Section: .. / advisories / freebsd /
| /// File Name: |
FreeBSD-SA-00:08.lynx |
Description:
|
FreeBSD Security Advisory SA-00:08 - lynx revised. Versions of the lynx software prior to version 2.8.3pre.5 were written in a very insecure style and contain numerous potential and several proven security vulnerabilities. A malicious server which is visited by a user with the lynx browser can exploit the browser security holes in order to execute arbitrary code as the local user. The Lynx development team conducted an audit of the source code, and have corrected the known vulnerabilities in lynx. As of lynx-2.8.3pre.5, we consider it safe enough to use again.
| | Homepage: | http://www.freebsd.org | | File Size: | 4150 | | Last Modified: | May 18 11:51:05 2000 |
| MD5 Checksum: | 9218016018e4595c71dab132a499dcf2 |
|
| /// File Name: |
FreeBSD-SA-00:11.ircii |
Description:
|
FreeBSD Security Advisory - ircII port contains a remote overflow. ircII version 4.4 distributed with freebsd contained a remotely-exploitable buffer overflow in the /DCC CHAT command which allows remote users to execute arbitrary code as the client user.
| | Homepage: | http://www.freebsd.org | | File Size: | 3653 | | Last Modified: | Apr 12 01:29:55 2000 |
| MD5 Checksum: | 4a910a22b02cf1eda7375d8b9143969b |
|
| /// File Name: |
FreeBSD-SA-00:12.healthd |
Description:
|
FreeBSD Security Advisory - healthd allows a local root compromise. healthd v0.3 installs a utility which is setuid root in order to monitor the system status. This utility contains a trivial buffer overflow which allows an unprivileged local user to obtain root privileges on the system. healthd is part of the freebsd ports collection.
| | Homepage: | http://www.freebsd.org | | File Size: | 3147 | | Last Modified: | Apr 12 01:31:33 2000 |
| MD5 Checksum: | 4dbe1b0f094e95a89ef2c570d54c73bc |
|
| /// File Name: |
FreeBSD-SA-00:13.generic-nqs |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:13 - generic-nqs v3.50.7 and earlier from the ports connection contains a local root compromise.
| | Homepage: | http://www.freebsd.org | | File Size: | 3352 | | Last Modified: | Apr 20 00:34:44 2000 |
| MD5 Checksum: | fed344ca687999e3687be67c0f61f78c |
|
| /// File Name: |
FreeBSD-SA-00:14.imap-uw |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:14 - imap-uw contains security vulnerabilities for "closed" mail servers. There are numerous buffer overflows available to an imap user after they have successfully logged into their mail account. Thus, the vulnerability is only relevant on a "closed" mail server, i.e. one which does not normally allow interactive logins by mail users.
| | Homepage: | http://www.freebsd.org | | File Size: | 4242 | | Last Modified: | Apr 25 19:30:15 2000 |
| MD5 Checksum: | a4690203293f3e292bf0241444c792e8 |
|
| /// File Name: |
FreeBSD-SA-00:15.imap-uw |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:15 - The imap-uw port supplies a "libc-client" library which provides various functionality common to mail servers. The algorithm used for locking of mailbox files contains a weakness which allows an unprivileged local user to lock an arbitrary local mailbox.
| | Homepage: | http://www.freebsd.org | | File Size: | 3373 | | Last Modified: | Apr 25 19:33:17 2000 |
| MD5 Checksum: | b16f4783d7a4c96ca780a1e05bd8f879 |
|
| /// File Name: |
FreeBSD-SA-00:18.gnapster |
Description:
|
FreeBSD Security Advisory SA-00:18 - The gnapster port (version 1.3.8 and earlier), and the knapster port (version 0.9 and earlier) contain a vulnerability which allows remote napster users to view any file on the local system which is accessible to the user running gnapster/knapster.
| | Homepage: | http://www.freebsd.org | | File Size: | 4375 | | Last Modified: | May 18 11:53:32 2000 |
| MD5 Checksum: | cad7637000608b796d833b69beb65902 |
|
| /// File Name: |
FreeBSD-SA-00:19.semconfig |
Description:
|
FreeBSD-SA-00:19 - A bug in the BSD kernel allows local users to cause every process on the system to hang during exiting. An undocumented system call is incorrectly exported from the kernel without access-control checks, allowing for a denial of service attack. Kernel patch included for FreeBSD.
| | Homepage: | http://www.freebsd.org | | File Size: | 12277 | | Last Modified: | May 26 22:52:16 2000 |
| MD5 Checksum: | d9f5e31eea5a0101d0a59f17b2845923 |
|
| /// File Name: |
FreeBSD-SA-00:20.krb5 |
Description:
|
FreeBSD-SA-00:20 - The MIT Kerberos 5 port version 1.1.1 and earlier contains remote and local root vulnerabilities. Note that the implementations of Kerberos shipped in the FreeBSD base system is not the MIT version and not vulnerable to these problems. However, a very old release of FreeBSD dating from 1997 (FreeBSD 2.2.5) did ship with a closely MIT-derived Kerberos implementation ("eBones") and may be vulnerable to attacks of the kind described here.
| | Homepage: | http://www.freebsd.org | | File Size: | 3827 | | Last Modified: | May 26 22:59:12 2000 |
| MD5 Checksum: | 8bb5db5d646af71dc8e63b725797f28e |
|
| /// File Name: |
FreeBSD-SA-00:21.apsfilter |
Description:
|
FreeBSD-SA-00:22 - The apsfilter port, versions 5.4.1 and below, contain a vulnerability which allow local users to execute arbitrary commands as the user running lpd, user root in a default FreeBSD installation.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3230 | | Last Modified: | Jun 9 02:32:50 2000 |
| MD5 Checksum: | e004aaee1d3d95176d6686aad8ce410c |
|
| /// File Name: |
FreeBSD-SA-00:22.ssh |
Description:
|
FreeBSD-SA-00:22 - A patch added to the FreeBSD SSH port on 2000-01-14 incorrectly configured the SSH daemon to listen on an additional network port, 722, in addition to the usual port 22. This may cause a violation of security policy if the additional port is not subjected to the same access-controls (e.g. firewallling) as the standard SSH port.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3822 | | Last Modified: | Jun 9 02:35:20 2000 |
| MD5 Checksum: | ffa7946618207a5a3f5c3655832577a1 |
|
| /// File Name: |
FreeBSD-SA-00:23.ip-options |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:23 - There are several bugs in the processing of IP options in the FreeBSD IP stack, which fail to correctly bounds-check arguments and contain other coding errors leading to the possibility of data corruption and a kernel panic upon reception of certain invalid IP packets. Patch included.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 5776 | | Last Modified: | Jul 15 23:05:02 2000 |
| MD5 Checksum: | 8ba6728a06798f7c786281201403b8b0 |
|
| /// File Name: |
FreeBSD-SA-00:24.libedit |
Description:
|
FreeBSD-SA-00:24 - libedit incorrectly reads an ".editrc" file in the current directory if it exists, in order to specify configurable program behaviour. However it does not check for ownership of the file, so an attacker can cause a libedit application to execute arbitrary key rebindings and exercise terminal capabilities by creating an .editrc file in a directory from which another user executes a libedit binary (e.g. root running ftp(1) from /tmp). This can be used to fool the user into unknowingly executing program commands which may compromise system security. For example, ftp(1) includes the ability to escape to a shell and execute a command, which can be done under libedit control.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4841 | | Last Modified: | Jul 6 03:19:22 2000 |
| MD5 Checksum: | 304ce070eaf70205537d8549c27ca3da |
|
| /// File Name: |
FreeBSD-SA-00:25.random |
Description:
|
FreeBSD-SA-00:25 - The FreeBSD port to the Alpha platform did not provide the /dev/random or /dev/urandom devices. Some applications fail to correctly check for a working /dev/random and do not exit with an error if it is not available, so this weakness goes undetected. OpenSSL 0.9.4, and utilities based on it, including OpenSSH (both of which are included in the base FreeBSD 4.0 system) are affected in this manner.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4786 | | Last Modified: | Jun 13 23:08:33 2000 |
| MD5 Checksum: | d1e54684337b5c06aa9f9f7b7f2d8322 |
|
| /// File Name: |
FreeBSD-SA-00:26.popper |
Description:
|
FreeBSD-SA-00:26 - The popper port, version 2.53 and earlier, incorrectly parses string formatting operators included in part of the email message header. A remote attacker can send a malicious email message to a local user which can cause arbitrary code to be executed on the server when a POP client retrieves the message using the UIDL command. The code is executed as the user who is retrieving mail: thus if root reads email via POP3 this can lead to a root compromise.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4202 | | Last Modified: | Jul 13 00:51:47 2000 |
| MD5 Checksum: | b0261aeb3ace81e12dcc09fd5286ec18 |
|
| /// File Name: |
FreeBSD-SA-00:27.XFree86-4 |
Description:
|
FreeBSD-SA-00:27 - XFree86 4.0 contains a local root vulnerability in the XFree86 server binary, due to incorrect bounds checking of command-line arguments. The server binary is setuid root, in contrast to previous versions which had a small setuid wrapper which performed (among other things) argument sanitizing.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4405 | | Last Modified: | Jul 6 03:21:40 2000 |
| MD5 Checksum: | 5150a2fda32981c2badd01d1938b9a78 |
|
| /// File Name: |
FreeBSD-SA-00:29.wu-ftpd |
Description:
|
FreeBSD-SA-00:29 - The wu-ftpd port, versions 2.6.0 and below, contains a vulnerability which allows remote anonymous FTP users to execute arbitrary code as root on the local machine, by inserting string-formatting operators into command input, which are incorrectly parsed by the FTP server.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3659 | | Last Modified: | Jul 13 00:50:28 2000 |
| MD5 Checksum: | 6ae2d585b83ab90f805bebe5987ce7ff |
|
| /// File Name: |
FreeBSD-SA-00:30.openssh |
Description:
|
FreeBSD-SA-00:30 - OpenSSH UseLogin directive permits remote root access. OpenSSH has a configuration option, not enabled by default ("UseLogin") which fails to drop privileges when it executes commands, meaning that remote users without root access can execute commands on the local system as root.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 5015 | | Last Modified: | Jul 6 04:11:39 2000 |
| MD5 Checksum: | 8452c197ec9c671281eb81e67c1992e7 |
|
| /// File Name: |
FreeBSD-SA-00:31.canna |
Description:
|
FreeBSD-SA-00:31 - The Canna server, which is not installed by default, contains an overflowable buffer which may be exploited by a remote user to execute arbitrary code on the local system as user 'bin'.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4098 | | Last Modified: | Jul 13 00:50:50 2000 |
| MD5 Checksum: | e85cfbd11cbdc2826ee284b437ef426e |
|
| /// File Name: |
FreeBSD-SA-00:32.bitchx |
Description:
|
FreeBSD-SA-00:32 - The bitchx client incorrectly parses string-formatting operators included as part of channel invitation messages sent by remote IRC users. This can cause the local client to crash, and may possibly present the ability to execute arbitrary code as the local user.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 3368 | | Last Modified: | Jul 6 04:13:58 2000 |
| MD5 Checksum: | 3a1d64945114279fc43666e7041765f4 |
|
| /// File Name: |
FreeBSD-SA-00:33.kerberosIV |
Description:
|
FreeBSD-SA-00:33 - Vulnerabilities in the MIT Kerberos 5 port were the subject of an earlier FreeBSD Security Advisory (SA-00:20). At the time it was believed that the implementation of Kerberos distributed with FreeBSD was not vulnerable to these problems, but it was later discovered that FreeBSD 3.x contained an older version of KTH Kerberos 4 which is in fact vulnerable to at least some of these vulnerabilities. FreeBSD 4.0-RELEASE and later are unaffected by this problem, although FreeBSD 3.5-RELEASE is vulnerable.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4943 | | Last Modified: | Jul 13 03:12:13 2000 |
| MD5 Checksum: | 4ceea563c47ac6c7db6f9ac336a8d181 |
|
| /// File Name: |
FreeBSD-SA-00:34.dhclient |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:34 - ISC-DHCP is an implementation of the DHCP protocol containing client and server. FreeBSD 3.2 and above includes the version 2 client by default in the base system, and the version 2 and version 3 clients and servers in the Ports Collection. The dhclient utility (DHCP client), versions 2.0pl2 and before (for the version 2.x series), and versions 3.0b1pl16 and before (for the version 3.x series) does not correctly validate input from the server, allowing a malicious DHCP server to execute arbitrary commands as root on the client. DHCP may be enabled if your system was initially configured from a DHCP server at install-time, or if you have specifically enabled it after installation. FreeBSD 4.1 is not affected by this problem since it contains the 2.0pl3 client.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 5061 | | Last Modified: | Aug 15 05:22:29 2000 |
| MD5 Checksum: | f860bd11876270653acaea47e45d5367 |
|
| /// File Name: |
FreeBSD-SA-00:35.proftpd |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:35 - The proftpd port, versions prior to 1.2.0rc2, contains a vulnerability which allows FTP users, both anonymous FTP users and those with a valid account, to execute arbitrary code as root on the local machine, by inserting string-formatting operators into command input, which are incorrectly parsed by the FTP server.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 4004 | | Last Modified: | Aug 15 05:25:03 2000 |
| MD5 Checksum: | 1fafc695df1bf3446f681406dc90b01d |
|
| /// File Name: |
FreeBSD-SA-00:36.ntop |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-00:36 - The ntop software is written in a very insecure style, with many potentially exploitable buffer overflows (including several demonstrated ones) which could in certain conditions allow the local or remote user to execute arbitrary code on the local system with increased privileges.
| | Homepage: | http://www.freebsd.org/security | | File Size: | 6624 | | Last Modified: | Aug 15 05:26:42 2000 |
| MD5 Checksum: | 48d403c9f5188212026ee6f08d289224 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
