EUVD-2012-4504

Malware in sbrugna...

FreeBSD : FreeBSD -- GELI silently omits the keyfile if read from stdin (3fcab88b-47bc-11ee-8e38-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 3fcab88b-47bc-11ee-8e38-002590c1f29c advisory. - When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple...

CVE-2023-0751

When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is...

Design/Logic Flaw

When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is...

CVE-2023-0751 GELI silently omits the keyfile if read from stdin

When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is...

CVE-2023-0751 GELI silently omits the keyfile if read from stdin

When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is...

CVE-2023-0751

CVE-2023-0751 affects GELI on FreeBSD: reading a key file from stdin fails to reuse the key file when initializing multiple providers, causing the second and subsequent devices to use a NULL user key. If only a key file is provided (no passphrase), the master key may be encrypted with an empty ke...

GELI 安全漏洞

GELI is a block device level disk encryption utility from the freeBSD Foundation. A security vulnerability exists in GELI that stems from the fact that when reading a key file from standard input, it does not reuse the key file to initialize multiple providers at once, causing the second and...

FreeBSD-SA-23:01.geli

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:01.geli Security Advisory The FreeBSD Project Topic: GELI silently omits the keyfile if read from stdin Category: core Module: geli Announced: 2023-02-08...

FreeBSD -- GELI silently omits the keyfile if read from stdin

Problem Description: When GELI reads a key file from a standard input, it doesn't store it anywhere. If the user tries to initialize multiple providers at once, for the second and subsequent devices the standard input stream will be already empty. In this case, GELI silently uses a NULL key as th...

HANA DB credentials exposed to XSA applications

Application: SAP HANA Versions Affected: 1.0 SPS11, SPS12 and 2.0 with XS Advanced Vendor URL: SAP Bug: Information Disclosure Reported: 20.06.2017 Vendor response: 21.06.2017 Date of Public Advisory: 14.11.2017 Reference: SAP Security Note 2508673 Author: Mathieu Geli ERPScan VULNERABILITY...

SAP NetWeaver UMEADMIN 7.50 Directory Creation

Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS JAVA UMEADMIN component Vendor URL: http://SAP.com Bugs: Directory traversal Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 13.12.2016 Reference: SAP Security Note 2310790 Author: Mathieu Geli ERPScan...

SAP Message Server HTTP remote DoS

Application: SAP KERNEL Versions Affected: SAP KERNEL 7.21-7.49 Vendor URL: SAP Bugs: Denial of Service Reported: 18.08.2016 Vendor response: 19.08.2016 Date of Public Advisory: 08.11.2016 Reference: SAP Security Note 2358972 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: Denial of...

FreeBSD : FreeBSD -- Insecure default GELI keyfile permissions (0b65f297-600a-11e6-a6c3-14dae9d210b8)

The default permission set by bsdinstall8 installer when configuring full disk encrypted ZFS is too open. Impact : A local attacker may be able to get a copy of the geli8 provider's keyfile which is located at a fixed location. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

SAP NetWeaver AS Java 7.5 XXE in com.sap.km.cm.ice

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.5 Vendor URL: SAP Bugs: XXE Reported: 17.06.2016 Vendor response: 18.06.2016 Date of Public Advisory: 11.04.2017 Reference: SAP Security Note 2387249 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: XXE...

Design/Logic Flaw

The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile /boot/encryption.key, which allows local users to obtain sensitive key information by reading the file...

CVE-2015-1415

The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile /boot/encryption.key, which allows local users to obtain sensitive key information by reading the file...

CVE-2015-1415

The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile /boot/encryption.key, which allows local users to obtain sensitive key information by reading the file...

CVE-2015-1415

FreeBSD 10.x installations using the bsdinstall installer with full-disk encrypted ZFS store the GELI master key in /boot/encryption.key with permissions 0644, exposing the key to local users. Root cause: default keyfile permissions are too open (world-readable) instead of 0600. Impact: local att...

FreeBSD weak permissions

Weak ZFS and GELI key files permissions...