FreeBSD, NetBSD Security Vulnerabilities

Dnsmasq contains multiple vulnerabilities

Overview Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities. Description Multiple vulnerabilities have been reported in dnsmasq. CWE-122: Heap-based Buffer Overflow - CVE-2017-14491 CWE-122: Heap-based Buffer Overflow - CVE-2017-14492 CWE-121: Stack-based Buffer Overflow -...

[SECURITY] Fedora 27 Update: ejabberd-17.01-5.fc27

ejabberd is a Free and Open Source distributed fault-tolerant Jabber/XMPP server. It is mostly written in Erlang, and runs on many platforms (tested on Linux, FreeBSD, NetBSD, Solaris, Mac OS X and Windows...

Lynis 2.5.5 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security...

ike-scan - Discover and fingerprint IKE hosts (IPsec VPN Servers)

Discover and fingerprint IKE hosts (IPsec VPN Servers). Building and Installing ike-scan uses the standard GNU autoconf and automake tools, so installation is the normal process: Run git clone https://github.com/royhills/ike-scan.git to obtain the project source code Run cd ike-scan to enter...

Nmap 7.60 - Free Security Scanner For Network Exploration & Security Audits

Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP...

Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recency

Overview Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. Attackers with the ability to transmit messages from a routing domain router may send specially crafted OSPF messages to poison routing....

Cross-Site Request Forgery(CSRF)

Moodle is vulnerable to cross-site request forgery (CSRF) attacks. The attacks exist because it does not properly check session key validity on password-protected lesson modules, allowing the authenticated users to hijack the request sent to (1) mod/lesson/mediafile.php or (2)...

Lynis 2.5.2 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security...

NetBSD - Stack Clash (PoC) Exploit

Exploit for netbsd/x86 platform in category dos /...

NetBSD - 'Stack Clash' (PoC)

...

NetBSD - Stack Clash (PoC)

NetBSD - Stack Clash...

Linux in the Stack Clash vulnerabilities that may be exploited by hackers to obtain local root privileges-bug warning-the black bar safety net

Last month, Qualys security researchers in a variety of Unix-based Systems found on called the“Stack Clash”the vulnerability could allow an attacker on a UNIX system to gain root privileges and take over the attack computer. Currently security researchers discovered this flaw and are working with.....

blkif responses leak backend stack data

ISSUE DESCRIPTION The block interface response structure has some discontiguous fields. Certain backends populate the structure fields of an otherwise uninitialized instance of this structure on their stacks, leaking data through the (internal or trailing) padding field. IMPACT A malicious...

A Decade Old Unix/Linux/BSD Root Privilege-Escalation Bug Discovered

Update: Find working Exploits and Proof-of-Concepts at the bottom of this article. Security researchers have discovered more than a decade-old vulnerability in several Unix-based operating systems — including Linux, OpenBSD, NetBSD, FreeBSD and Solaris — which can be exploited by attackers to...

Visualizing the Stack Clash Vulnerability with Dashboards

Security teams should apply vendor patches immediately to protect their Linux, OpenBSD, NetBSD, FreeBSD and Solaris infrastructure from The Stack Clash vulnerability (also see the security advisory). To help in that effort, this blog post describes a new built-in Qualys AssetView dashboard to...

CVE-2017-1000375

NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier...

CVE-2017-1000375

NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier...

CVE-2017-1000378

The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in...

Design/Logic Flaw

A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. This affects NetBSD 7.1 and possibly earlier...

Code injection

NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier...

Code injection

The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in...

CVE-2017-1000374

A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. This affects NetBSD 7.1 and possibly earlier...

CVE-2017-1000374

A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. This affects NetBSD 7.1 and possibly earlier...

CVE-2017-1000378

The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in...

CVE-2017-1000378

The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in...

CVE-2017-1000375

NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier...

CVE-2017-1000374

A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. This affects NetBSD 7.1 and possibly earlier...

The Stack Clash

What is the Stack Clash? The Stack Clash is a vulnerability in the memory management of several operating systems. It affects Linux, OpenBSD, NetBSD, FreeBSD and Solaris, on i386 and amd64. It can be exploited by attackers to corrupt memory and execute arbitrary code. Qualys researchers discovered....

Stack Clash Vulnerability in Linux, BSD Systems Enables Root Access

Linux, BSD, Solaris and other open source systems are vulnerable to a local privilege escalation vulnerability known as Stack Clash that allows an attacker to execute code at root. Major Linux and open source distributors have made patches available today, and systems running Linux, OpenBSD,...

Network Mapper: Nmap

the Network Mapper Nmap is a free and open source utility for network discovery and security auditing. Network mapper was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for.....

Hashcat v3.6.0 - World's Fastest and Most Advanced Password Recovery Utility

hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and OSX, and has facilities to help enable.....

Lynis 2.5.0 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security...

FreeBSD-SA-17:04.ipfilter

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:04.ipfilter Security Advisory The FreeBSD Project Topic: ipfilter(4) fragment handling panic Category: contrib Module: ipfilter Announced: 2017-04-27 Credits:....

CVE-2017-8283

dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source.....

CVE-2017-8283

dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source.....

CVE-2017-8283

dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source.....

Directory traversal

dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source.....

CVE-2017-8283

dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source.....

CVE-2017-8283

dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source.....

Lynis 2.4.7 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security...

Lynis 2.4.4 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security...

Lynis 2.4.3 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security...

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service (DoS). A flaw in OpenSSL allows attackers to a double free to occur through DTLS...

Denial Of Service (DoS) Through Memory Consumption

OpenSSL is vulnerable to denial of service (DoS) through memory consumption. This can be triggered through a DTLS handshake method which forces OpenSSL to process a large amount of data, exhausting the...

Information Disclosure

OpenSSL is vulnerable to information disclosure. When pretty printing through the OBJ_obj2txt function in crypto/objects/obj_dat.c is it possible for attackers to read from the process stack memory. This is caused because OpenSSL does not ensure the presence of \0...

Denial Of Service (DoS) Through Memory Overwrite

OepnSSL is vulnerable to denial of service (DoS) attacks through memory overwrite and client application crash. If a multithreaded client connects to a malicious server using a resumed session, it is possible to trigger a race condition in the ssl_parse_serverhello_tlsext function which allows an.....

Denial Of Service (DoS) Through Null Pointer Dereference

OpenSSL is vulnerable to denial of service (DoS) attacks through a null pointer dereference. This can be triggered at remote DTLS servers by a handshake message where the ciphersuite is specified as a (1) anonymous DH or (2) anonymous ECDH...

Man-in-the-Middle (MitM)

OpenSSL is vulnerable to man in the middle (MitM) attacks. These attacks are possible through the ssl23_get_client_hello function in s23_srvr.c. It can be triggered by a ClientHello message fragment which forces OpenSSL to negotiate using the TLS 1.0 protocol insteadl of a higher, more secure...

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service (DoS) attacks. These attacks are possible due to multiple buffer overflows in crypto/srp/srp_lib.c. The buffer overflows can be triggered by an invalid SRP g, A or B...

Denial Of Service (DoS) Through Memory Consumption

OpenSSL is vulnerable to denial of service (DoS) attacks. These attacks are possible because there is a memory leak in d1_srtp.c which allows remote attackers to consume all the memory through a handshake...