Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 07:54:22 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1377187300&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Operating%20System%3A%20FreeBSD%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Fos%2Ffreebsd%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1377187300.1338191662.1338191662.1338191662.1%3B%2B__utmz%3D32867617.1338191662.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/112473/sa49077.txt http://packetstormsecurity.org/files/112473/sa49077.txt http://packetstormsecurity.org/files/112473/Secunia-Security-Advisory-49077.html Sat, 05 May 2012 05:25:48 GMT Secunia Security Advisory - FreeBSD has issued an update for OpenSSL. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially compromise an application using the library. http://packetstormsecurity.org/files/112452/FreeBSD-SA-12-01.openssl.txt http://packetstormsecurity.org/files/112452/FreeBSD-SA-12-01.openssl.txt http://packetstormsecurity.org/files/112452/FreeBSD-Security-Advisory-OpenSSL.html Thu, 03 May 2012 23:13:24 GMT FreeBSD Security Advisory - OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. OpenSSL support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. Various other OpenSSL issues have also been addressed. http://packetstormsecurity.org/files/112447/strongswan-4.6.3.tar.gz http://packetstormsecurity.org/files/112447/strongswan-4.6.3.tar.gz http://packetstormsecurity.org/files/112447/strongSwan-IPsec-Implementation-4.6.3.html Thu, 03 May 2012 22:54:20 GMT strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms. http://packetstormsecurity.org/files/110050/strongswan-4.6.2.tar.gz http://packetstormsecurity.org/files/110050/strongswan-4.6.2.tar.gz http://packetstormsecurity.org/files/110050/strongSwan-IPsec-Implementation-4.6.2.html Wed, 22 Feb 2012 02:58:02 GMT strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms. http://packetstormsecurity.org/files/108694/freebsdtelnetd.py.txt http://packetstormsecurity.org/files/108694/freebsdtelnetd.py.txt http://packetstormsecurity.org/files/108694/FreeBSD-telnetd-Remote-Root.html Mon, 16 Jan 2012 02:31:38 GMT This python script tests for the remote root vulnerability in encryption support for telnetd on FreeBSD systems. http://packetstormsecurity.org/files/108539/telnet_encrypt_keyid_bruteforce.rb.txt http://packetstormsecurity.org/files/108539/telnet_encrypt_keyid_bruteforce.rb.txt http://packetstormsecurity.org/files/108539/FreeBSD-based-telnetd-encrypt_key_id-brute-force.html Wed, 11 Jan 2012 06:39:29 GMT This Metasploit module exploits a buffer overflow in the encryption option handler of the FreeBSD telnet service. http://packetstormsecurity.org/files/108205/FreeBSD-SA-11-10.pam.txt http://packetstormsecurity.org/files/108205/FreeBSD-SA-11-10.pam.txt http://packetstormsecurity.org/files/108205/FreeBSD-Security-Advisory-pam_start-Improper-Validation.html Wed, 28 Dec 2011 17:34:15 GMT FreeBSD Security Advisory - Some third-party applications, including KDE's kcheckpass command, allow the user to specify the name of the policy on the command line. Since OpenPAM treats the policy name as a path relative to /etc/pam.d or /usr/local/etc/pam.d, users who are permitted to run such an application can craft their own policies and cause the application to load and execute their own modules. If an application that runs with root privileges allows the user to specify the name of the PAM policy to load, users who are permitted to run that application will be able to execute arbitrary code with root privileges. http://packetstormsecurity.org/files/108204/FreeBSD-SA-11-09.pam_ssh.txt http://packetstormsecurity.org/files/108204/FreeBSD-SA-11-09.pam_ssh.txt http://packetstormsecurity.org/files/108204/FreeBSD-Security-Advisory-pam_ssh-Improper-Access-Grant.html Wed, 28 Dec 2011 17:31:41 GMT FreeBSD Security Advisory - The OpenSSL library call used to decrypt private keys ignores the passphrase argument if the key is not encrypted. Because the pam_ssh module only checks whether the passphrase provided by the user is null, users with unencrypted SSH private keys may successfully authenticate themselves by providing a dummy passphrase. If the pam_ssh module is enabled, attackers may be able to gain access to user accounts which have unencrypted SSH private keys. http://packetstormsecurity.org/files/108198/freebsd-telnet-telnet_encrypt_keyid.rb.txt http://packetstormsecurity.org/files/108198/freebsd-telnet-telnet_encrypt_keyid.rb.txt http://packetstormsecurity.org/files/108198/FreeBSD-Telnet-Service-Encyption-Key-ID-Buffer-Overflow.html Wed, 28 Dec 2011 17:19:29 GMT This Metasploit module exploits a buffer overflow in the encryption option handler of the FreeBSD telnet service. http://packetstormsecurity.org/files/108203/FreeBSD-SA-11-08.telnetd.txt http://packetstormsecurity.org/files/108203/FreeBSD-SA-11-08.telnetd.txt http://packetstormsecurity.org/files/108203/FreeBSD-Security-Advisory-telnetd-Code-Execution.html Tue, 27 Dec 2011 19:22:22 GMT FreeBSD Security Advisory - When an encryption key is supplied via the TELNET protocol, its length is not validated before the key is copied into a fixed-size buffer. An attacker who can connect to the telnetd daemon can execute arbitrary code with the privileges of the daemon (which is usually the "root" superuser). http://packetstormsecurity.org/files/108202/FreeBSD-SA-11-07.chroot.txt http://packetstormsecurity.org/files/108202/FreeBSD-SA-11-07.chroot.txt http://packetstormsecurity.org/files/108202/FreeBSD-Security-Advisory-Chrooted-ftpd-Code-Execution.html Tue, 27 Dec 2011 18:35:55 GMT FreeBSD Security Advisory - The nsdispatch API has no mechanism to alert it to whether it is operating within a chroot environment in which the standard paths for configuration files and shared libraries may be untrustworthy. The FreeBSD ftpd daemon can be configured to use chroot, and also uses the nsdispatch API. http://packetstormsecurity.org/files/108201/FreeBSD-SA-11-06.bind.txt http://packetstormsecurity.org/files/108201/FreeBSD-SA-11-06.bind.txt http://packetstormsecurity.org/files/108201/FreeBSD-Security-Advisory-named-Denial-Of-Service.html Tue, 27 Dec 2011 18:22:22 GMT FreeBSD Security Advisory - A remote attacker could cause the BIND resolver to cache an invalid record, which could cause the BIND daemon to crash when that record is being queried. http://packetstormsecurity.org/files/108176/sa47395.txt http://packetstormsecurity.org/files/108176/sa47395.txt http://packetstormsecurity.org/files/108176/Secunia-Security-Advisory-47395.html Mon, 26 Dec 2011 04:47:41 GMT Secunia Security Advisory - FreeBSD has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/108173/sa47401.txt http://packetstormsecurity.org/files/108173/sa47401.txt http://packetstormsecurity.org/files/108173/Secunia-Security-Advisory-47401.html Mon, 26 Dec 2011 04:47:32 GMT Secunia Security Advisory - A security issue has been reported in FreeBSD, which can be exploited by malicious people to bypass certain security restrictions. http://packetstormsecurity.org/files/108169/sa47397.txt http://packetstormsecurity.org/files/108169/sa47397.txt http://packetstormsecurity.org/files/108169/Secunia-Security-Advisory-47397.html Mon, 26 Dec 2011 04:47:20 GMT Secunia Security Advisory - FreeBSD has acknowledged a vulnerability in telnetd, which can be exploited by malicious people to compromise a vulnerable system. http://packetstormsecurity.org/files/107547/sa47022.txt http://packetstormsecurity.org/files/107547/sa47022.txt http://packetstormsecurity.org/files/107547/Secunia-Security-Advisory-47022.html Tue, 06 Dec 2011 03:25:40 GMT Secunia Security Advisory - Kingcope has discovered a vulnerability in FreeBSD, which can be exploited by malicious people to compromise a vulnerable system. http://packetstormsecurity.org/files/107410/7350roaringbeastv3.tar http://packetstormsecurity.org/files/107410/7350roaringbeastv3.tar http://packetstormsecurity.org/files/107410/ProFTPd-FreeBSD-ftpd-Remote-Root.html Wed, 30 Nov 2011 23:29:51 GMT Remote root exploit for FreeBSD ftpd and ProFTPd on FreeBSD. It leverages the fact that /etc and /lib can be modified inside of the chroot. http://packetstormsecurity.org/files/107020/libdvdcss-1.2.11.tar.gz http://packetstormsecurity.org/files/107020/libdvdcss-1.2.11.tar.gz http://packetstormsecurity.org/files/107020/libdvdcss-1.2.11.html Wed, 16 Nov 2011 03:57:26 GMT libdvdcss is a cross-platform library for transparent DVD device access with on-the-fly CSS decryption. It currently runs under Linux, FreeBSD, NetBSD, OpenBSD, BSD/OS, Solaris, BeOS, Win95/Win98, Win2k/WinXP, MacOS X, HP-UX, QNX, and OS/2. It is used by libdvdread and most DVD players such as VLC because of its portability and because, unlike similar libraries, it does not require your DVD drive to be region locked. http://packetstormsecurity.org/files/106894/strongswan-4.6.1.tar.gz http://packetstormsecurity.org/files/106894/strongswan-4.6.1.tar.gz http://packetstormsecurity.org/files/106894/strongSwan-IPsec-Implementation-4.6.1.html Sat, 12 Nov 2011 01:11:00 GMT strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms. http://packetstormsecurity.org/files/106801/sa46804.txt http://packetstormsecurity.org/files/106801/sa46804.txt http://packetstormsecurity.org/files/106801/Secunia-Security-Advisory-46804.html Wed, 09 Nov 2011 03:05:34 GMT Secunia Security Advisory - A security issue has been discovered in FreeBSD, which can be exploited by malicious, local users to gain escalated privileges. http://packetstormsecurity.org/files/106715/strongswan-4.6.0.tar.gz http://packetstormsecurity.org/files/106715/strongswan-4.6.0.tar.gz http://packetstormsecurity.org/files/106715/strongSwan-IPsec-Implementation-4.6.0.html Tue, 08 Nov 2011 01:42:35 GMT strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms. http://packetstormsecurity.org/files/106151/dsa-2325-1.txt http://packetstormsecurity.org/files/106151/dsa-2325-1.txt http://packetstormsecurity.org/files/106151/Debian-Security-Advisory-2325-1.html Mon, 24 Oct 2011 15:38:23 GMT Debian Linux Security Advisory 2325-1 - Buffer overflow in the "linux emulation" support in FreeBSD kernel allows local users to cause a denial of service (panic) and possibly execute arbitrary code by calling the bind system call with a long path for a UNIX-domain socket, which is not properly handled when the address is used by other unspecified system calls. http://packetstormsecurity.org/files/105913/MDVSA-2011-153.txt http://packetstormsecurity.org/files/105913/MDVSA-2011-153.txt http://packetstormsecurity.org/files/105913/Mandriva-Linux-Security-Advisory-2011-153.html Mon, 17 Oct 2011 21:38:36 GMT Mandriva Linux Security Advisory 2011-153 - The LZW decompressor in the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to and CVE-2011-2896. The updated packages have been patched to correct this issue. http://packetstormsecurity.org/files/105473/fbsd-uipcsock-heap.sh.txt http://packetstormsecurity.org/files/105473/fbsd-uipcsock-heap.sh.txt http://packetstormsecurity.org/files/105473/FreeBSD-UIPC-Socket-Heap-Overflow.html Fri, 30 Sep 2011 15:21:05 GMT FreeBSD UIPC socket heap overflow proof of concept exploit that causes a kernel panic. Tested on FreeBSD 8.2-RELEASE. http://packetstormsecurity.org/files/105407/sa46201.txt http://packetstormsecurity.org/files/105407/sa46201.txt http://packetstormsecurity.org/files/105407/Secunia-Security-Advisory-46201.html Thu, 29 Sep 2011 08:22:50 GMT Secunia Security Advisory - FreeBSD has issued an update for compress. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.