Next Page >>
FreeBSD kernel
** FreeBSD local r00t 0day
Discovered & Exploited by Nikolaos Rangos also known as Kingcope.
Nov 2009 "BiG TiME"
"Go fetch your FreeBSD r00tkitz" // http://www.youtube.com/watch?v=dDnhthI27Fg
There is an unbelievable simple local r00t bug in recent FreeBSD versions.
I audited FreeBSD for local r00t bugs a long time *sigh*. Now it pays out.
The bug resides in the Run-Time Link-Editor (rtld).
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-10:01.bind Security Advisory
The FreeBSD Project
Topic: BIND named(8) cache poisoning with DNSSEC validation
Category: contrib
Census ID: census-2010-0001
URL:
http://census-labs.com/news/2010/05/26/freebsd-kernel-nfsclient/
CVE ID: CVE-2010-2020
Affected Products: FreeBSD 8.0-RELEASE, 7.3-RELEASE, 7.2-RELEASE
Class: Improper Input Validation (CWE-20)
Remote: No
Discovered by: Patroklos Argyroudis
We have discovered two improper input validation vulnerabilities in the
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-08:13.protosw Security Advisory
The FreeBSD Project
Topic: netgraph / bluetooth privilege escalation
Category: core
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-08:01.pty Security Advisory
The FreeBSD Project
Topic: pty snooping
Category: core
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-07:01.jail Security Advisory
The FreeBSD Project
Topic: Jail rc.d script privilege escalation
Category: core
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-11:05.unix Security Advisory
The FreeBSD Project
Topic: Buffer overflow in handling of UNIX socket addresses
Category: core
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-10:06.nfsclient Security Advisory
The FreeBSD Project
Topic: Unvalidated input in nfsclient
Category: core
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-09:05.telnetd Security Advisory
The FreeBSD Project
Topic: telnetd code execution vulnerability
Category: core
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-08.11.arc4random Security Advisory
The FreeBSD Project
Topic: arc4random(9) predictable sequence vulnerability
Category: core
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Advisory Name: Coda Filesystem Kernel Memory Disclosure
Release Date: 2010-08-16
Application: Coda kernel module for NetBSD and FreeBSD
Versions: All known versions
Severity: Medium
Author: Dan Rosenberg < drosenberg (at) vsecurity (dot) com >
Vendor Status: Patch Released [2][3]
CVE Candidate: CVE-2010-3014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-09:08.openssl Security Advisory
The FreeBSD Project
Topic: Remotely exploitable crash in OpenSSL
Category: contrib
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-09:17.freebsd-update Security Advisory
The FreeBSD Project
Topic: Inappropriate directory permissions in freebsd-update(8)
Category: core
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-10:10.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-09:10.ipv6 Security Advisory
The FreeBSD Project
Topic: Missing permission check on SIOCSIFINFO_IN6 ioctl
Category: core
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-09:09.pipe Security Advisory
The FreeBSD Project
Topic: Local information disclosure via direct pipe writes
Category: core
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-09:11.ntpd Security Advisory
The FreeBSD Project
Topic: ntpd stack-based buffer-overflow vulnerability
Category: contrib
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-11:08.telnetd Security Advisory
The FreeBSD Project
Topic: telnetd code execution vulnerability
Category: core
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-08:12.ftpd Security Advisory
The FreeBSD Project
Topic: Cross-site request forgery in ftpd(8)
Category: core
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-09:02.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL incorrectly checks for malformed signatures
Category: contrib
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-09:01.lukemftpd Security Advisory
The FreeBSD Project
Topic: Cross-site request forgery in lukemftpd(8)
Category: core
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-11:07.chroot Security Advisory
The FreeBSD Project
Topic: Code execution via chrooted ftpd
Category: core
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-09:16.rtld Security Advisory
The FreeBSD Project
Topic: Improper environment sanitization in rtld(1)
Category: core
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-08:03.sendfile Security Advisory
The FreeBSD Project
Topic: sendfile(2) write-only file permission bypass
Category: core
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-11:06.bind Security Advisory
The FreeBSD Project
Topic: Remote packet Denial of Service against named(8) servers
Category: contrib
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-08:06.bind Security Advisory
The FreeBSD Project
Topic: DNS cache poisoning
Category: contrib
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-09:04.bind Security Advisory
The FreeBSD Project
Topic: BIND DNSSEC incorrect checks for malformed signatures
Category: contrib
# LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD
# bug discovered & exploited by Kingcope
#
# Dec 2010
# Lame Xploit Tested with success on
# FreeBSD 8.0-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enterprise x86
# FreeBSD 6.3-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enterprise x86
# FreeBSD 8.0-RELEASE - LiteSpeed WebServer 4.0.15 Standard x86
# can be used against the admin interface (port 7080), too
# Xploit only works on default lsphp binary not the compiled version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-10:09.pseudofs Security Advisory
The FreeBSD Project
Topic: Spurious mutex unlock
Category: core
and NetBSD.
It seems that OpenBSD does not plan to address the DNS resolver
transaction ID predictability though.
FreeBSD
=======
As expected, FreeBSD 7.0 was announced recently without a fix. This
was communicated beforehand by the FreeBSD team and stated in the
original paper.
Next Page>>
|
