CVE-2015-2923
https://notcve.org/view.php?id=CVE-2015-2923
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. La implementación del protocolo Neighbor Discovery (ND) en la pila de IPv6 en FreeBSD versiones hasta 10.1, permite a atacantes remotos reconfigurar una configuración de hop-limit por medio de un valor hop_limit pequeño en un mensaje Router Advertisement (RA). • http://openwall.com/lists/oss-security/2015/04/04/2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a https://lists.freebsd.org/pipermail/freebsd-net/2015-April/041934.html https://www.freebsd.org/security/advisories/FreeBSD-SA-15:09.ipv6.asc • CWE-20: Improper Input Validation •
CVE-2015-1415 – FreeBSD 10.x ZFS encryption.key Disclosure
https://notcve.org/view.php?id=CVE-2015-1415
The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file. El instalador bsdinstall en FreeBSD 10.x anterior a 10.1 p9, cuando configura ZFS codificado de disco completo, utiliza permisos de lectura universal para el fichero de claves GELI (/boot/encryption.key), lo que permite a usuarios locales obtener información sensible de claves mediante la lectura del fichero. FreeBSD 10.x installer supports the installation of FreeBSD 10.x on an encrypted ZFS filesystem by default. When using the encryption system within ZFS during the installation of FreeBSD 10.0 and FreeBSD 10.1, the encryption.key has wrong permissions which allow local users to read this file. Even if the keyfile is passphrase-encrypted, it can present a risk. • http://packetstormsecurity.com/files/131338/FreeBSD-10.x-ZFS-encryption.key-Disclosure.html http://www.securityfocus.com/archive/1/535209/100/0/threaded http://www.securitytracker.com/id/1032042 https://www.freebsd.org/security/advisories/FreeBSD-SA-15:08.bsdinstall.asc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-1414
https://notcve.org/view.php?id=CVE-2015-1414
Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory. Desbordamiento de enteros en FreeBSD anterior a 8.4 p24, 9.x anterior a 9.3 p10. 10.0 anterior a p18, y 10.1 anterior a p6 permite a atacantes remotos causar una denegación de servicio (caída) a través de un paquete IGMP, lo que provoca un cálculo de tamaño incorrecto y una reserva de memoria insuficiente. • http://www.debian.org/security/2015/dsa-3175 http://www.securityfocus.com/bid/72777 http://www.securitytracker.com/id/1031798 https://kc.mcafee.com/corporate/index?page=content&id=SB10107 https://www.freebsd.org/security/advisories/FreeBSD-SA-15:04.igmp.asc https://www.pfsense.org/security/advisories/pfSense-SA-15_02.igmp.asc •
CVE-2014-8613
https://notcve.org/view.php?id=CVE-2014-8613
The sctp module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted RE_CONFIG chunk. El módulo sctp en FreeBSD 10.1 anterior a p5, 10.0 anterior a p17, 9.3 anterior a p9, y 8.4 anterior a p23 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y pánico del kernel) a través de un fragmento RE_CONFIG manipulado. • http://www.securityfocus.com/bid/72345 http://www.securitytracker.com/id/1031649 https://www.freebsd.org/security/advisories/FreeBSD-SA-15:03.sctp.asc •
CVE-2014-0998 – FreeBSD - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-0998
Integer signedness error in the vt console driver (formerly Newcons) in FreeBSD 9.3 before p10 and 10.1 before p6 allows local users to cause a denial of service (crash) and possibly gain privileges via a negative value in a VT_WAITACTIVE ioctl call, which triggers an array index error and out-of-bounds kernel memory access. Error en propiedad signedness de un entero, en el controlador de consola vt (anteriormente Newcons) en FreeBSD versión 9.3 y anteriores a p10 y versión 10.1 y anteriores a p6, permite a los usuarios locales causar una denegación de servicio (bloqueo) y posiblemente alcanzar privilegios por medio de un valor negativo en una llamada ioctl VT_WAITACTIVE, que desencadena un error de índice de matriz y acceso a la memoria del kernel fuera de límites. • https://www.exploit-db.com/exploits/35938 http://seclists.org/fulldisclosure/2015/Jan/107 http://www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities http://www.securityfocus.com/archive/1/534563/100/0/threaded https://www.freebsd.org/security/advisories/FreeBSD-EN-15:01.vt.asc • CWE-189: Numeric Errors •