Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories » FreeBSD

FreeBSD Security Advisories

Here you'll find the latest security advisories from FreeBSD. Our database currently contains 309 FreeBSD security advisories.
Page: 123456 out of 13

Zlib buffer overflow | SA-05:18.zlib | July 27, 2005
A fixed-size buffer is used in the decompression of data streams. Due to erronous analysis performed when zlib was written, this buffer, which was belived to be sufficiently large to handle any possi

Devfs ruleset bypass | SA-05:17.devfs | July 20, 2005
Due to insufficient parameter checking of the node type during device creation, any user can expose hidden device nodes on devfs mounted file systems within their jail. Device nodes will be created in

Zlib buffer overflow | SA-05:16.zlib | July 06, 2005
By carefully crafting a corrupt compressed data stream, an attacker can overwrite data structures in a zlib-using application. This may cause the application to halt, causing a denial of service; or i

TCP connection stall denial of service | SA-05:15.tcp | June 29, 2005
Two problems have been discovered in the FreeBSD TCP stack. First, when a TCP packets containing a timestamp is received, inadequate checking of sequence numbers is performed, allowing an attacker to

bzip2 denial of service and permission race vulnerabilities | SA-05:14.bzip2 | June 29, 2005
Two problems have been discovered relating to the extraction of bzip2-compressed files. First, a carefully constructed invalid bzip2 archive can cause bzip2 to enter an infinite loop. Second, when

Ipfw packet matching errors with address tables | SA-05:13.ipfw | June 29, 2005
The ipfw tables lookup code caches the result of the last query. The kernel may process multiple packets concurrently, performing several concurrent table lookups. Due to an insufficient locking, a ca

Bind9 DNSSEC remote denial of service | SA-05:12.bind9 | June 09, 2005
On systems with DNSSEC enabled, a remote attacker may be able to inject a specially crafted packet that will cause the internal consistency test to trigger, and named(8) to terminate. As a result, the

Gzip directory traversal and permission race vulnerabilities | SA-05:11.gzip | June 09, 2005
The first problem can allow an attacker to overwrite arbitrary local files when uncompressing a file using the -N command line option. The second problem can allow a local attacker to change the perm

Tcpdump denial of service | SA-05:10.tcpdump | June 09, 2005
An attacker can inject specially crafted packets into the network which, when processed by tcpdump, could lead to a denial-of-service. After the attack, tcpdump would no longer capture traffic, and w

REVISED: Info disclosure when using Hyper Threading | SA-05:09.htt | May 13, 2005
When running on processors supporting Hyper-Threading Technology, it is possible for a malicious thread to monitor the execution of another thread.

Information disclosure when using Hyper-Threading | SA-05:09.htt | May 13, 2005
Information may be disclosed to local users, allowing in many cases for privilege escalation.

Kernel memory disclosure REVISED | SA-05:08.kmem | May 09, 2005
The previous contents of part of the fixed-length buffers will be disclosed to applications. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers.

Incorrect permissions on /dev/iir REVISED | SA-05:06.iir | May 07, 2005
Updated credits to include Andre Guibert de Bruet, who was inadvertantly omitted from the original advisory.

sys kernel memory disclosure | SA-05:08.kmem | May 06, 2005
The previous contents of part of the fixed-length buffers will be disclosed to applications. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers.

sys_i386 kernel memory disclosure | SA-05:07.ldt | May 06, 2005
The i386_get_ldt(2) syscall performs insufficient validation of its input arguments. In particular, negative or very large values may allow inappropriate data to be copied from the kernel.

sys_dev incorrect permissions on /dev/iir | SA-05:06.iir | May 06, 2005
Unprivileged local users can send commands to the hardware supported by the iir driver, allowing destruction of data and possible disclosure of data.

CVS multiple vulnerabilities | SA-05:05.cvs | April 22, 2005
Multiple programming errors were found in CVS. In one case, variable length strings are copied into a fixed length buffer without adequate checks being made; other errors include NULL pointer derefere

Kernel memory disclosure in ifconf() | SA-05:04 | April 15, 2005
In generating the list of network interfaces, the kernel writes into a portion of a buffer without first zeroing it. As a result, the prior contents of the buffer will be disclosed to the calling pr

Unprivileged hardware access on amd64 | SA-05:03 | April 05, 2005
Unprivileged users on amd64 systems can gain direct access to some hardware, allowing for denial of service, disclosure of sensitive information, or possible privilege escalation.

Sendfile kernel memory disclosure | SA-05:02 | April 04, 2005
If the file being transmitted is truncated after the transfer has started but before it completes, sendfile will transfer the contents of more or less random portions of kernel memory in lieu of the

Telnet buffer overflows | SA-05:01.telnet | March 28, 2005
These buffer overflows may be triggered when connecting to a malicious server, or by an active attacker in the network path between the client and server. Specially crafted TELNET command sequences ma

Kernel IPI panic under heavy load on SMP machines | EN-05:03.ipi | January 16, 2005
Under FreeBSD 5.3-RELEASE prior to the correction date, when there are more than two pending IPI vectors per local APIC it is possible to cause deadlocks. The deadlock will then result in a kernel pan

SMP panic under heavy load | EN-05:03.ipi | January 16, 2005
Under FreeBSD 5.3-RELEASE prior to the correction date, when there are more than two pending IPI vectors per local APIC it is possible to cause deadlocks. The deadlock will then result in a kernel pan

Kernel memory disclosure in procfs and linprocfs | SA-04:17.procfs | December 01, 2004
The implementation of the /proc/curproc/cmdline pseudofile in the procfs(5) file system on FreeBSD 4.x and 5.x, and of the /proc/self/cmdline pseudofile in the linprocfs(5) file system on FreeBSD 5.x

Overflow error in fetch | SA-04:16.fetch | November 18, 2004
An integer overflow condition in the processing of HTTP headers can result in a buffer overflow.

Page: 123456 out of 13

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »