FreeBSD Security Advisory: Multiple problems in crypto(3) [revised]
cf24f2e129bca457df67226f2da481a6cd4cd412bc1dd50076f6b090a5725090
FreeBSD Security Advisory: Multiple problems in crypto(3)
0187927fa4f8bfa1d2e8ed32a2b55c51090ed0b77f08caa6a6f2abc617a0afaf
FreeBSD Security Advisory - BIND 9 suffers from multiple denial of service vulnerabilities.
d4a8c901fd917c2e9269ec036040d861d50d033a2fcb23dda2d2938f8e43b448
FreeBSD Security Advisory - When verifying a PKCS#1 version 1.5 signature, OpenSSL ignores any bytes which follow the cryptographic hash being signed. In a valid signature there will be no such bytes.
b12a2d894db6fb7f3b6c529ad1fe3cac50460ba14815fe9a015f3369107f278f
FreeBSD Security Advisory - While processing Link Control Protocol (LCP) configuration options received from the remote host, ppp fails to correctly validate option lengths. This may result in data being read or written beyond the allocated kernel memory buffer.
1a505aa71e5062892602bad3342291e7924f5588a8db8ea6bfbcdaa4e12a0f6d
FreeBSD Security Advisory FreeBSD-SA-06:16.smbfs: smbfs does not properly sanitize paths containing a backslash character; in particular the directory name '..\' is interpreted as the parent directory by the SMB/CIFS server, but smbfs handles it in the same manner as any other directory.
06d243f685293bae40f0260e0f5a4d6049010f7d1de0bccef6ae22041257bd2f
FreeBSD Security Advisory FreeBSD-SA-06:15.ypserv: There are two documented methods of restricting access to NIS maps through ypserv(8): through the use of the /var/yp/securenets file, and through the /etc/hosts.allow file. While both mechanisms are implemented in the server, a change in the build process caused the "securenets" access restrictions to be inadvertently disabled.
b939e4d3fddcf9d8f92200b7d05ca27d0a18ae5290b3350ca3d19fac28829a29
FreeBSD Security Advisory FreeBSD-SA-06:14.fpu - FPU information disclosure: On affected processors, a local attacker can monitor the execution path of a process which uses floating-point operations. This may allow an attacker to steal cryptographic keys or other sensitive information.
7a90ad481bb181822f4882bcd4d2e967f8919ef69c8cce7ee8b546a06c7dd4b9
FreeBSD-SA-06:13.sendmail - A remote attacker may be able to execute arbitrary code with the privileges of the user running sendmail, typically root.
a91ef9dc623f5dd7661ec2d7d573f0c4dd33cb89772efd81f6e9c2126ba5f627
FreeBSD-SA-06:12.opie - The opiepasswd(1) program uses getlogin(2) to identify the user calling opiepasswd(1). In some circumstances getlogin(2) will return "root" even when running as an unprivileged user. This causes opiepasswd(1) to allow an unpriviled user to configure OPIE authentication for the root user.
b8dfcfe244434389f0f712b62834e4493fac0d0f1ef27d66baf50780b738dc15
FreeBSD-SA-06:11.ipsec - An attacker able to to intercept IPSec packets can replay them. If higher level protocols which do not provide any protection against packet replays (e.g., UDP) are used, this may have a variety of effects.
cd1b96393a9af7c1a0e233745283261ae1a557fc3a12d765fbfe2e36128ea12b
FreeBSD-SA-06:07.pf - IP fragment handling panic in pf(4)
9cad705f66791abb1914cb7c4d59843f645a367a3c38014622cf3fcd703c2065
FreeBSD-SA-06:06.kmem - Local kernel memory disclosure.
fb76aefec08eb82b18ac140a8e8ca53cd6ad94e846b92bcf459f4446fbd59fd9
FreeBSD-SA-06:05.80211 - An integer overflow in the handling of corrupt IEEE 802.11 beacon or probe response frames when scanning for existing wireless networks can result in the frame overflowing a buffer.
c7e92da25652f196a0c236de3b89e2bc5b35fabba4031b08e7c6f82cba7d1af8
FreeBSD Security Advisory FreeBSD-SA-05-20.cvsbug - A temporary file is created, used, deleted, and then re-created with the same name. This creates a window during which an attacker could replace the file with a link to another file.
42359b765b65baccde1ce2c51098dbada23fc98d9631451d3ea628c76795611b
The SIOCGIFCONF ioctl, used to request the kernel to produce a list of interfaces, can be exploited to reveal 12 bytes of memory. It is not at all guaranteed that this memory will contain anything interesting.
046e16080325dae021493dffedc9e3fe620cdd65df9f6250a4fd4ff3ce4aaef7
OpenSSL below v0.9.7c contain remotely exploitable vulnerabilities. More information available here.
ea9866c77f76bacc238efbeb4e59592d6677f7874ecdf583c67cebfceb8fa68c
FreeBSD Security Advisory FreeBSD-SA-03:07 - A second remotely exploitable overflow was found in Sendmail header parsing. Upgrade to 8.12.9 to fix the vulnerability. Patch available here.
2020462d2c424be84d00d47dab2a8fee098fe1f39416fb76eb439652f8902a06
FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail - ISS has identified a buffer overflow that may occur during header parsing in all versions of sendmail after version 5.79 through v8.12.7. Patch available here.
e0d20c1c42885c4e88ae0958325f7a669850164090a536ce78986cb7cdcc4514
FreeBSD Security Advisory FreeBSD-SA-03:02 Version 1.1 - OpenSSL v0.9.6h and below contains a timing-based vulnerability in CBC ciphersuites in SSL and TLS which can recover fixed plaintext blocks, like a password.
7634649866247240fdacffa5096769ff57f23a2bb2ad63558ba33b0f1213c8db
FreeBSD Security Advisory FreeBSD-SA-03:03 - The FreeBSD syncookie implementation uses keys that are only 32 bits in length, allowing remote attackers to recover the ISN, which can be valid for up to four seconds, allowing ACL's to be bypassed and TCP connections forged. syncookies may be disabled using the 'net.inet.tcp.syncookies' sysctl(8) by running the following command as root: "sysctl net.inet.tcp.syncookies=0".
f1a19443f25751c44cb233a1222d580467975bb2b27cfee7560380c7d12c6f71
FreeBSD Security Advisory FreeBSD-SA-03:01 - It has been found that the CVS server can be tricked to free memory more then once, which can be used for remote code execution. Additionally, the CVS server allowed clients with write access to specify arbitrary commands to execute as part of an update (update-prog) or commit (checkin-prog). This behavior has been restricted. This affects all FreeBSD versions prior to 4.6-RELEASE-p7, 4.7-RELEASE-p4 and 5.0-RELEASE-p1.
04676dcda11f1a243bf6290503b701850ff6c455eef9399e03ed4dc95e392be6
FreeBSD Security Advisory FreeBSD-SA-02:44 - FreeBSD 4.3 and later is vulnerable to a local denial service attack due to a bug in the fpathconf system call which crashes the system by repeatedly calling fpathconf on a file descriptor until the reference count wraps to a negative value, then closing the file descriptor. See Pine-cert-20030101.txt for more information.
aacf0c83903b87562681466b20bcaa250cf0fb40cfd75e49cd68e3de7dbd5952
FreeBSD Security Advisory FreeBSD-SA-02:43.bind - BIND 8 has two vulnerabilities. The BIND SIG Cached RR overflow allows a remote attacker to force a server with recursion enabled to execute arbitrary code with the privileges of the name server process. The BIND OPT DoS and BIND SIG Expiry Time DoS may cause a remote name server to crash.
c6ffc36a671f6f5c4df06000d02ae9e77bad3e00ca4d79496cd912a7b2c3ff54
FreeBSD Security Advisory FreeBSD-SA-02:41 - The sendmail Restricted Shell command (smrsh) contains errors in the handling of command arguments with "||" or spaces which allow the execution of commands outside of those in its target directory. Since command arguments may be specified in local users' .forward' files, the smrsh restrictions may be bypassed using such files that are specially crafted.
6f435e71ca899851ba23f0f5dac3c950a42b07a1bbd6700c4fab2e2199250a74