5.4.1 and below, contain a vulnerability which allow local users to execute arbitrary commands as the user running lpd, user root in a default FreeBSD installation.
Homepage:http://www.freebsd.org/security
File Size:3230
Last Modified:Jun 9 02:32:50 2000
MD5 Checksum:e004aaee1d3d95176d6686aad8ce410c

 ///  File Name: FreeBSD-SA-00:22.ssh
Description:
 FreeBSD-SA-00:22 - A patch added to the FreeBSD SSH port on 2000-01-14 incorrectly configured the SSH daemon to listen on an additional network port, 722, in addition to the usual port 22. This may cause a violation of security policy if the additional port is not subjected to the same access-controls (e.g. firewallling) as the standard SSH port.
Homepage:http://www.freebsd.org/security
File Size:3822
Last Modified:Jun 9 02:35:20 2000
MD5 Checksum:ffa7946618207a5a3f5c3655832577a1

 ///  File Name: FreeBSD-SA-00:23.ip-options
Description:
 FreeBSD Security Advisory FreeBSD-SA-00:23 - There are several bugs in the processing of IP options in the FreeBSD IP stack, which fail to correctly bounds-check arguments and contain other coding errors leading to the possibility of data corruption and a kernel panic upon reception of certain invalid IP packets. Patch included.
Homepage:http://www.freebsd.org/security
File Size:5776
Last Modified:Jul 15 23:05:02 2000
MD5 Checksum:8ba6728a06798f7c786281201403b8b0

 ///  File Name: FreeBSD-SA-00:24.libedit
Description:
 FreeBSD-SA-00:24 - libedit incorrectly reads an ".editrc" file in the current directory if it exists, in order to specify configurable program behaviour. However it does not check for ownership of the file, so an attacker can cause a libedit application to execute arbitrary key rebindings and exercise terminal capabilities by creating an .editrc file in a directory from which another user executes a libedit binary (e.g. root running ftp(1) from /tmp). This can be used to fool the user into unknowingly executing program commands which may compromise system security. For example, ftp(1) includes the ability to escape to a shell and execute a command, which can be done under libedit control.
Homepage:http://www.freebsd.org/security
File Size:4841
Last Modified:Jul 6 03:19:22 2000
MD5 Checksum:304ce070eaf70205537d8549c27ca3da

 ///  File Name: FreeBSD-SA-00:25.random
Description:
 FreeBSD-SA-00:25 - The FreeBSD port to the Alpha platform did not provide the /dev/random or /dev/urandom devices. Some applications fail to correctly check for a working /dev/random and do not exit with an error if it is not available, so this weakness goes undetected. OpenSSL 0.9.4, and utilities based on it, including OpenSSH (both of which are included in the base FreeBSD 4.0 system) are affected in this manner.
Homepage:http://www.freebsd.org/security
File Size:4786
Last Modified:Jun 13 23:08:33 2000
MD5 Checksum:d1e54684337b5c06aa9f9f7b7f2d8322

 ///  File Name: FreeBSD-SA-00:26.popper
Description:
 FreeBSD-SA-00:26 - The popper port, version 2.53 and earlier, incorrectly parses string formatting operators included in part of the email message header. A remote attacker can send a malicious email message to a local user which can cause arbitrary code to be executed on the server when a POP client retrieves the message using the UIDL command. The code is executed as the user who is retrieving mail: thus if root reads email via POP3 this can lead to a root compromise.
Homepage:http://www.freebsd.org/security
File Size:4202
Last Modified:Jul 13 00:51:47 2000
MD5 Checksum:b0261aeb3ace81e12dcc09fd5286ec18

 ///  File Name: FreeBSD-SA-00:27.XFree86-4
Description:
 FreeBSD-SA-00:27 - XFree86 4.0 contains a local root vulnerability in the XFree86 server binary, due to incorrect bounds checking of command-line arguments. The server binary is setuid root, in contrast to previous versions which had a small setuid wrapper which performed (among other things) argument sanitizing.
Homepage:http://www.freebsd.org/security
File Size:4405
Last Modified:Jul 6 03:21:40 2000
MD5 Checksum:5150a2fda32981c2badd01d1938b9a78

 ///  File Name: FreeBSD-SA-00:28.majordomo
Description:
 FreeBSD-SA-00:28 - Majordomo is not safe to run on multi-user machines.
Homepage:http://www.freebsd.org/security
File Size:2846
Last Modified:Jul 6 04:05:18 2000
MD5 Checksum:e075f027e9794621e1493468252ebcd4

 ///  File Name: FreeBSD-SA-00:29.wu-ftpd
Description:
 FreeBSD-SA-00:29 - The wu-ftpd port, versions 2.6.0 and below, contains a vulnerability which allows remote anonymous FTP users to execute arbitrary code as root on the local machine, by inserting string-formatting operators into command input, which are incorrectly parsed by the FTP server.
Homepage:http://www.freebsd.org/security
File Size:3659
Last Modified:Jul 13 00:50:28 2000
MD5 Checksum:6ae2d585b83ab90f805bebe5987ce7ff

 ///  File Name: FreeBSD-SA-00:30.openssh
Description:
 FreeBSD-SA-00:30 - OpenSSH UseLogin directive permits remote root access. OpenSSH has a configuration option, not enabled by default ("UseLogin") which fails to drop privileges when it executes commands, meaning that remote users without root access can execute commands on the local system as root.
Homepage:http://www.freebsd.org/security
File Size:5015
Last Modified:Jul 6 04:11:39 2000
MD5 Checksum:8452c197ec9c671281eb81e67c1992e7

 ///  File Name: FreeBSD-SA-00:31.canna
Description:
 FreeBSD-SA-00:31 - The Canna server, which is not installed by default, contains an overflowable buffer which may be exploited by a remote user to execute arbitrary code on the local system as user 'bin'.
Homepage:http://www.freebsd.org/security
File Size:4098
Last Modified:Jul 13 00:50:50 2000
MD5 Checksum:e85cfbd11cbdc2826ee284b437ef426e

 ///  File Name: FreeBSD-SA-00:32.bitchx
Description:
 FreeBSD-SA-00:32 - The bitchx client incorrectly parses string-formatting operators included as part of channel invitation messages sent by remote IRC users. This can cause the local client to crash, and may possibly present the ability to execute arbitrary code as the local user.
Homepage:http://www.freebsd.org/security
File Size:3368
Last Modified:Jul 6 04:13:58 2000
MD5 Checksum:3a1d64945114279fc43666e7041765f4

 ///  File Name: FreeBSD-SA-00:33.kerberosIV
Description:
 FreeBSD-SA-00:33 - Vulnerabilities in the MIT Kerberos 5 port were the subject of an earlier FreeBSD Security Advisory (SA-00:20). At the time it was believed that the implementation of Kerberos distributed with FreeBSD was not vulnerable to these problems, but it was later discovered that FreeBSD 3.x contained an older version of KTH Kerberos 4 which is in fact vulnerable to at least some of these vulnerabilities. FreeBSD 4.0-RELEASE and later are unaffected by this problem, although FreeBSD 3.5-RELEASE is vulnerable.
Homepage:http://www.freebsd.org/security
File Size:4943
Last Modified:Jul 13 03:12:13 2000
MD5 Checksum:4ceea563c47ac6c7db6f9ac336a8d181

 ///  File Name: FreeBSD-SA-00:34.dhclient
Description:
 FreeBSD Security Advisory FreeBSD-SA-00:34 - ISC-DHCP is an implementation of the DHCP protocol containing client and server. FreeBSD 3.2 and above includes the version 2 client by default in the base system, and the version 2 and version 3 clients and servers in the Ports Collection. The dhclient utility (DHCP client), versions 2.0pl2 and before (for the version 2.x series), and versions 3.0b1pl16 and before (for the version 3.x series) does not correctly validate input from the server, allowing a malicious DHCP server to execute arbitrary commands as root on the client. DHCP may be enabled if your system was initially configured from a DHCP server at install-time, or if you have specifically enabled it after installation. FreeBSD 4.1 is not affected by this problem since it contains the 2.0pl3 client.
Homepage:http://www.freebsd.org/security
File Size:5061
Last Modified:Aug 15 05:22:29 2000
MD5 Checksum:f860bd11876270653acaea47e45d5367

 ///  File Name: FreeBSD-SA-00:35.proftpd
Description:
 FreeBSD Security Advisory FreeBSD-SA-00:35 - The proftpd port, versions prior to 1.2.0rc2, contains a vulnerability which allows FTP users, both anonymous FTP users and those with a valid account, to execute arbitrary code as root on the local machine, by inserting string-formatting operators into command input, which are incorrectly parsed by the FTP server.
Homepage:http://www.freebsd.org/security
File Size:4004
Last Modified:Aug 15 05:25:03 2000
MD5 Checksum:1fafc695df1bf3446f681406dc90b01d

 ///  File Name: FreeBSD-SA-00:36.ntop
Description:
 FreeBSD Security Advisory FreeBSD-SA-00:36 - The ntop software is written in a very insecure style, with many potentially exploitable buffer overflows (including several demonstrated ones) which could in certain conditions allow the local or remote user to execute arbitrary code on the local system with increased privileges.
Homepage:http://www.freebsd.org/security
File Size:6624
Last Modified:Aug 15 05:26:42 2000
MD5 Checksum:48d403c9f5188212026ee6f08d289224
 

 ///  Last 10 Files
  1. :· pacpoll-disclose.txt
  2. :· USN-682-1.txt
  3. :· USN-681-1.txt
  4. :· BMSA-2008-09.txt
  5. :· webhub-bypass.txt
  6. :· infinite-bypass.txt
  7. :· VA_VD_87_08_XRDP.pdf
  8. :· TKADV2008-013.txt
  9. :· sqlinj-insouts.txt
  10. :· bcoos1013-sql.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Advisories
  1. :· USN-682-1.txt
  2. :· USN-681-1.txt
  3. :· VA_VD_87_08_XRDP.pdf
  4. :· TKADV2008-013.txt
  5. :· dsa-1675-1.txt
  6. :· dsa-1674-1.txt
  7. :· dsa-1673-1.txt
  8. :· dsa-1672-1.txt
  9. :· USN-679-1.txt
  10. :· USN-680-1.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Exploits
  1. :· pacpoll-disclose.txt
  2. :· BMSA-2008-09.txt
  3. :· webhub-bypass.txt
  4. :· infinite-bypass.txt
  5. :· bcoos1013-sql.txt
  6. :· preonline-cmsqlxss.txt
  7. :· preclass-sqlxss.txt
  8. :· aspportal-disclose.txt
  9. :· preshoppingmall-cmsqlxss.txt
  10. :· ezpoll-sql.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Tools
  1. :· vncrush.txt
  2. :· rshatter.txt
  3. :· Exomind-v0.2.tar.gz
  4. :· clamav-0.94.2.tar.gz
  5. :· cadfile.zip
  6. :· anehta-v0.6.0fixed2.zip
  7. :· tagfuzz.txt
  8. :· BrowserRider.20081124.tar.bz2
  9. :· mp3nema-v0_2.tar.gz
  10. :· squid-nufw-helper-1.1.3.tar.gz
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Misc
  1. :· sqlinj-insouts.txt
  2. :· format-string-linux.txt
  3. :· frame-pointer-overwrite-linux.txt
  4. :· iptablesf.txt
  5. :· nufw-2.2.19.tar.gz
  6. :· frhack2009-cfp.txt
  7. :· oracle-forensics-scns.pdf
  8. :· cansecwest-2009.txt
  9. :· A5.1.zip
  10. :· a51-php.txt
[ Last 20 | Last 50 | Last 100 ]


 .:. TopPrivacy Statement | Copyright Notice