20 matches found
EUVD-2017-10103
Malware in sbrugna...
EUVD-2012-4504
Malware in sbrugna...
Information disclosure
On Junos OS, rpcbind should only be listening to port 111 on the internal routing instance IRI. External packets destined to port 111 should be dropped. Due to an information leak vulnerability, responses were being generated from the source address of the management interface e.g. fxp0 thus...
CVE-2018-0052 Junos OS: Unauthenticated remote root access possible when RSH service is enabled
If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. RSH service is disabled by default on Junos. There is no documented CLI command to enable this service. However, an undocumented CLI command...
CVE-2017-1087
In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user th...
Privilege escalation
In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user th...
CVE-2015-1415
The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile /boot/encryption.key, which allows local users to obtain sensitive key information by reading the file...
FreeBSD 10.x ZFS encryption.key disclosure (CVE-2015-1415)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory Information Title: FreeBSD 10.x ZFS encryption.key disclosure CVE-2015-1415 Advisory URL: https://pierrekim.github.io/advisories/CVE-2015-1415.txt.asc Date published: 2015-04-07 Vendors contacted: FreeBSD Release mode: Coordinated release...
XADV-2013005 FreeBSD 10 <= nand Driver IOCTL Kernel Memory Leak Bug
XADV-2013005 FreeBSD 10 = nand Driver IOCTL Kernel Memory Leak Bug 1. Overview The nand driver in freebsd = 10 has a vulnerability to leak arbitrary kernel memory to the userspace. It's occured at nandioctl kernel function and because no proper initialize the allocated kernel memory. It's the...
CVE-2013-6832
The nandioctl function in sys/dev/nand/nandgeom.c in the nand driver in the kernel in FreeBSD 10 and earlier does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call...
Design/Logic Flaw
The qlseioctl function in sys/dev/qlxge/qlsioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call...
Design/Logic Flaw
The nandioctl function in sys/dev/nand/nandgeom.c in the nand driver in the kernel in FreeBSD 10 and earlier does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call...
CVE-2013-6833
The qlseioctl function in sys/dev/qlxge/qlsioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call...
FreeBSD 10 nand Driver IOCTL Kernel Memory Leak Bug
The nand driver in FreeBSD versions 10 and below has a vulnerability that leaks arbitrary kernel memory to the userspace. XADV-2013005 FreeBSD 10 site: http://www.x90c.org References: 1 http://www.unix.com/man-page/freebsd/9/malloc/ 2...
FreeBSD 10 qlxge/qlxgbe Driver IOCTL Multiple Kernel Memory Leak
The qlxge/qlxgbe driver in FreeBSD versions 10 and below has vulnerabilities that leak arbitrary kernel memory to the userspace. XADV-2013006 FreeBSD site: http://www.x90c.org References: 1 http://fxr.watson.org/fxr/source/dev/qlxge/README.txt?v=FREEBSD10 2...
CVE-2012-4578
The geli encryption provider 7 before r239184 on FreeBSD 10 uses a weak Master Key, which makes it easier for local users to defeat a cryptographic protection mechanism via a brute-force attack...
Design/Logic Flaw
The geli encryption provider 7 before r239184 on FreeBSD 10 uses a weak Master Key, which makes it easier for local users to defeat a cryptographic protection mechanism via a brute-force attack...
CVE-2012-4578
The CVE-2012-4578 entry describes a vulnerability in the geli encryption provider 7 before r239184 on FreeBSD 10 where a weak Master Key is used. This weakness could allow a local attacker to defeat the cryptographic protection via brute-forcing. Documents identify the affected component as geli ...
CVE-2012-4578
The geli encryption provider 7 before r239184 on FreeBSD 10 uses a weak Master Key, which makes it easier for local users to defeat a cryptographic protection mechanism via a brute-force attack...
FreeBSD Security Advisory FreeBSD-SA-10:09.pseudofs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-10:09.pseudofs Security Advisory The FreeBSD Project Topic: Spurious mutex unlock Category: core Module: pseudofs Announced: 2010-11-10 Credits: Przemyslaw Frasun...