Category Archives: FreeBSD Security Advisories

FreeBSD 7.x & 8.x Root Exploit Patched!

Posted on December 4, 2009 by Gerard

A security bug in the latest version of FreeBSD can be exploited to grant unprivileged users complete control over the operating system, a German researcher discovered. The flaw is present in FreeBSD 8.0 and is known to affect versions 7.1 … Continue reading →

Posted in FreeBSD Security Advisories | Leave a comment

FreeBSD FIFO resource leak

Posted on November 10, 2009 by Gerard

Researches Chitti Nimmagadda and Dorr H. Clark of Santa Clara University seem to have discovered and reported a bug in usr/src/sys/fs/fifofs/fifo_vnops.c of FreeBSD 8.0-STABLE release as reported on the FreeBSD bugs mailinglist. We believe we have identified a significant resource … Continue reading →

FreeBSD Security Advisories (devfs, pipe, null)

Posted on October 5, 2009 by Gerard

The FreeBSD Security Team has issued the following security warnings: FreeBSD-SA-09:14.devfs – Devfs / VFS NULL pointer race condition FreeBSD-SA-09:13.pipe – kqueue pipe race conditions FreeBSD-EN-09:05.null – No zero mapping feature For background info, problem description, impact, workaround and solutions, … Continue reading →

Posted in FreeBSD Security Advisories | Leave a comment

FreeBSD Security Advisory (bind)

Posted on July 30, 2009 by Gerard

The FreeBSD Security Team has issued the following security warning: FreeBSD-SA-09:12.bind – BIND named(8) dynamic update message remote DoS For background info, problem description, impact, workaround and solution, have a look at the advisory page: bind

Posted in FreeBSD Security Advisories | Leave a comment

FreeBSD Security Advisories (ntp, ipv6, pipe)

Posted on June 15, 2009 by Gerard

The FreeBSD Security Team has issued the following security warnings: FreeBSD-SA-09:11.ntpd - ntpd stack-based buffer-overflow vulnerability FreeBSD-SA-09:10.ipv6 – Missing permission check on SIOCSIFINFO_IN6 ioctl FreeBSD-SA-09:09.pipe – Local information disclosure via direct pipe writes For background info, problem description, impact, workaround and solutions, … Continue reading →

Posted in FreeBSD Security Advisories | Leave a comment

FreeBSD Security Advisories (openssl, libc)

Posted on April 23, 2009 by Gerard

The FreeBSD Security Team has issued the following security warnings: FreeBSD-SA-09:08.openssl - Remotely exploitable crash in OpenSSL FreeBSD-SA-09:07.libc - Information leak in db(3) For background info, problem description, impact, workaround and solution, have a look at the individual advisory pages: openssl | libc

Posted in FreeBSD Security Advisories | Leave a comment

FreeBSD Security Advisory (ktimer)

Posted on March 24, 2009 by Gerard

The FreeBSD Security Team has issued the following security warning: FreeBSD-SA-09:06.ktimer – Local privilege escalation I. Background In FreeBSD 7.0, support was introduced for per-process timers as defined in the POSIX realtime extensions. This allows a process to have a … Continue reading →

Posted in FreeBSD Security Advisories | Leave a comment

FreeBSD Security Advisory (telnetd)

Posted on February 21, 2009 by Gerard

The FreeBSD Security Team has issued the following security warning: FreeBSD-SA-09:05.telnetd – telnetd code execution vulnerability I Background The FreeBSD telnet daemon, telnetd(8), implements the server side of the TELNET virtual terminal protocol. It has been disabled by default in FreeBSD since … Continue reading →

Posted in FreeBSD Security Advisories | Leave a comment