CVE-2012-2143 – crypt(): DES encrypted password weakness
https://notcve.org/view.php?id=CVE-2012-2143
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password. La función crypt_des (también conocido como crypt basado en DES), en FreeBSD v9.0-RELEASE-p2, tal y como se utiliza en PHP, PostgreSQL y otros productos, no procesa las contraseñas en claro si la contraseña contiene un carácter de 0x80, lo que hace más fácil para los atacantes dependientes del contexto a la hora de obtener acceso a través de un intento de autenticación con una subcadena inicial con la contraseña, tal y como se demuestra con una contraseña Unicode. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aab49e934de1fff046e659cbec46e3d053b41c34 http://git.postgresql.org/gitweb/?p=postgresql.git&a=commit&h=932ded2ed51e8333852e370c7a6dad75d9f236f9 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html http://lists.fedoraproject.org • CWE-310: Cryptographic Issues •
CVE-2010-1938 – FreeBSD 8.0 - 'ftpd' (FreeBSD-SA-10:05) Off-By-One (PoC)
https://notcve.org/view.php?id=CVE-2010-1938
Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd. Error Off-by-oneen en la función __opiereadrec en readrec.c en libopie en OPIE v2.4.1-test1 y anteriores, utilizada en FreeBSD v6.4 hasta v8.1-PRERELEASE y otras plataformas, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) o posiblemente ejecutar código de su elección a través de un nombre de usuraio largo, como se ha demostrado mediante un comando USER largo en el ftpd FreeBSD v8.0. • https://www.exploit-db.com/exploits/12762 http://blog.pi3.com.pl/?p=111 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584932 http://secunia.com/advisories/39963 http://secunia.com/advisories/39966 http://secunia.com/advisories/45136 http://security.FreeBSD.org/advisories/FreeBSD-SA-10:05.opie.asc http://securityreason.com/achievement_securityalert/87 http://securityreason.com/securityalert/7450 http://securitytracker.com/id?1024040 http://securitytracker.com/id?1025709 http • CWE-189: Numeric Errors •
CVE-2009-2649 – FreeBSD 6/8 - ata Device Local Denial of Service
https://notcve.org/view.php?id=CVE-2009-2649
The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev is available, allows local users to cause a denial of service (kernel panic) via a certain IOCTL request with a large count, which triggers a malloc call with a large value. El controlador IATA (ata) en FreeBSD v6.0 y v8.0, cuando está disponible la lectura en el directorio /dev, permite a usuarios locales provocar una denegación de servicio (kernel panic) a través de ciertas peticiones IOCTL con un "count" largo, que provoca una llamada para la reserva de memoria (malloc) con un valor largo. • https://www.exploit-db.com/exploits/9134 http://www.securityfocus.com/bid/35645 http://www.securitytracker.com/id?1022538 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-5736 – FreeBSD 6.4 - Netgraph Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-5736
Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, 6.3 before 6.3-RELEASE-p7, 6.4 before 6.4-RELEASE-p1, 7.0 before 7.0-RELEASE-p7, 7.1 before 7.1-RC2, and 7 before 7.1-PRERELEASE allow local users to gain privileges via unknown attack vectors related to function pointers that are "not properly initialized" for (1) netgraph sockets and (2) bluetooth sockets. Múltiples vulnerabilidades sin especificar en FreeBSD 6 antes de 6.4-STABLE, 6.3 antes de 6.3-RELEASE-p7, 6.4 antes de 6.4-RELEASE-p1, 7.0 antes de 7.0-RELEASE-p7, 7.1 antes de 7.1-RC2 y 7 antes de 7.1-PRERELEASE permite a usuarios locales obtener privilegios mediante vectores de ataque desconocidos relacionados con punteros de funciones que "no están correctamente inicializados" para sockets(1) netgraph y (2) bluetooth. • https://www.exploit-db.com/exploits/16951 http://osvdb.org/50936 http://secunia.com/advisories/33209 http://security.freebsd.org/advisories/FreeBSD-SA-08:13.protosw.asc http://securityreason.com/securityalert/8124 http://www.exploit-db.com/exploits/16951 http://www.securityfocus.com/bid/32976 http://www.securitytracker.com/id?1021491 https://exchange.xforce.ibmcloud.com/vulnerabilities/47570 https://www.exploit-db.com/exploits/7581 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-4609
https://notcve.org/view.php?id=CVE-2008-4609
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. La implementación del protocolo TCP en (1) Linux, (2) plataformas basadas en BSD Unix, (3) Microsoft Windows, (4) productos Cisco, y probablemente otros sistemas operativos, permite a atacantes remotos provocar una denegación de servicio (agotamiento de cola de conexión) a través de múltiples vectores que manipulan información en la tabla de estados del TCP, como lo demuestra sockstress. • http://blog.robertlee.name/2008/10/conjecture-speculation.html http://insecure.org/stf/tcp-dos-attack-explained.html http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html http://marc.info/?l=bugtraq&m=125856010926699&w=2 http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html http://www.cpni • CWE-16: Configuration •