CVSS: 2.1EPSS: 0%CPEs: 8EXPL: 2CVE-2015-1415 – FreeBSD 10.x ZFS encryption.key Disclosure
https://notcve.org/view.php?id=CVE-2015-1415
The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file. El instalador bsdinstall en FreeBSD 10.x anterior a 10.1 p9, cuando configura ZFS codificado de disco completo, utiliza permisos de lectura universal para el fichero de claves GELI (/boot/encryption.key), lo que permite a usuarios locales obtener información sensible de claves mediante la lectura del fichero. FreeBSD 10.x installer supports the installation of FreeBSD 10.x on an encrypted ZFS filesystem by default. When using the encryption system within ZFS during the installation of FreeBSD 10.0 and FreeBSD 10.1, the encryption.key has wrong permissions which allow local users to read this file. Even if the keyfile is passphrase-encrypted, it can present a risk. • http://packetstormsecurity.com/files/131338/FreeBSD-10.x-ZFS-encryption.key-Disclosure.html http://www.securityfocus.com/archive/1/535209/100/0/threaded http://www.securitytracker.com/id/1032042 https://www.freebsd.org/security/advisories/FreeBSD-SA-15:08.bsdinstall.asc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 2%CPEs: 9EXPL: 0CVE-2015-1414
https://notcve.org/view.php?id=CVE-2015-1414
Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory. Desbordamiento de enteros en FreeBSD anterior a 8.4 p24, 9.x anterior a 9.3 p10. 10.0 anterior a p18, y 10.1 anterior a p6 permite a atacantes remotos causar una denegación de servicio (caída) a través de un paquete IGMP, lo que provoca un cálculo de tamaño incorrecto y una reserva de memoria insuficiente. • http://www.debian.org/security/2015/dsa-3175 http://www.securityfocus.com/bid/72777 http://www.securitytracker.com/id/1031798 https://kc.mcafee.com/corporate/index?page=content&id=SB10107 https://www.freebsd.org/security/advisories/FreeBSD-SA-15:04.igmp.asc https://www.pfsense.org/security/advisories/pfSense-SA-15_02.igmp.asc •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8613
https://notcve.org/view.php?id=CVE-2014-8613
The sctp module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted RE_CONFIG chunk. El módulo sctp en FreeBSD 10.1 anterior a p5, 10.0 anterior a p17, 9.3 anterior a p9, y 8.4 anterior a p23 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y pánico del kernel) a través de un fragmento RE_CONFIG manipulado. • http://www.securityfocus.com/bid/72345 http://www.securitytracker.com/id/1031649 https://www.freebsd.org/security/advisories/FreeBSD-SA-15:03.sctp.asc •
CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 4CVE-2014-8612 – FreeBSD - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-8612
Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function, when setting the SCTIP_SS_VALUE option, or (2) read arbitrary kernel memory via the stream id to the getsockopt function, when getting the SCTP_SS_PRIORITY option. Múltiples errors en el indice del array en el módulo Stream Control Transmission Protocol (SCTP) en FreeBSD 10.1 anterior a p5, 10.0 anterior a p17, 9.3 anterior a p9, y 8.4 anterior a p23 permiten a usuarios locales (1) ganar privilegios a través del id flujo en la función setsockopt, cuando configura la opción SCTIP_SS_VALUE, o (2) leer memoria del kernel arbitraria a través del id flujo en la función getsockopt, cuando consigue la opción SCTP_SS_PRIORITY. • https://www.exploit-db.com/exploits/35938 http://seclists.org/fulldisclosure/2015/Jan/107 http://www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities http://www.securityfocus.com/archive/1/534563/100/0/threaded http://www.securityfocus.com/bid/72342 http://www.securitytracker.com/id/1031648 https://www.freebsd.org/security/advisories/FreeBSD-SA-15:02.kmem.asc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 13EXPL: 0CVE-2014-8476
https://notcve.org/view.php?id=CVE-2014-8476
The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer. La función setlogin en FreeBSD 8.4 hasta 10.1-RC4 no inicializa el buffer usado para guardar el nombre del login, lo que permite a usuarios locales obtener información sensible desde la memoria del kernel a través de una llamada a getlogin, lo que devuelve el buffer entero. • http://secunia.com/advisories/61118 http://secunia.com/advisories/62218 http://www.debian.org/security/2014/dsa-3070 https://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A25.setlogin.asc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •