All Hot News World. Public world blog, journal online reviewed.

BSD Operating System, PacketStorm Security

RSS feed: BSD Operating System, PacketStorm Security
Wed, 22 May 2019 00:51:22 GMT
Operating System: BSD ≈ Packet Storm
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers [ + ]
Wed, 15 May 2019 15:47:43 GMT
FreeBSD rtld execl() Privilege Escalation
This Metasploit module exploits a vulnerability in the FreeBSD run-time link-editor (rtld). The rtld unsetenv() function fails to remove LD_* environment variables if __findenv() fails. This can be abused to load arbitrary shared objects using LD_PRELOAD, resulting in privileged code execution. [ + ]
Wed, 15 May 2019 15:30:08 GMT
FreeBSD Security Advisory - FreeBSD-SA-19:07.mds
FreeBSD Security Advisory - On some Intel processors utilizing speculative execution a local process may be able to infer stale information from microarchitectural buffers to obtain a memory disclosure. An attacker may be able to read secret data from the kernel or from a process when executing untrusted code (for example, in a web browser). [ + ]
Thu, 07 Mar 2019 02:01:26 GMT
FreeBSD Security Advisory - FreeBSD-SA-19:03.wpa
FreeBSD Security Advisory - Multiple vulnerabilities exist in the hostapd(8) and wpa_supplicant(8) implementations. [ + ]
Thu, 06 Dec 2018 02:19:30 GMT
FreeBSD Intel SYSRET Privilege Escalation
This Metasploit module exploits a vulnerability in the FreeBSD kernel, when running on 64-bit Intel processors. By design, 64-bit processors following the X86-64 specification will trigger a general protection fault (GPF) when executing a SYSRET instruction with a non-canonical address in the RCX register. However, Intel processors check for a non-canonical address prior to dropping privileges, causing a GPF in privileged mode. As a result, the current userland RSP stack pointer is restored and executed, resulting in privileged code execution. [ + ]
Wed, 28 Nov 2018 18:04:28 GMT
FreeBSD Security Advisory - FreeBSD-SA-18:14.bhyve
FreeBSD Security Advisory - Insufficient bounds checking in one of the device models provided by bhyve(8) can permit a guest operating system to overwrite memory in the bhyve(8) processing possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root. [ + ]
Thu, 13 Sep 2018 05:17:21 GMT
FreeBSD Security Advisory - FreeBSD-SA-18:13.nfs
FreeBSD Security Advisory - Insufficient and improper checking in the NFS server code could cause a denial of service or possibly remote code execution via a specially crafted network packet. A remote attacker could cause the NFS server to crash, resulting in a denial of service, or possibly execute arbitrary code on the server. [ + ]
Wed, 15 Aug 2018 17:14:43 GMT
FreeBSD Security Advisory - FreeBSD-SA-18:12.elf
FreeBSD Security Advisory - Insufficient validation was performed in the ELF header parser, and malformed or otherwise invalid ELF binaries were not rejected as they should be. Execution of a malicious ELF binary may result in a kernel crash or may disclose kernel memory. [ + ]
Wed, 15 Aug 2018 17:13:00 GMT
FreeBSD Security Advisory - FreeBSD-SA-18:10.ip
FreeBSD Security Advisory - A researcher has notified us of a DoS attack applicable to another operating system. While FreeBSD may not be vulnerable to that exact attack, we have identified several places where inadequate DoS protection could allow an attacker to consume system resources. It is not necessary that the attacker be able to establish two-way communication to carry out these attacks. These attacks impact both IPv4 and IPv6 fragment reassembly. In the worst case, an attacker could send a stream of crafted fragments with a low packet rate which would consume a substantial amount of CPU. Other attack vectors allow an attacker to send a stream of crafted fragments which could consume a large amount of CPU or all available mbuf clusters on the system. These attacks could temporarily render a system unreachable through network interfaces or temporarily render a system unresponsive. The effects of the attack should clear within 60 seconds after the attack stops. [ + ]
Wed, 15 Aug 2018 17:09:03 GMT
FreeBSD Security Advisory - FreeBSD-SA-18:11.hostapd
FreeBSD Security Advisory - When using WPA2, EAPOL-Key frames with the Encrypted flag and without the MIC flag set, the data field was decrypted first without verifying the MIC. When the dta field was encrypted using RC4, for example, when negotiating TKIP as a pairwise cipher, the unauthenticated but decrypted data was subsequently processed. This opened wpa_supplicant(8) to abuse by decryption and recovery of sensitive information contained in EAPOL-Key messages. All users of the WPA2 TKIP pairwise cipher are vulnerable to information, for example, the group key. [ + ]
Tue, 07 Aug 2018 22:00:00 GMT
FreeBSD Security Advisory - FreeBSD-SA-18:09.l1tf
FreeBSD Security Advisory - On certain Intel 64-bit x86 systems there is a period of time during terminal fault handling where the CPU may use speculative execution to try to load data. The CPU may speculatively access the level 1 data cache (L1D). Data which would otherwise be protected may then be determined by using side channel methods. This issue affects bhyve on FreeBSD/amd64 systems. An attacker executing user code, or kernel code inside of a virtual machine, may be able to read secret data from the kernel or from another virtual machine. [ + ]
Thu, 21 Jun 2018 16:22:04 GMT
FreeBSD Security Advisory - FreeBSD-SA-18:08.tcp
FreeBSD Security Advisory - One of the data structures that holds TCP segments uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system's network performance and/or consume excessive CPU by exploiting the inefficiency of TCP reassembly handling, with relatively small bandwidth cost. [ + ]
Fri, 11 May 2018 08:15:55 GMT
FreeBSD Security Advisory - FreeBSD-SA-18:07.lazyfpu
FreeBSD Security Advisory - A subset of Intel processors can allow a local thread to infer data from another thread through a speculative execution side channel when Lazy FPU state restore is used. Any local thread can potentially read FPU state information from other threads running on the host. This could include cryptographic keys when the AES-NI CPU feature is present. [ + ]
Tue, 08 May 2018 20:33:55 GMT
rldns 1.2
rldns is an open source lightweight DNS server for linux, netbsd, freebsd, and openbsd. Runs on x86 and x86_64 architectures. [ + ]
Wed, 14 Mar 2018 14:01:12 GMT
FreeBSD Security Advisory - FreeBSD-SA-18:06.debugreg
FreeBSD Security Advisory - The MOV SS and POP SS instructions inhibit debug exceptions until the instruction boundary following the next instruction. If that instruction is a system call or similar instruction that transfers control to the operating system, the debug exception will be handled in the kernel context instead of the user context. An authenticated local attacker may be able to read sensitive data in kernel memory, control low-level operating system functions, or may panic the system. [ + ]
Tue, 09 Jan 2018 15:55:55 GMT
FreeBSD Security Advisory - FreeBSD-SA-18:03.speculative_execution
FreeBSD Security Advisory - A number of issues relating to speculative execution were found last year and publicly announced January 3rd. Two of these, known as Meltdown and Spectre V2, are addressed here. [ + ]
Thu, 28 Dec 2017 23:50:04 GMT
FreeBSD Update On Spectre / Meltdown Patching
This is a note from the FreeBSD team that they were notified of the issue in late December and received a briefing under NDA with the original embargo date of January 9th. Since they received relatively late notice of the issue, their ability to provide fixes is delayed. [ + ]
Tue, 12 Dec 2017 05:27:14 GMT
pfSense 2.1.3-RELEASE (amd64) Remote Command Execution
pfSense, a free BSD based open source firewall distribution, versions 2.2.6 and below contain a remote command execution vulnerability post authentication in the _rrd_graph_img.php page. The vulnerability occurs via the graph GET parameter. A non-administrative authenticated attacker can inject arbitrary operating system commands and execute them as the root user. Verified against 2.1.3. [ + ]
Thu, 19 Oct 2017 14:28:55 GMT
FreeBSD Security Advisory - FreeBSD-SA-17:12.openssl
FreeBSD Security Advisory - Invoking SSL_read()/SSL_write() while in an error state causes data to be passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. Various other issues were addressed. [ + ]
Wed, 16 Aug 2017 16:01:49 GMT
FreeBSD Security Advisory - FreeBSD-SA-17:07.wpa
FreeBSD Security Advisory - A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used. [ + ]
Thu, 29 Jun 2017 19:32:22 GMT
FreeBSD 10.3 Jail SHM Issue
FreeBSD jail incompletely protects the access to the IPC primitives. The 'allow.sysvipc' setting only affects IPC queues, leaving other IPC objects unprotected, making them reachable system-wide independently of the system configuration. Versions 7.0 through 10.3 are affected. Proof of concept included. [ + ]
Thu, 29 Jun 2017 18:32:22 GMT
FreeBSD setrlimit Stack Clash Proof Of Concept
FreeBSD setrlimit stack clash proof of concept exploit. [ + ]
Thu, 29 Jun 2017 17:32:32 GMT
FreeBSD FGPE Stack Clash Proof Of Concept
FreeBSD FGPE stack clash proof of concept exploit. [ + ]
Wed, 12 Apr 2017 16:09:44 GMT
FreeBSD FGPU Stack Clash Proof Of Concept
FreeBSD FGPU stack clash proof of concept exploit. [ + ]
Thu, 23 Mar 2017 08:22:22 GMT
FreeBSD Security Advisory - FreeBSD-SA-17:03.ntp
FreeBSD Security Advisory - A vulnerability was discovered in the NTP server's parsing of configuration directives. A vulnerability was found in NTP, in the parsing of packets from the DPTS Clock. A vulnerability was discovered in the NTP server's parsing of configuration directives. A vulnerability was found in NTP, affecting the origin timestamp check function. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message. A malicious device could send crafted messages, causing ntpd to crash. An attacker able to spoof messages from all of the configured peers could send crafted packets to ntpd, causing later replies from those peers to be discarded, resulting in denial of service. [ + ]

rldns 1.1
rldns is an open source lightweight DNS server for linux, netbsd, freebsd, and openbsd. Runs on x86 and x86_64 architectures. [ + ]
PacketStorm Security

2013 Copyright © Mobile version 2015 | PeterLife & company World news today. Popular science publications online. The best manufacturers in the world. Products for industrial purposes. News of science and technology. Encyclopedic articles. Photos and videos. Science History. Promotion of manufacturers sites. Industrial goods. Display of goods stores online. | Terms of use Link at is mandatory if site materials are using fully or particulary. | Skimlinks helps publishers monetize editorial content through automated affiliate links for products. News: Affiliate programm. | Script Nevius. | Site Public Relations 1PS. | Hosting: Valuehost.