Users login

Create an account »


Users login

Home » Security Advisories » FreeBSD

FreeBSD Security Advisories

Here you'll find the latest security advisories from FreeBSD. Our database currently contains 309 FreeBSD security advisories.
Page: 123456 out of 13

syscons insufficient validation of input arguments | SA-04:15.syscons | October 04, 2004
Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet driver from Roaring Penguin. When the program is running setuid root (which is not the case in a default Debian installation), an

CVS multiple vulnerabilities | SA-04:14.cvs.asc | September 19, 2004
A number of vulnerabilities were discovered in CVS by Stefan Esser, Sebastian Krahmer, and Derek Price. The vulnerabilities are: insufficient input validation, double-free resulting, integer overflow,

Linux binary compatibility mode input validation error | SA-04:13 | June 30, 2004
A programming error in the handling of some Linux system calls may result in memory locations being accessed without proper validation.

Twe driver hangs on heavily loaded systems | EN-04:01 | June 28, 2004
On 6xxx series controllers the driver may try to repeatedly submit the same request if the cmd queue gets full, which may happen under extremely high I/O rates.

Jailed processes can manipulate host routing tables | SA-04:12 | June 07, 2004
The FreeBSD kernel maintains internal routing tables for the purpose of determining which interface should be used to transmit packets. These routing tables can be manipulated by user processes runnin

Msync buffer cache invalidation implementation issues | SA-04:11 | May 26, 2004
Programming errors in the implementation of the msync(2) system call involving the MS_INVALIDATE operation lead to cache consistency problems between the virtual memory system and on-disk contents.

CVS pserver protocol parser errors | SA-04:10 | May 19, 2004
Due to a programming error in code used to parse data received from the client, malformed data can cause a heap buffer to overflow, allowing the client to overwrite arbitrary portions of the server's

heimdal kadmind remote heap buffer overflow | SA-04:09 | May 05, 2004
An input validation error was discovered in the k5admind code that handles the framing of Kerberos 4 compatibility administration requests. The code assumed that the length given in the framing was

heimdal cross-realm trust vulnerability | SA-04:08 | May 05, 2004
Some versions of Heimdal do not perform appropriate checking of the `transited' field.

CVS path validation errors | SA-04:07 | April 15, 2004
Two programming errors were discovered in which path names handled by CVS were not properly validated. In one case, the CVS client accepts absolute path names from the server when determining which fi

setsockopt(2) IPv6 sockets input validation error | SA-04:06 | March 29, 2004
A programming error in the handling of some IPv6 socket options within the setsockopt(2) system call may result in memory locations being accessed without proper validation. While the problem originat

Denial-of-service vulnerability in OpenSSL | SA-04:05 | March 17, 2004
When processing an SSL/TLS ChangeCipherSpec message, OpenSSL may fail to check that a new cipher has been previously negotiated. This may result in a null pointer dereference.

many out-of-sequence TCP packets denial-of-service | SA-04:04 | March 02, 2004
FreeBSD does not limit the number of TCP segments that may be held in a reassembly queue.

Jailed processes can attach to other jails | SA-04:03 | February 25, 2004
A programming error has been found in the jail_attach(2) system call which affects the way that system call verifies the privilege level of the calling process. Instead of failing immediately if the

shmat reference counting bug | SA-04:02 | February 05, 2004
A programming error in the shmat(2) system call can result in a shared memory segment's reference count being erroneously incremented.

mksnap_ffs clears file system options | SA-04:01 | January 30, 2004
The kernel interface for creating a snapshot of a filesystem is the same as that for changing the flags on that filesystem. Due to an oversight, the mksnap_ffs(8) command called that interface with o

bind8 negative cache poison attack | SA-03:19 | November 28, 2003
A programming error in BIND 8 named can result in a DNS message being incorrectly cached as a negative response.

OpenSSL vulnerabilities in ASN.1 parsing | SA-03:15 | October 03, 2003
Several vulnerabilities have been found in the OpenSSH PAM challenge/authentication. It is possible that an attacker may succeed in executing arbitrary code.

kernel memory disclosure via procfs | SA-03:17 | October 03, 2003
The procfs and linprocfs implementations use uiomove(9) and the related `struct uio' in order to fulfill read and write requests. Several cases were identified where members of `struct uio' were not

OpenSSH PAM challenge/authentication error | SA-03:15 | October 03, 2003
Several vulnerabilities have been found in the OpenSSH PAM challenge/authentication. It is possible that an attacker may succeed in executing arbitrary code.

file descriptor leak in readv | SA-03:16 | October 03, 2003
A programming error in the readv system call can result in the given file descriptor's reference count being erroneously incremented.

denial of service due to ARP resource starvation | SA-03:14 | September 25, 2003
Under certain circumstances, it is possible for an attacker to flood a FreeBSD system with spoofed ARP requests, causing resource starvation which eventually results in a system panic.

sendmail header parsing buffer overflow | SA-03:13 | September 17, 2003
A buffer overflow that may occur during header parsing was identified.

OpenSSH buffer management error | SA-03:12 | September 16, 2003
Several operations within OpenSSH require dynamic memory allocation or reallocation. Many of these operations can fail either due to `out of memory' or due to explicit checks for ridiculously sized re

sendmail DNS map problem | SA-03:11 | August 26, 2003
Some versions of sendmail (8.12.0 through 8.12.8) contain a programming error in the code that implements DNS maps. A malformed DNS reply packet may cause sendmail to call `free()' on an uninitialize

Page: 123456 out of 13

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »