Section: .. / advisories / freebsd /
| /// File Name: |
FreeBSD-SA-00:37.cvsweb |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:37 - The cvsweb port, versions prior to 1.86, contains a vulnerability which allows users with commit access to a CVS repository monitored by cvsweb to execute arbitrary code as the user running the cvsweb.cgi script, which may be located on another machine where the committer has no direct access.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4534 | | Last Modified: | Aug 15 05:27:58 2000 |
| MD5 Checksum: | 369c22ebc44262a4748f2deccfdcc767 |
|
| /// File Name: |
FreeBSD-SA-00:38.zope |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:38 - The issue involves an inadequately protected method in one of the base classes in the DocumentTemplate package that could allow the contents of DTMLDocuments or DTMLMethods to be changed remotely or through DTML code without forcing proper user authorization.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3731 | | Last Modified: | Aug 15 05:29:19 2000 |
| MD5 Checksum: | 632b3e9319db03059f8ddd19d0a5711b |
|
| /// File Name: |
FreeBSD-SA-00:39 |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:39 - the issue involve two security problems involving netscape. A client-side exploit may be possible through a buffer overflow in JPEG-handling code and The Java Virtual Machine implementation has security vulnerabilities allowing a remote user to read the contents of local files accessible to the user running netscape, and to allow these files to be transmitted to any user on the internet.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4556 | | Last Modified: | Aug 28 23:21:34 2000 |
| MD5 Checksum: | 9a6fd817154d3a71cd447c72c0f2f85f |
|
| /// File Name: |
FreeBSD-SA-00:40 |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:40 - The mopd port contains several remotely exploitable vulnerabilities. An attacker exploiting these can execute arbitrary code on the local machine as root.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3741 | | Last Modified: | Aug 28 23:25:56 2000 |
| MD5 Checksum: | a597170531b61bc224267a66ee679ba6 |
|
| /// File Name: |
FreeBSD-SA-00:41 |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:41 - The ELF image activator did not perform sufficient sanity checks on the ELF image header, and when confronted with an invalid or truncated header it suffered a sign overflow bug which caused the CPU to enter into a very long loop in the kernel. The system will appear to lock up for an extended period of time before control returns. This bug is exploitable by unprivileged local users
| | Homepage: | http://www.freebsd.org/security | | File Size: | 5175 | | Last Modified: | Aug 28 23:30:09 2000 |
| MD5 Checksum: | 02549a3282dbc5c7bbe1ea2d23ae272f |
|
| /// File Name: |
FreeBSD-SA-00:42 |
Description:
|
FreebSD Security Advisory FreeBSD-SA-00:42 - The linux binary-compatability module implements a "shadow" filesystem hierarchy rooted in /compat/linux, which is overlayed against the regular filesystem hierarchy so that Linux binaries "see" files in the shadow hierarchy which can mask the native files. Filenames in this shadow hierarchy are treated incorrectly by the linux kernel module under certain circumstances, and a kernel stack overflow leading to a system compromise by an unprivileged user may be possible when very long filenames are used. ~
| | Homepage: | http://www.freebsd.org/security | | File Size: | 6470 | | Last Modified: | Aug 28 23:53:40 2000 |
| MD5 Checksum: | 95bd1c70fc53119659146bf82588b081 |
|
| /// File Name: |
FreeBSD-SA-00:43 |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:43 - The brouted port is incorrectly installed setgid kmem, and contains several exploitable buffer overflows in command-line arguments. An attacker exploiting these to gain kmem privilege can easily upgrade to full root access by manipulating kernel memory
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3806 | | Last Modified: | Aug 28 23:58:47 2000 |
| MD5 Checksum: | a3411e0d9a13f39f570aa9b03f3f8921 |
|
| /// File Name: |
FreeBSD-SA-00:44.xlockmore |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:44 - The xlockmore port, versions 4.17 and below, installs the setuid root binary xlock, which contains a vulnerability due to incorrect use of the syslog() function. The xlock program correctly drops root privileges prior to the point of vulnerability, however it may retain in memory part of the hashed password database for the user accounts on the system. Attackers who can retrieve hashed password information from the memory space of the process can mount attacks against the user account passwords and possibly gain access to accounts on the system if successful.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3969 | | Last Modified: | Sep 15 03:16:12 2000 |
| MD5 Checksum: | 3686546aaf47ba4acc5953a980da41ab |
|
| /// File Name: |
FreeBSD-SA-00:45 |
Description:
|
FreeBSD Security Advisory SA-00:45 - esound port allows file permissions to be modified. EsounD is a component of the GNOME desktop environment which is responsible for multiplexing access to audio devices. The esound port, versions 0.2.19 and earlier, creates a world-writable directory in /tmp owned by the user running the EsounD session, which is used for the storage of a unix domain socket. A race condition exists in the creation of this socket which allows a local attacker to cause an arbitrary file or directory owned by the user running esound to become world-writable. This can give the attacker access to the victim's account, or lead to a system compromise if esound is run by root.
| | Homepage: | http://www.freebsd.org | | File Size: | 4124 | | Last Modified: | Sep 1 03:29:54 2000 |
| MD5 Checksum: | 8d7fca84918b728d0f1974a5b01cf1f6 |
|
| /// File Name: |
FreeBSD-SA-00:46.screen |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:46 - The screen port, versions 3.9.5 and before, contains a vulnerability which allows local users to gain root privileges. This is accomplished by inserting string-formatting operators into configuration parameters, which may allow arbitrary code to be executed.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4537 | | Last Modified: | Sep 21 00:36:06 2000 |
| MD5 Checksum: | 3e6fb0fa74230e1a9e0f9a91ed381752 |
|
| /// File Name: |
FreeBSD-SA-00:47.pine |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:47 - The pine4 port, versions 4.21 and before, contained a bug which would cause the program to crash when processing a folder which contains an email message with a malformed X-Keywords header. The message itself could be deleted within pine if identified, but other operations such as closing the folder with the message still present would cause the program to crash with no apparent cause.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4326 | | Last Modified: | Sep 14 00:48:33 2000 |
| MD5 Checksum: | 7f1152a7dca9e542570ffdc0b188d1cf |
|
| /// File Name: |
FreeBSD-SA-00:48.xchat |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:48 - The xchat IRC client provides the ability to launch URLs displayed in an IRC window in a web browser by right clicking on the URL. However this was handled incorrectly in versions prior to 1.4.3, and prior to 1.5.7 in the 1.5 development series, and allowed a malicious IRC user to embed command strings in a URL which could cause an arbitrary command to be executed as the local user if the URL were to be "launched" in a browser as described above.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3761 | | Last Modified: | Sep 14 00:50:09 2000 |
| MD5 Checksum: | 3ad77f884b1369f7b70ef91411225a9b |
|
| /// File Name: |
FreeBSD-SA-00:49.eject |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:49 - The eject port is installed setuid root, and contains several exploitable buffers which can be overflowed by local users, yielding root privileges.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3650 | | Last Modified: | Sep 14 00:51:50 2000 |
| MD5 Checksum: | 96b6dae72ab2fe3a285d136a511a5265 |
|
| /// File Name: |
FreeBSD-SA-00:50.listmanager |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:50 - The listmanager port, versions prior to 2.105.1, contained several locally exploitable buffer overflow vulnerabilities which could be used to gain root privileges.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3828 | | Last Modified: | Sep 14 00:53:01 2000 |
| MD5 Checksum: | 8baa672b22f359e3f99b54e1734a2a27 |
|
| /// File Name: |
FreeBSD-SA-00:51.mailman |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:51 - The mailman port, versions prior to 2.0b5, contained several locally exploitable vulnerabilities which could be used to gain root privileges.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3421 | | Last Modified: | Sep 14 00:54:00 2000 |
| MD5 Checksum: | 10c180bc0db33c1a2f9f402a313f456f |
|
| /// File Name: |
FreeBSD-SA-00:52.tcp |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:52 - FreeBSD has a predictable initial sequence number and is vulnerable to a TCP sequence number prediction attack. Programs which rely solely on IP address authentication such as rsh/rlogin and lpr are potentially exploitable.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 11033 | | Last Modified: | Oct 7 05:41:08 2000 |
| MD5 Checksum: | b0dd561c02346f67c258b4c16394a0bb |
|
| /// File Name: |
FreeBSD-SA-00:53.catopen |
Description:
|
FreeBSD Security Advisory - catopen() may pose security risk for third party code. The catopen() function did not correctly bounds-check an internal buffer which could be indirectly overflowed by the setting of an environment variable. A privileged application which uses catopen() could be made to execute arbitrary code by an unprivileged local user. The catopen() and setlocale() functions could be made to use an arbitrary file as the source for localized data and message catalogs, instead of one of the system files. An attacker could create a file which is a valid locale file or message catalog but which contains special formatting characters which may allow certain badly written privileged applications to be exploited and execute arbitrary code as the privileged user. Patches are available.
| | Homepage: | http://www.freebsd.org | | File Size: | 11469 | | Last Modified: | Sep 28 22:33:50 2000 |
| MD5 Checksum: | a4f4123f6bfe2f751878485999f13024 |
|
| /// File Name: |
FreeBSD-SA-00:54.fingerd |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:54 - Shortly before the release of FreeBSD 4.1.1, code was added to finger(1) intended to allow the utility to send the contents of administrator-specified files in response to a finger request. However the code incorrectly allowed users to specify a filename directly, the contents of which would be returned to the user.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 5240 | | Last Modified: | Oct 15 20:31:43 2000 |
| MD5 Checksum: | 7431849a15ead61f2f7214d61d6f9e97 |
|
| /// File Name: |
FreeBSD-SA-00:55.xpdf |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:55 - The xpdf port, a PDF viewer for X, contains a race condition which allows local users to overwrite arbitrary files as the user running xpdf. Additionally no shell metacharacter checking is done when visiting URLs.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4057 | | Last Modified: | Oct 15 20:34:38 2000 |
| MD5 Checksum: | 91850965055515bbc3ea2fbc11dc172f |
|
| /// File Name: |
FreeBSD-SA-00:56.lprng |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:56 - The LPRng port, versions prior to 3.6.24, contains a vulnerability in syslog() which allows remote and local root compromise.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3745 | | Last Modified: | Oct 15 20:43:54 2000 |
| MD5 Checksum: | c387831aa8d27504228aab3db76546a5 |
|
| /// File Name: |
FreeBSD-SA-00:57.muh |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:57 - The muh port, an IRC bouncer, versions 2.05c and below contains a vulnerability which allows remote users to gain the privileges of the user running muh. This is accomplished by sending a carefully crafted exploit string containing string format operators to a user using muh but who is not connected. When the user reconnects and executes '/muh read', muh will allow the remote attacker to execute arbitrary code as the local user.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3909 | | Last Modified: | Oct 15 21:05:06 2000 |
| MD5 Checksum: | 710c922d3f65b56d4e94495eab24f2ed |
|
| /// File Name: |
FreeBSD-SA-00:58.passwd |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:58 - Passwd, chfn, chpass, chsh, ypchfn, ypchpass, and ypchsh are suid root utilities for changing account information. Format string buffer overflow vulnerabilities have been found in code shared by these commands which allows local users to obtain root access.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4004 | | Last Modified: | Oct 31 08:33:33 2000 |
| MD5 Checksum: | f205d022301f149cd7610ec955fdc991 |
|
| /// File Name: |
FreeBSD-SA-00:59.pine |
Description:
|
FreeBSD Security Advisory - The pine4 port, versions 4.21 and before, contains a buffer overflow vulnerability which allows a remote user to execute arbitrary code on the local client by the sending of a special-crafted email message. The overflow occurs during the periodic "new mail" checking of an open folder.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4266 | | Last Modified: | Oct 31 08:41:35 2000 |
| MD5 Checksum: | 5863963316b7c02276c9cae2c0ee630b |
|
| /// File Name: |
FreeBSD-SA-00:60.boa |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:60 - The boa port, versions after 0.92 but prior to 0.94.8.3, contains a vulnerability which allows remote users to view arbitrary files outside the document root, because it did not correctly restrict URL-encoded requests containing ".." in the path. In addition, if CGI support is enabled, a request for any file ending in .cgi will result in the file being executed with the privileges of the user id running the web server, allowing untrusted binary execution.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4213 | | Last Modified: | Oct 31 08:53:20 2000 |
| MD5 Checksum: | 00ea3bdd3b34ba4f6137a3d8831839bc |
|
| /// File Name: |
FreeBSD-SA-00:61.tcpdump |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:61 - Several overflowable buffers were discovered in the version of tcpdump included in FreeBSD, including one in the decoding of AFS ACL packets in the more recent version of tcpdump (v 3.5) which allows a a remote attacker to execute arbitrary code on the local system as root.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4353 | | Last Modified: | Nov 7 06:26:56 2000 |
| MD5 Checksum: | 52932ef1727c595062d61e641ebe30bc |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
