All Hot News World. Public world blog, journal online reviewed.

BSD Operating System, PacketStorm Security

RSS feed: BSD Operating System, PacketStorm Security
Thu, 06 Dec 2018 02:19:30 GMT
Operating System: BSD ≈ Packet Storm
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers [ + ]
Wed, 28 Nov 2018 18:04:28 GMT
FreeBSD Security Advisory - FreeBSD-SA-18:14.bhyve
FreeBSD Security Advisory - Insufficient bounds checking in one of the device models provided by bhyve(8) can permit a guest operating system to overwrite memory in the bhyve(8) processing possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root. [ + ]
Thu, 13 Sep 2018 05:17:21 GMT
FreeBSD Security Advisory - FreeBSD-SA-18:13.nfs
FreeBSD Security Advisory - Insufficient and improper checking in the NFS server code could cause a denial of service or possibly remote code execution via a specially crafted network packet. A remote attacker could cause the NFS server to crash, resulting in a denial of service, or possibly execute arbitrary code on the server. [ + ]
Wed, 15 Aug 2018 17:14:43 GMT
FreeBSD Security Advisory - FreeBSD-SA-18:12.elf
FreeBSD Security Advisory - Insufficient validation was performed in the ELF header parser, and malformed or otherwise invalid ELF binaries were not rejected as they should be. Execution of a malicious ELF binary may result in a kernel crash or may disclose kernel memory. [ + ]
Wed, 15 Aug 2018 17:13:00 GMT
FreeBSD Security Advisory - FreeBSD-SA-18:10.ip
FreeBSD Security Advisory - A researcher has notified us of a DoS attack applicable to another operating system. While FreeBSD may not be vulnerable to that exact attack, we have identified several places where inadequate DoS protection could allow an attacker to consume system resources. It is not necessary that the attacker be able to establish two-way communication to carry out these attacks. These attacks impact both IPv4 and IPv6 fragment reassembly. In the worst case, an attacker could send a stream of crafted fragments with a low packet rate which would consume a substantial amount of CPU. Other attack vectors allow an attacker to send a stream of crafted fragments which could consume a large amount of CPU or all available mbuf clusters on the system. These attacks could temporarily render a system unreachable through network interfaces or temporarily render a system unresponsive. The effects of the attack should clear within 60 seconds after the attack stops. [ + ]
Wed, 15 Aug 2018 17:09:03 GMT
FreeBSD Security Advisory - FreeBSD-SA-18:11.hostapd
FreeBSD Security Advisory - When using WPA2, EAPOL-Key frames with the Encrypted flag and without the MIC flag set, the data field was decrypted first without verifying the MIC. When the dta field was encrypted using RC4, for example, when negotiating TKIP as a pairwise cipher, the unauthenticated but decrypted data was subsequently processed. This opened wpa_supplicant(8) to abuse by decryption and recovery of sensitive information contained in EAPOL-Key messages. All users of the WPA2 TKIP pairwise cipher are vulnerable to information, for example, the group key. [ + ]
Tue, 07 Aug 2018 22:00:00 GMT
FreeBSD Security Advisory - FreeBSD-SA-18:09.l1tf
FreeBSD Security Advisory - On certain Intel 64-bit x86 systems there is a period of time during terminal fault handling where the CPU may use speculative execution to try to load data. The CPU may speculatively access the level 1 data cache (L1D). Data which would otherwise be protected may then be determined by using side channel methods. This issue affects bhyve on FreeBSD/amd64 systems. An attacker executing user code, or kernel code inside of a virtual machine, may be able to read secret data from the kernel or from another virtual machine. [ + ]
Thu, 21 Jun 2018 16:22:04 GMT
FreeBSD Security Advisory - FreeBSD-SA-18:08.tcp
FreeBSD Security Advisory - One of the data structures that holds TCP segments uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system's network performance and/or consume excessive CPU by exploiting the inefficiency of TCP reassembly handling, with relatively small bandwidth cost. [ + ]
Fri, 11 May 2018 08:15:55 GMT
FreeBSD Security Advisory - FreeBSD-SA-18:07.lazyfpu
FreeBSD Security Advisory - A subset of Intel processors can allow a local thread to infer data from another thread through a speculative execution side channel when Lazy FPU state restore is used. Any local thread can potentially read FPU state information from other threads running on the host. This could include cryptographic keys when the AES-NI CPU feature is present. [ + ]
Tue, 08 May 2018 20:33:55 GMT
rldns 1.2
rldns is an open source lightweight DNS server for linux, netbsd, freebsd, and openbsd. Runs on x86 and x86_64 architectures. [ + ]
Wed, 14 Mar 2018 14:01:12 GMT
FreeBSD Security Advisory - FreeBSD-SA-18:06.debugreg
FreeBSD Security Advisory - The MOV SS and POP SS instructions inhibit debug exceptions until the instruction boundary following the next instruction. If that instruction is a system call or similar instruction that transfers control to the operating system, the debug exception will be handled in the kernel context instead of the user context. An authenticated local attacker may be able to read sensitive data in kernel memory, control low-level operating system functions, or may panic the system. [ + ]
Tue, 09 Jan 2018 15:55:55 GMT
FreeBSD Security Advisory - FreeBSD-SA-18:03.speculative_execution
FreeBSD Security Advisory - A number of issues relating to speculative execution were found last year and publicly announced January 3rd. Two of these, known as Meltdown and Spectre V2, are addressed here. [ + ]
Thu, 28 Dec 2017 23:50:04 GMT
FreeBSD Update On Spectre / Meltdown Patching
This is a note from the FreeBSD team that they were notified of the issue in late December and received a briefing under NDA with the original embargo date of January 9th. Since they received relatively late notice of the issue, their ability to provide fixes is delayed. [ + ]
Tue, 12 Dec 2017 05:27:14 GMT
pfSense 2.1.3-RELEASE (amd64) Remote Command Execution
pfSense, a free BSD based open source firewall distribution, versions 2.2.6 and below contain a remote command execution vulnerability post authentication in the _rrd_graph_img.php page. The vulnerability occurs via the graph GET parameter. A non-administrative authenticated attacker can inject arbitrary operating system commands and execute them as the root user. Verified against 2.1.3. [ + ]
Thu, 19 Oct 2017 14:28:55 GMT
FreeBSD Security Advisory - FreeBSD-SA-17:12.openssl
FreeBSD Security Advisory - Invoking SSL_read()/SSL_write() while in an error state causes data to be passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. Various other issues were addressed. [ + ]
Wed, 16 Aug 2017 16:01:49 GMT
FreeBSD Security Advisory - FreeBSD-SA-17:07.wpa
FreeBSD Security Advisory - A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used. [ + ]
Thu, 29 Jun 2017 19:32:22 GMT
FreeBSD 10.3 Jail SHM Issue
FreeBSD jail incompletely protects the access to the IPC primitives. The 'allow.sysvipc' setting only affects IPC queues, leaving other IPC objects unprotected, making them reachable system-wide independently of the system configuration. Versions 7.0 through 10.3 are affected. Proof of concept included. [ + ]
Thu, 29 Jun 2017 18:32:22 GMT
FreeBSD setrlimit Stack Clash Proof Of Concept
FreeBSD setrlimit stack clash proof of concept exploit. [ + ]
Thu, 29 Jun 2017 17:32:32 GMT
FreeBSD FGPE Stack Clash Proof Of Concept
FreeBSD FGPE stack clash proof of concept exploit. [ + ]
Wed, 12 Apr 2017 16:09:44 GMT
FreeBSD FGPU Stack Clash Proof Of Concept
FreeBSD FGPU stack clash proof of concept exploit. [ + ]
Thu, 23 Mar 2017 08:22:22 GMT
FreeBSD Security Advisory - FreeBSD-SA-17:03.ntp
FreeBSD Security Advisory - A vulnerability was discovered in the NTP server's parsing of configuration directives. A vulnerability was found in NTP, in the parsing of packets from the DPTS Clock. A vulnerability was discovered in the NTP server's parsing of configuration directives. A vulnerability was found in NTP, affecting the origin timestamp check function. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message. A malicious device could send crafted messages, causing ntpd to crash. An attacker able to spoof messages from all of the configured peers could send crafted packets to ntpd, causing later replies from those peers to be discarded, resulting in denial of service. [ + ]
Mon, 13 Mar 2017 03:02:22 GMT
rldns 1.1
rldns is an open source lightweight DNS server for linux, netbsd, freebsd, and openbsd. Runs on x86 and x86_64 architectures. [ + ]
Thu, 23 Feb 2017 17:14:20 GMT
rldns 1.0
rldns is an open source lightweight DNS server for linux, netbsd, freebsd, and openbsd. Runs on x86 and x86_64 architectures. [ + ]
Wed, 11 Jan 2017 18:55:55 GMT
FreeBSD Security Advisory - FreeBSD-SA-17:02.openssl
FreeBSD Security Advisory - If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. Various other issues have also been identified. [ + ]
Wed, 21 Dec 2016 23:44:44 GMT
FreeBSD Security Advisory - FreeBSD-SA-17:01.openssh
FreeBSD Security Advisory - The ssh-agent(1) agent supports loading a PKCS#11 module from outside a trusted whitelist. An attacker can request loading of a PKCS#11 module across forwarded agent-socket. When privilege separation is disabled, forwarded Unix domain sockets would be created by sshd(8) with the privileges of 'root' instead of the authenticated user. A remote attacker who have control of a forwarded agent-socket on a remote system and have the ability to write files on the system running ssh-agent(1) agent can run arbitrary code under the same user credential. Because the attacker must already have some control on both systems, it is relatively hard to exploit this vulnerability in a practical attack. When privilege separation is disabled (on FreeBSD, privilege separation is enabled by default and has to be explicitly disabled), an authenticated attacker can potentially gain root privileges on systems running OpenSSH server. [ + ]

FreeBSD Security Advisory - FreeBSD-SA-16.39.ntp
FreeBSD Security Advisory - Multiple vulnerabilities have been discovered in the NTP suite. [ + ]
PacketStorm Security

2013 Copyright Mobile version 2015 | PeterLife & company
Skimlinks helps publishers monetize editorial content through automated affiliate links for products. Affiliate programm.
Link at is mandatory if site materials are using fully or particulary.
Were treated to the site administrator, a cup of coffee *