Problem Description:

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognized signature algorithm is received from the peer.

Impact:

A malicious peer could exploit the NULL pointer dereference crash, causing a denial of service attack.

ge 12.1 lt 12.1_4

ge 1.1.1,1 lt 1.1.1g,1

OpenSSL reports:

Memory corruption in the ASN.1 encoder

Padding oracle in AES-NI CBC MAC check

EVP_EncodeUpdate overflow

EVP_EncryptUpdate overflow

ASN.1 BIO excessive memory allocation

EBCDIC overread (OpenSSL only)

< 1.0.2_11

< 1.0.1e_8

ge 2.3.0 lt 2.3.4

< 2.2.7

< 2.3.4

ge 10.3 lt 10.3_2

ge 10.2 lt 10.2_16

ge 10.1 lt 10.1_33

ge 9.3 lt 9.3_41

The FreeBSD security advisory FreeBSD-SA-11:07.chroot reports:

If ftpd is configured to place a user in a chroot environment, then an attacker who can log in as that user may be able to run arbitrary code(...).

Proftpd shares the same problem of a similar nature.

ge 7.3 lt 7.3_9

ge 7.4 lt 7.4_5

ge 8.1 lt 8.1_6

ge 8.2 lt 8.2_5

< 1.3.3g_1

< 1.3.3.r4_3,1

Problem Description:

A specially crafted argument can trigger a static buffer overflow in the library, with possibility to rewrite following static buffers that belong to other library functions.

Impact:

Due to very limited use of the function in the existing applications, and limited length of the overflow, exploitation of the vulnerability does not seem feasible. None of the utilities and daemons in the base system are known to be vulnerable. However, careful review of third party software that may use the function was not performed.

ge 11.0 lt 11.0_5

ge 10.3 lt 10.3_14

ge 10.2 lt 10.2_27

ge 10.1 lt 10.1_44

ge 9.3 lt 9.3_52

The OpenSSL Project reports:

A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. Implementations of OpenSSL that have been compiled with OPENSSL_NO_SRTP defined are not affected. [CVE-2014-3513].

When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack. [CVE-2014-3567].

OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade.

Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE [CVE-2014-3566].

When OpenSSL is configured with "no-ssl3" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them. [CVE-2014-3568].

ge 1.0.1 lt 1.0.1_16

ge 1.0.1 lt 1.0.1j

< 1.0.1e_1

ge 8.4 lt 8.4_17

ge 9.1 lt 9.1_20

ge 9.2 lt 9.2_13

ge 9.3 lt 9.3_3

ge 10.0 lt 10.0_10

Problem Description

When verifying a PKCS#1 v1.5 signature, OpenSSL ignores any bytes which follow the cryptographic hash being signed. In a valid signature there will be no such bytes.

Impact

OpenSSL will incorrectly report some invalid signatures as valid. When an RSA public exponent of 3 is used, or more generally when a small public exponent is used with a relatively large modulus (e.g., a public exponent of 17 with a 4096-bit modulus), an attacker can construct a signature which OpenSSL will accept as a valid PKCS#1 v1.5 signature.

Workaround

No workaround is available.

ge 6.1 lt 6.1_6

ge 6.0 lt 6.0_11

ge 5.5 lt 5.5_4

ge 5.4 lt 5.4_18

ge 5.3 lt 5.3_33

< 4.11_21

gt 0.9.8 lt 0.9.8c_9

< 0.9.7k_0

Two programming errors were discovered in which path names handled by CVS were not properly validated. In one case, the CVS client accepts absolute path names from the server when determining which files to update. In another case, the CVS server accepts relative path names from the client when determining which files to transmit, including those containing references to parent directories (`../').

These programming errors generally only have a security impact when dealing with remote CVS repositories.

A malicious CVS server may cause a CVS client to overwrite arbitrary files on the client's system.

A CVS client may request RCS files from a remote system other than those in the repository specified by $CVSROOT. These RCS files need not be part of any CVS repository themselves.

le 1.11.5_1

ge 5.2 lt 5.2.1_5

ge 4.9 lt 4.9_5

ge 4.8 lt 4.8_18

Problem Description

A race condition has been reported to exist in the handling by sendmail of asynchronous signals.

Impact

A remote attacker may be able to execute arbitrary code with the privileges of the user running sendmail, typically root.

Workaround

There is no known workaround other than disabling sendmail.

gt 8.13 lt 8.13.6

ge 6.0 lt 6.0_6

ge 5.4 lt 5.4_13

ge 5.3 lt 5.3_28

ge 4.11 lt 4.11_16

ge 4.10 lt 4.10_22

Problem Description

There are two documented methods of restricting access to NIS maps through ypserv(8): through the use of the /var/yp/securenets file, and through the /etc/hosts.allow file. While both mechanisms are implemented in the server, a change in the build process caused the "securenets" access restrictions to be inadvertantly disabled.

Impact

ypserv(8) will not load or process any of the networks or hosts specified in the /var/yp/securenets file, rendering those access controls ineffective.

Workaround

One possible workaround is to use /etc/hosts.allow for access control, as shown by examples in that file.

Another workaround is to use a firewall (e.g., ipfw(4), ipf(4), or pf(4)) to limit access to RPC functions from untrusted systems or networks, but due to the complexities of RPC, it might be difficult to create a set of firewall rules which accomplish this without blocking all access to the machine in question.

ge 5.3 lt 5.3_30

ge 5.4 lt 5.4_15

ge 5.5 lt 5.5_1

ge 6.0 lt 6.0_8

ge 6.1 lt 6.1_1

Problem Description:

The default permission set by bsdinstall(8) installer when configuring full disk encrypted ZFS is too open.

Impact:

A local attacker may be able to get a copy of the geli(8) provider's keyfile which is located at a fixed location.

ge 10.1 lt 10.1_9

ISC reports:

A defect in BIND's handling of responses containing a DNAME answer can cause a resolver to exit after encountering an assertion failure in db.c or resolver.c

< 9.9.9P4

< 9.10.4P4

< 9.11.0P1

le 9.12.0.a.2016.10.21

ge 9.3 lt 9.3_50

Applications that use SSL_MODE_RELEASE_BUFFERS, such as nginx, are prone to a race condition which may allow a remote attacker to inject random data into other connections.

ge 1.0.1 lt 1.0.1_11

ge 1.0.1 le 1.0.1g

ge 10.0 lt 10.0_2

Problem Description:

Due to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch(1) to run commands in addition to the desired SCCS or RCS commands.

Impact:

This issue could be exploited to execute arbitrary commands as the user invoking patch(1) against a specially crafted patch file, which could be leveraged to obtain elevated privileges.

ge 10.1 lt 10.1_16

Problem Description:

Due to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch(1) to pass certain ed(1) scripts to the ed(1) editor, which would run commands.

Impact:

This issue could be exploited to execute arbitrary commands as the user invoking patch(1) against a specially crafted patch file, which could be leveraged to obtain elevated privileges.

ge 10.1 lt 10.1_17

Problem Description:

The input path in routed(8) will accept queries from any source and attempt to answer them. However, the output path assumes that the destination address for the response is on a directly connected network.

Impact:

Upon receipt of a query from a source which is not on a directly connected network, routed(8) will trigger an assertion and terminate. The affected system's routing table will no longer be updated. If the affected system is a router, its routes will eventually expire from other routers' routing tables, and its networks will no longer be reachable unless they are also connected to another router.

ge 10.1 lt 10.1_17

ge 9.3 lt 9.3_22

Problem Description:

Multiple integer overflows have been discovered in the XML_GetBuffer() function in the expat library.

Impact:

The integer overflows may be exploited by using specifically crafted XML data and lead to infinite loop, or a heap buffer overflow, which results in a Denial of Service condition, or enables remote attackers to execute arbitrary code.

ge 10.1 lt 10.1_18

ge 10.2 lt 10.2_1

ge 9.3 lt 9.3_23

Problem Description:

The NFS client subsystem fails to correctly validate the length of a parameter provided by the user when a filesystem is mounted.

ge 7.2 lt 7.2_8

ge 7.3 lt 7.3_1

ge 8.0 lt 8.0_3

Problem Description:

In rpcbind(8), netbuf structures are copied directly, which would result in two netbuf structures that reference to one shared address buffer. When one of the two netbuf structures is freed, access to the other netbuf structure would result in an undefined result that may crash the rpcbind(8) daemon.

Impact:

A remote attacker who can send specifically crafted packets to the rpcbind(8) daemon can cause it to crash, resulting in a denial of service condition.

ge 10.2 lt 10.2_5

ge 10.1 lt 10.1_22

ge 9.3 lt 9.3_28

Problem description:

BIND 9 stores a cache of query names that are known to be failing due to misconfigured name servers or a broken chain of trust. Under high query loads, when DNSSEC validation is active, it is possible for a condition to arise in which data from this cache of failing queries could be used before it was fully initialized, triggering an assertion failure.

ge 7.4 lt 7.4_10

ge 8.1 lt 8.1_13

ge 8.2 lt 8.2_10

ge 8.3 lt 8.3_4

ge 9.0 lt 9.0_4

Problem Description:

Several problems have been found in OpenSSL:

• During the parsing of certain invalid ASN1 structures an error condition is mishandled, possibly resulting in an infinite loop.
• A buffer overflow exists in the SSL_get_shared_ciphers function.
• A NULL pointer may be dereferenced in the SSL version 2 client code.

In addition, many applications using OpenSSL do not perform any validation of the lengths of public keys being used.

Impact:

Servers which parse ASN1 data from untrusted sources may be vulnerable to a denial of service attack.

An attacker accessing a server which uses SSL version 2 may be able to execute arbitrary code with the privileges of that server.

A malicious SSL server can cause clients connecting using SSL version 2 to crash.

Applications which perform public key operations using untrusted keys may be vulnerable to a denial of service attack.

Workaround:

No workaround is available, but not all of the vulnerabilities mentioned affect all applications.

< 0.9.7l_0

ge 0.9.8 lt 0.9.8d_0

ge 6.1 lt 6.1_9

ge 6.0 lt 6.0_14

ge 5.5 lt 5.5_7

ge 5.4 lt 5.4_21

ge 5.3 lt 5.3_36

ge 4.11 lt 4.11_24

Problem Description:

Due to improper handling of alert packets, OpenSSL would consume an excessive amount of CPU time processing undefined alert messages.

Impact:

A remote attacker who can initiate handshakes with an OpenSSL based server can cause the server to consume a lot of computation power with very little bandwidth usage, and may be able to use this technique in a leveraged Denial of Service attack.

ge 10.3 lt 10.3_12

ge 10.2 lt 10.2_25

ge 10.1 lt 10.1_42

ge 9.3 lt 9.3_50

< 1.0.2i,1

< 1.1.0a

< 1.0.1e_13

< 1.0.1e_3

Problem Description:

libradius did not perform sufficient validation of received messages.

rad_get_attr(3) did not verify that the attribute length is valid before subtracting the length of the Type and Length fields. As a result, it could return success while also providing a bogus length of SIZE_T_MAX - 2 for the Value field.

When processing attributes to find an optional authenticator, is_valid_response() failed to verify that each attribute length is non-zero and could thus enter an infinite loop.

Impact:

A server may use libradius(3) to process messages from RADIUS clients. In this case, a malicious client could trigger a denial-of-service in the server. A client using libradius(3) to process messages from a server is susceptible to the same problem.

The impact of the rad_get_attr(3) bug depends on how the returned length is validated and used by the consumer. It is possible that libradius(3) applications will crash or enter an infinite loop when calling rad_get_attr(3) on untrusted RADIUS messages.

ge 13.0 lt 13.0_1

ge 12.2 lt 12.2_7

ge 11.4 lt 11.4_10

Unbound developer reports:

The resolver can be tricked into following an endless series of delegations, this consumes a lot of resources.

< 1.5.1

ge 10.0 lt 10.0_14

ge 10.1 lt 10.1_2

Problem Description

Multiple programming errors have been found in gzip which can be triggered when gzip is decompressing files. These errors include insufficient bounds checks in buffer use, a NULL pointer dereference, and a potential infinite loop.

Impact

The insufficient bounds checks in buffer use can cause gzip to crash, and may permit the execution of arbitrary code. The NULL pointer deference can cause gzip to crash. The infinite loop can cause a Denial-of-Service situation where gzip uses all available CPU time.

Workaround

No workaround is available.

ge 6.1 lt 6.1_7

ge 6.0 lt 6.0_12

ge 5.5 lt 5.5_5

ge 5.4 lt 5.4_19

ge 5.3 lt 5.3_34

< 4.11_22

< 1.3.12

A flaw in a library used by BIND allows an attacker to deliberately cause excessive memory consumption by the named(8) process. This affects both recursive and authoritative servers.

ge 9.0 lt 9.0_7

ge 9.1 lt 9.1_2

Problem description and impact

When running on processors supporting Hyper-Threading Technology, it is possible for a malicious thread to monitor the execution of another thread.

Information may be disclosed to local users, allowing in many cases for privilege escalation. For example, on a multi-user system, it may be possible to steal cryptographic keys used in applications such as OpenSSH or SSL-enabled web servers.

NOTE: Similar problems may exist in other simultaneous multithreading implementations, or even some systems in the absence of simultaneous multithreading. However, current research has only demonstrated this flaw in Hyper-Threading Technology, where shared memory caches are used.

Workaround

Systems not using processors with Hyper-Threading Technology support are not affected by this issue. On systems which are affected, the security flaw can be eliminated by setting the "machdep.hlt_logical_cpus" tunable:

# echo "machdep.hlt_logical_cpus=1" >> /boot/loader.conf

The system must be rebooted in order for tunables to take effect.

Use of this workaround is not recommended on "dual-core" systems, as this workaround will also disable one of the processor cores.

ge 5.4 lt 5.4_1

ge 5.0 lt 5.3_15

ge 4.11 lt 4.11_9

< 4.10_14

Problem description:

There is a programming error in the DES implementation used in crypt() when handling input which contains characters that cannot be represented with 7-bit ASCII.

When the input contains characters with only the most significant bit set (0x80), that character and all characters after it will be ignored.

ge 7.4 lt 7.4_8

ge 8.1 lt 8.1_10

ge 8.2 lt 8.2_8

ge 8.3 lt 8.3_2

ge 9.0 lt 9.0_2

Problem Description:

When decompressing data, the run-length encoded values are not adequately sanity-checked, allowing for an integer overflow.

ge 6.4 lt 6.4_11

ge 7.1 lt 7.1_14

ge 7.3 lt 7.3_3

ge 8.0 lt 8.0_5

ge 8.1 lt 8.1_1

OpenBSD and David Ramos reports:

Applications that use SSL_MODE_RELEASE_BUFFERS, such as nginx/apache, are prone to a race condition which may allow a remote attacker to crash the current service.

ge 1.0.1 lt 1.0.1_12

ge 10.0 lt 10.0_3

Problem Description

Two problems have been discovered relating to the extraction of bzip2-compressed files. First, a carefully constructed invalid bzip2 archive can cause bzip2 to enter an infinite loop. Second, when creating a new file, bzip2 closes the file before setting its permissions.

Impact

The first problem can cause bzip2 to extract a bzip2 archive to an infinitely large file. If bzip2 is used in automated processing of untrusted files this could be exploited by an attacker to create an denial-of-service situation by exhausting disk space or by consuming all available cpu time.

The second problem can allow a local attacker to change the permissions of local files owned by the user executing bzip2 providing that they have write access to the directory in which the file is being extracted.

Workaround

Do not uncompress bzip2 archives from untrusted sources and do not uncompress files in directories where untrusted users have write access.

ge 5.4 lt 5.4_3

ge 5.0 lt 5.3_17

ge 4.11 lt 4.11_11

< 4.10_16

< 1.0.3_1

Problem Description:

Flaws in libarchive's handling of symlinks and hard links allow overwriting files outside the extraction directory, or permission changes to a directory outside the extraction directory.

Impact:

An attacker who can control freebsd-update's or portsnap's input to tar(1) can change file content or permissions on files outside of the update tool's working sandbox.

ge 11.0 lt 11.0_1

ge 10.3 lt 10.3_10

ge 10.2 lt 10.2_23

ge 10.1 lt 10.1_40

The OpenSSL project reports:

EDIPARTYNAME NULL pointer de-reference (High)

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack.

ge 1.0.2,1 lt 1.1.1i,1

ge 12.2 lt 12.2_2

ge 12.1 lt 12.1_12

ge 11.4 lt 11.4_6

Programming errors in the implementation of the msync(2) system call involving the MS_INVALIDATE operation lead to cache consistency problems between the virtual memory system and on-disk contents.

In some situations, a user with read access to a file may be able to prevent changes to that file from being committed to disk.

ge 5.0 lt 5.2_8

ge 4.9 lt 4.9_9

ge 4.0 lt 4.8_22

ISC reports:

A BIND 9 DNS server set up to be a caching resolver is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache a response. This can cause the BIND 9 DNS server (named process) to crash.

< 9.4.3.4

< 9.6.3.1.ESV.R4.1

< 9.7.3.1

< 9.8.0.2

ge 7.3 lt 7.3_6

ge 7.4 lt 7.4_2

ge 8.1 lt 8.1_4

ge 8.2 lt 8.2_2

Problem Description:

A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys.

Impact:

Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used.

ge 11.1 lt 11.1_2

ge 11.0 lt 11.0_13

ge 10.4 lt 10.4_1

ge 10.3 lt 10.3_22

Problem Description

On "7th generation" and "8th generation" processors manufactured by AMD, including the AMD Athlon, Duron, Athlon MP, Athlon XP, Athlon64, Athlon64 FX, Opteron, Turion, and Sempron, the fxsave and fxrstor instructions do not save and restore the FOP, FIP, and FDP registers unless the exception summary bit (ES) in the x87 status word is set to 1, indicating that an unmasked x87 exception has occurred.

This behaviour is consistent with documentation provided by AMD, but is different from processors from other vendors, which save and restore the FOP, FIP, and FDP registers regardless of the value of the ES bit. As a result of this discrepancy remaining unnoticed until now, the FreeBSD kernel does not restore the contents of the FOP, FIP, and FDP registers between context switches.

Impact

On affected processors, a local attacker can monitor the execution path of a process which uses floating-point operations. This may allow an attacker to steal cryptographic keys or other sensitive information.

Workaround

No workaround is available, but systems which do not use AMD Athlon, Duron, Athlon MP, Athlon XP, Athlon64, Athlon64 FX, Opteron, Turion, or Sempron processors are not vulnerable.

ge 6.0 lt 6.0_7

ge 5.4 lt 5.4_14

ge 5.3 lt 5.3_29

ge 5 lt 5.3

ge 4.11 lt 4.11_17

ge 4.10 lt 4.10_23

< 4.10

Problem Description:

A programming error allows an attacker who can specify a URL with a username and/or password components to overflow libfetch(3) buffers.

Impact:

An attacker in control of the URL to be fetched (possibly via HTTP redirect) may cause a heap buffer overflow, resulting in program misbehavior or malicious code execution.

ge 12.1 lt 12.1_2

ge 12.0 lt 12.0_13

ge 11.3 lt 11.3_6

Problem Description:

Insufficient and improper checking in the NFS server code could cause a denial of service or possibly remote code execution via a specially crafted network packet.

Impact:

A remote attacker could cause the NFS server to crash, resulting in a denial of service, or possibly execute arbitrary code on the server.

ge 11.2 lt 11.2_5

Problem Description

There is no mechanism for preventing IPv6 routing headers from being used to route packets over the same link(s) many times.

Impact

An attacker can "amplify" a denial of service attack against a link between two vulnerable hosts; that is, by sending a small volume of traffic the attacker can consume a much larger amount of bandwidth between the two vulnerable hosts.

An attacker can use vulnerable hosts to "concentrate" a denial of service attack against a victim host or network; that is, a set of packets sent over a period of 30 seconds or more could be constructed such that they all arrive at the victim within a period of 1 second or less over a period of 30 seconds or more could be constructed such that they all arrive at the victim within a period of 1 second or less.

Other attacks may also be possible.

Workaround

No workaround is available.

ge 6.2 lt 6.2_4

ge 6.1 lt 6.1_16

ge 5.5 lt 5.5_12

OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-writable. Local attackers may be able to write arbitrary messages to logged-in users, including terminal escape sequences. Reported by Nikolay Edigaryev.

Fixed a privilege separation weakness related to PAM support. Attackers who could successfully compromise the pre-authentication process for remote code execution and who had valid credentials on the host could impersonate other users.

Fixed a use-after-free bug related to PAM support that was reachable by attackers who could compromise the pre-authentication process for remote code execution.

< 7.0.p1,1

ge 10.2 lt 10.2_2

ge 10.1 lt 10.1_19

ge 9.3 lt 9.3_24

Problem description:

OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. [CVE-2011-4576]

OpenSSL support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. [CVE-2011-4619]

If an application uses OpenSSL's certificate policy checking when verifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK flag, a policy check failure can lead to a double-free. [CVE-2011-4109]

A weakness in the OpenSSL PKCS #7 code can be exploited using Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the million message attack (MMA). [CVE-2012-0884]

The asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp functions, in OpenSSL contains multiple integer errors that can cause memory corruption when parsing encoded ASN.1 data. This error can occur on systems that parse untrusted ASN.1 data, such as X.509 certificates or RSA public keys. [CVE-2012-2110]

ge 7.4 lt 7.4_8

ge 8.1 lt 8.1_10

ge 8.2 lt 8.2_8

ge 8.3 lt 8.3_2

ge 9.0 lt 9.0_2

Problem description

A programming error in the implementation of the AES-XCBC-MAC algorithm for authentication resulted in a constant key being used instead of the key specified by the system administrator.

Impact

If the AES-XCBC-MAC algorithm is used for authentication in the absence of any encryption, then an attacker may be able to forge packets which appear to originate from a different system and thereby succeed in establishing an IPsec session. If access to sensitive information or systems is controlled based on the identity of the source system, this may result in information disclosure or privilege escalation.

ge 5.4 lt 5.4_6

ge 5.* lt 5.3_20

From the FreeBSD Security Advisory:

A programming error in the handling of some IPv6 socket options within the setsockopt(2) system call may result in memory locations being accessed without proper validation.

It may be possible for a local attacker to read portions of kernel memory, resulting in disclosure of sensitive information. A local attacker can cause a system panic.

ge 5.2 lt 5.2.1_4

Problem Description:

The ssh-agent(1) agent supports loading a PKCS#11 module from outside a trusted whitelist. An attacker can request loading of a PKCS#11 module across forwarded agent-socket. [CVE-2016-10009]

When privilege separation is disabled, forwarded Unix domain sockets would be created by sshd(8) with the privileges of 'root' instead of the authenticated user. [CVE-2016-10010]

Impact:

A remote attacker who have control of a forwarded agent-socket on a remote system and have the ability to write files on the system running ssh-agent(1) agent can run arbitrary code under the same user credential. Because the attacker must already have some control on both systems, it is relatively hard to exploit this vulnerability in a practical attack. [CVE-2016-10009]

When privilege separation is disabled (on FreeBSD, privilege separation is enabled by default and has to be explicitly disabled), an authenticated attacker can potentially gain root privileges on systems running OpenSSH server. [CVE-2016-10010]

< 7.3.p1_5,1

ge 11.0 lt 11.0_7

ge 10.3 lt 10.3_16

Problem Description:

EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP peer) does not to validate the received scalar and element values in EAP-pwd-Commit messages properly. This could result in attacks that would be able to complete EAP-pwd authentication exchange without the attacker having to know the used password.

See https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt for a detailed description of the bug.

Impact:

All wpa_supplicant and hostapd versions with EAP-pwd support.

ge 12.0 lt 12.0_3

ge 11.2 lt 11.2_9

< 2.8

< 2.8

Problem Description:

An un-checked return value in the BGP dissector code can result in an integer overflow. This value is used in subsequent buffer management operations, resulting in a stack based buffer overflow under certain circumstances.

Impact:

By crafting malicious BGP packets, an attacker could exploit this vulnerability to execute code or crash the tcpdump process on the target system. This code would be executed in the context of the user running tcpdump(1). It should be noted that tcpdump(1) requires privileges in order to open live network interfaces.

Workaround:

No workaround is available.

< 3.9.6

ge 6.2 lt 6.2_7

ge 6.1 lt 6.1_19

ge 5.5 lt 5.5_15

Problem Description:

In case of an incoming ICMPv6 'Packet Too Big Message', there is an insufficient check on the proposed new MTU for a path to the destination.

Impact:

When the kernel is configured to process IPv6 packets and has active IPv6 TCP sockets, a specifically crafted ICMPv6 'Packet Too Big Message' could cause the TCP stack of the kernel to panic.

Workaround:

Systems without INET6 / IPv6 support are not vulnerable and neither are systems which do not listen on any IPv6 TCP sockets and have no active IPv6 connections.

Filter ICMPv6 'Packet Too Big Messages' using a firewall, but this will at the same time break PMTU support for IPv6 connections.

ge 6.3 lt 6.3_4

ge 7.0 lt 7.0_4

Problem description

A DNSSEC-related validator function in BIND 9.3.0 contains an inappropriate internal consistency test. When this test is triggered, named(8) will exit.

Impact

On systems with DNSSEC enabled, a remote attacker may be able to inject a specially crafted packet that will cause the internal consistency test to trigger, and named(8) to terminate. As a result, the name server will no longer be available to service requests.

Workaround

DNSSEC is not enabled by default, and the "dnssec-enable" directive is not normally present. If DNSSEC has been enabled, disable it by changing the "dnssec-enable" directive to "dnssec-enable no;" in the named.conf(5) configuration file.

eq 9.3.0

ge 5.3 lt 5.3_16

Problem Description:

Insufficient bounds checking in one of the device models provided by bhyve(8) can permit a guest operating system to overwrite memory in the bhyve(8) processing possibly permitting arbitary code execution.

Impact:

A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root.

ge 11.2 lt 11.2_6

Problem Description

The CRC compensation attack detector in the sshd(8) daemon, upon receipt of duplicate blocks, uses CPU time cubic in the number of duplicate blocks received. [CVE-2006-4924]

A race condition exists in a signal handler used by the sshd(8) daemon to handle the LoginGraceTime option, which can potentially cause some cleanup routines to be executed multiple times. [CVE-2006-5051]

Impact

An attacker sending specially crafted packets to sshd(8) can cause a Denial of Service by using 100% of CPU time until a connection timeout occurs. Since this attack can be performed over multiple connections simultaneously, it is possible to cause up to MaxStartups (10 by default) sshd processes to use all the CPU time they can obtain. [CVE-2006-4924]

The OpenSSH project believe that the race condition can lead to a Denial of Service or potentially remote code execution, but the FreeBSD Security Team has been unable to verify the exact impact. [CVE-2006-5051]

Workaround

The attack against the CRC compensation attack detector can be avoided by disabling SSH Protocol version 1 support in sshd_config(5).

There is no workaround for the second issue.

ge 6.1 lt 6.1_10

ge 6.0 lt 6.0_15

ge 5.5 lt 5.5_8

ge 5.4 lt 5.4_22

ge 5.0 lt 5.3_37

< 4.11_25

< 4.4,1

< 4.4.p1,1

OpenSSL project reports:

1. Historically OpenSSL only ever generated DH parameters based on "safe" primes. More recently (in version 1.0.2) support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be "safe". Where an application is using DH configured with parameters based on primes that are not "safe" then an attacker could use this fact to find a peer's private DH exponent. This attack requires that the attacker complete multiple handshakes in which the peer uses the same private DH exponent. For example this could be used to discover a TLS server's private DH exponent if it's reusing the private DH exponent or it's using a static DH ciphersuite. OpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in TLS. It is not on by default. If the option is not set then the server reuses the same private DH exponent for the life of the server process and would be vulnerable to this attack. It is believed that many popular applications do set this option and would therefore not be at risk. (CVE-2016-0701)
2. A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2. (CVE-2015-3197)

< 1.0.2_7

ge 1.0.1 lt 1.0.2f

ge 10.2 lt 10.2_12

ge 10.1 lt 10.1_29

ge 9.3 lt 9.3_36

Problem Description:

Certain inputs can cause zlib's compression routine to overwrite an internal buffer with compressed data. This issue may require the use of uncommon or non-default compression parameters.

Impact:

The out-of-bounds write may result in memory corruption and an application crash or kernel panic.

ge 13.0 lt 13.0_11

ge 12.3 lt 12.3_5

Problem Description:

Insufficient validation of environment variables in the telnet client supplied in FreeBSD can lead to stack-based buffer overflows. A stack- based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers.

This issue only affects the telnet client. Inbound telnet sessions to telnetd(8) are not affected by this issue.

Impact:

These buffer overflows may be triggered when connecting to a malicious server, or by an active attacker in the network path between the client and server. Specially crafted TELNET command sequences may cause the execution of arbitrary code with the privileges of the user invoking telnet(1).

ge 12.0 lt 12.0_8

ge 11.2 lt 11.2_12

ge 11.3 lt 11.3_1

Problem Description:

A vulnerability was discovered in the NTP server's parsing of configuration directives. [CVE-2017-6464]

A vulnerability was found in NTP, in the parsing of packets from the DPTS Clock. [CVE-2017-6462]

A vulnerability was discovered in the NTP server's parsing of configuration directives. [CVE-2017-6463]

A vulnerability was found in NTP, affecting the origin timestamp check function. [CVE-2016-9042]

Impact:

A remote, authenticated attacker could cause ntpd to crash by sending a crafted message. [CVE-2017-6463, CVE-2017-6464]

A malicious device could send crafted messages, causing ntpd to crash. [CVE-2017-6462]

An attacker able to spoof messages from all of the configured peers could send crafted packets to ntpd, causing later replies from those peers to be discarded, resulting in denial of service. [CVE-2016-9042]

ge 11.0 lt 11.0_9

ge 10.3 lt 10.3_18

Problem Description:

The decompressor used in bzip2 contains a bug which can lead to an out-of-bounds write when processing a specially crafted bzip2(1) file.

bzip2recover contains a heap use-after-free bug which can be triggered when processing a specially crafted bzip2(1) file.

Impact:

An attacker who can cause maliciously crafted input to be processed may trigger either of these bugs. The bzip2recover bug may cause a crash, permitting a denial-of-service. The bzip2 decompressor bug could potentially be exploited to execute arbitrary code.

Note that some utilities, including the tar(1) archiver and the bspatch(1) binary patching utility (used in portsnap(8) and freebsd-update(8)) decompress bzip2(1)-compressed data internally; system administrators should assume that their systems will at some point decompress bzip2(1)-compressed data even if they never explicitly invoke the bunzip2(1) utility.

ge 12.0 lt 12.0_9

ge 11.3 lt 11.3_2

ge 11.2 lt 11.2_13

Problem description:

GLOB_LIMIT is supposed to limit the number of paths to prevent against memory or CPU attacks. The implementation however is insufficient.

ge 7.4 lt 7.4_12

ge 8.3 lt 8.3_6

ge 9.0 lt 9.0_6

ge 9.1 lt 9.1_1

Problem Description:

A type * (ANY) query response containing multiple RRsets can trigger an assertion failure.

Certain recursive queries can cause the nameserver to crash by using memory which has already been freed.

Impact:

A remote attacker sending a type * (ANY) query to an authoritative DNS server for a DNSSEC signed zone can cause the named(8) daemon to exit, resulting in a Denial of Service.

A remote attacker sending recursive queries can cause the nameserver to crash, resulting in a Denial of Service.

Workaround:

There is no workaround available, but systems which are not authoritative servers for DNSSEC signed zones are not affected by the first issue; and systems which do not permit untrusted users to perform recursive DNS resolution are not affected by the second issue. Note that the default configuration for named(8) in FreeBSD allows local access only (which on many systems is equivalent to refusing access to untrusted users).

< 9.3.4

ge 6.2 lt 6.2_1

ge 6.1 lt 6.1_13

ge 5.5 lt 5.5_11

ntp.org reports:

Unrestricted access to the monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013

Use noquery to your default restrictions to block all status queries.

Use disable monitor to disable the ``ntpdc -c monlist'' command while still allowing other status queries.

< 4.2.7p26

ge 8.3 lt 8.3_14

ge 8.4 lt 8.4_7

ge 9.1 lt 9.1_10

ge 9.2 lt 9.2_3

Problem Description:

When named(8) is operating as a recursive DNS server or sending NOTIFY requests to slave DNS servers, named(8) uses a predictable query id.

Impact:

An attacker who can see the query id for some request(s) sent by named(8) is likely to be able to perform DNS cache poisoning by predicting the query id for other request(s).

Workaround:

No workaround is available.

ge 9.4 lt 9.4.1.1

ge 9.3 lt 9.3.4.1

ge 6.2 lt 6.2_7

ge 6.1 lt 6.1_19

ge 5.5 lt 5.5_15

Problem Description:

The ggatec(8) daemon does not validate the size of a response before writing it to a fixed-sized buffer. This allows to overwrite the stack of ggatec(8).

Impact:

A malicious ggated(8) or an attacker in a priviledged network position can overwrite the stack with crafted content and potentially execute arbitrary code.

ge 13.0 lt 13.0_4

ge 12.2 lt 12.2_10

ge 11.4 lt 11.4_13

Problem Description

Two problems have been discovered in the FreeBSD TCP stack.

First, when a TCP packets containing a timestamp is received, inadequate checking of sequence numbers is performed, allowing an attacker to artificially increase the internal "recent" timestamp for a connection.

Second, a TCP packet with the SYN flag set is accepted for established connections, allowing an attacker to overwrite certain TCP options.

Impact

Using either of the two problems an attacker with knowledge of the local and remote IP and port numbers associated with a connection can cause a denial of service situation by stalling the TCP connection. The stalled TCP connection my be closed after some time by the other host.

Workaround

In some cases it may be possible to defend against these attacks by blocking the attack packets using a firewall. Packets used to effect either of these attacks would have spoofed source IP addresses.

ge 5.4 lt 5.4_3

ge 5.0 lt 5.3_17

ge 4.11 lt 4.11_11

< 4.10_16

Problem Description:

The SSL version 3 and TLS protocols support session renegotiation without cryptographically tying the new session parameters to the old parameters.

ge 6.3 lt 6.3_14

ge 6.4 lt 6.4_8

ge 7.1 lt 7.1_9

ge 7.2 lt 7.2_5

ge 8.0 lt 8.0_1

Problem Description:

There is a programming error in the Heimdal implementation that used an unauthenticated, plain-text version of the KDC-REP service name found in a ticket.

Impact:

An attacker who has control of the network between a client and the service it talks to will be able to impersonate the service, allowing a successful man-in-the-middle (MITM) attack that circumvents the mutual authentication.

ge 11.0 lt 11.0_11

ge 10.3 lt 10.3_20

OpenSSL reports:

High: OCSP Status Request extension unbounded memory growth

SSL_peek() hang on empty record

SWEET32 Mitigation

OOB write in MDC2_Update()

Malformed SHA512 ticket DoS

OOB write in BN_bn2dec()

OOB read in TS_OBJ_print_bio()

Pointer arithmetic undefined behaviour

Constant time flag not preserved in DSA signing

DTLS buffered message DoS

DTLS replay protection DoS

Certificate message OOB reads

Excessive allocation of memory in tls_get_message_header()

Excessive allocation of memory in dtls1_preprocess_fragment()

NB: LibreSSL is only affected by CVE-2016-6304

ge 1.1.0 lt 1.1.0_1

< 1.0.2i,1

< 1.0.1e_11

ge 10.3 lt 10.3_8

ge 10.2 lt 10.2_21

ge 10.1 lt 10.1_38

ge 9.3 lt 9.3_46

Problem Description:

Symlinks created using the "GNUTYPE_NAMES" tar extension can be absolute due to lack of proper sanity checks.

Impact:

If an attacker can get a user to extract a specially crafted tar archive the attacker can overwrite arbitrary files with the permissions of the user running gtar. If file system permissions allow it, this may allow the attacker to overwrite important system file (if gtar is being run as root), or important user configuration files such as .tcshrc or .bashrc, which would allow the attacker to run arbitrary commands.

Workaround:

Use "bsdtar", which is the default tar implementation in FreeBSD 5.3 and higher. For FreeBSD 4.x, bsdtar is available in the FreeBSD Ports Collection as ports/archivers/libarchive.

ge 5.5 lt 5.5_9

ge 4.11 lt 4.11_26

An input validation error was discovered in the kadmind code that handles the framing of Kerberos 4 compatibility administration requests. The code assumed that the length given in the framing was always two or more bytes. Smaller lengths will cause kadmind to read an arbitrary amount of data into a minimally-sized buffer on the heap.

A remote attacker may send a specially formatted message to kadmind, causing it to crash or possibly resulting in arbitrary code execution.

The kadmind daemon is part of Kerberos 5 support. However, this bug will only be present if kadmind was built with additional Kerberos 4 support. Thus, only systems that have *both* Heimdal Kerberos 5 and Kerberos 4 installed might be affected.

NOTE: On FreeBSD 4 systems, `kadmind' may be installed as `k5admind'.

< 0.6.1_1

ge 4.9 lt 4.9_7

ge 4.0 lt 4.8_20

Problem Description:

When using WPA2, EAPOL-Key frames with the Encrypted flag and without the MIC flag set, the data field was decrypted first without verifying the MIC. When the dta field was encrypted using RC4, for example, when negotiating TKIP as a pairwise cipher, the unauthenticated but decrypted data was subsequently processed. This opened wpa_supplicant(8) to abuse by decryption and recovery of sensitive information contained in EAPOL-Key messages.

See https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt for a detailed description of the bug.

Impact:

All users of the WPA2 TKIP pairwise cipher are vulnerable to information, for example, the group key.

ge 11.2 lt 11.2_2

ge 11.1 lt 11.1_13

ge 10.4 lt 10.4_11

Problem Description:

A function extracting the length from type-length-value encoding is not properly validating the submitted length.

Impact:

A remote user could cause, for example, an out-of-bounds read, decoding of unrelated data, or trigger a crash of the software such as bsnmpd resulting in a denial of service.

ge 12.0 lt 12.0_9

ge 11.3 lt 11.3_2

ge 11.2 lt 11.2_13

Problem description:

Due to a software defect a crafted query can cause named(8) to crash with an assertion failure.

ge 9.0 lt 9.0_6

ge 9.1 lt 9.1_1

Problem Description:

In multiple situations the host's jail rc.d(8) script does not check if a path inside the jail file system structure is a symbolic link before using the path. In particular this is the case when writing the output from the jail start-up to /var/log/console.log and when mounting and unmounting file systems inside the jail directory structure.

Impact:

Due to the lack of handling of potential symbolic links the host's jail rc.d(8) script is vulnerable to "symlink attacks". By replacing /var/log/console.log inside the jail with a symbolic link it is possible for the superuser (root) inside the jail to overwrite files on the host system outside the jail with arbitrary content. This in turn can be used to execute arbitrary commands with non-jailed superuser privileges.

Similarly, by changing directory mount points inside the jail file system structure into symbolic links, it may be possible for a jailed attacker to mount file systems which were meant to be mounted inside the jail at arbitrary points in the host file system structure, or to unmount arbitrary file systems on the host system.

NOTE WELL: The above vulnerabilities occur only when a jail is being started or stopped using the host's jail rc.d(8) script; once started (and until stopped), running jails cannot exploit this.

Workaround:

If the sysctl(8) variable security.jail.chflags_allowed is set to 0 (the default), setting the "sunlnk" system flag on /var, /var/log, /var/log/console.log, and all file system mount points and their parent directories inside the jail(s) will ensure that the console log file and mount points are not replaced by symbolic links. If this is done while jails are running, the administrator must check that an attacker has not replaced any directories with symlinks after setting the "sunlnk" flag.

ge 6.1 lt 6.1_12

ge 6.0 lt 6.0_17

ge 5.5 lt 5.5_15

Problem Description:

If ntpd receives a mode 7 (MODE_PRIVATE) request or error response from a source address not listed in either a 'restrict ... noquery' or a 'restrict ... ignore' section it will log the even and send a mode 7 error response.

ge 6.3 lt 6.3_15

ge 6.4 lt 6.4_9

ge 7.1 lt 7.1_10

ge 7.2 lt 7.2_6

ge 8.0 lt 8.0_2

Problem description:

The BIND daemon would crash when a query is made on a resource record with RDATA that exceeds 65535 bytes.

The BIND daemon would lock up when a query is made on specific combinations of RDATA.

ge 7.4 lt 7.4_11

ge 8.3 lt 8.3_5

ge 9.0 lt 9.0_5

OpenSSL project reports:

1. BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
2. Certificate verify crash with missing PSS parameter (CVE-2015-3194)
3. X509_ATTRIBUTE memory leak (CVE-2015-3195)
4. Race condition handling PSK identify hint (CVE-2015-3196)
5. Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)

< 1.0.2_5

ge 1.0.1 lt 1.0.2e

< 1.0.1e_7

ge 10.2 lt 10.2_8

ge 10.1 lt 10.1_25

ge 9.3 lt 9.3_31

Problem Description:

The bsnmpd(8) daemon is prone to a stack-based buffer-overflow when it has received a specifically crafted GETBULK PDU request.

Impact:

This issue could be exploited to execute arbitrary code in the context of the service daemon, or crash the service daemon, causing a denial-of-service.

ge 9.2 lt 9.2_3

ge 9.1 lt 9.1_10

ge 8.4 lt 8.4_7

ge 8.3 lt 8.3_14

Problem Description:

As is commonly the case, the IPv6 and ATM network layer ioctl request handlers are written in such a way that an unrecognized request is passed on unmodified to the link layer, which will either handle it or return an error code.

Network interface drivers, however, assume that the SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR and SIOCSIFNETMASK requests have been handled at the network layer, and therefore do not perform input validation or verify the caller's credentials. Typical link-layer actions for these requests may include marking the interface as "up" and resetting the underlying hardware.

Impact:

An unprivileged user with the ability to run arbitrary code can cause any network interface in the system to perform the link layer actions associated with a SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR or SIOCSIFNETMASK ioctl request; or trigger a kernel panic by passing a specially crafted address structure which causes a network interface driver to dereference an invalid pointer.

Although this has not been confirmed, the possibility that an attacker may be able to execute arbitrary code in kernel context cannot be ruled out.

ge 9.1 lt 9.1_7

ge 8.4 lt 8.4_4

ge 8.3 lt 8.3_11

The MIT Kerberos Team reports:

When an encryption key is supplied via the TELNET protocol, its length is not validated before the key is copied into a fixed-size buffer. Also see MITKRB5-SA-2011-008.

ge 7.3 lt 7.3_9

ge 7.4 lt 7.4_5

ge 8.1 lt 8.1_7

ge 8.2 lt 8.2_5

< 1.0.2_1

OpenSSL project reports:

DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)

DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)

no-ssl3 configuration sets method to NULL (CVE-2014-3569)

ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)

RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)

DH client certificates accepted without verification [Server] (CVE-2015-0205)

Certificate fingerprints can be modified (CVE-2014-8275)

Bignum squaring may produce incorrect results (CVE-2014-3570)

ge 1.0.1 lt 1.0.1_17

ge 1.0.1 lt 1.0.1k

< 1.0.1e_3

ge 10.1 lt 10.1_4

ge 10.0 lt 10.0_16

ge 9.3 lt 9.3_8

ge 8.4 lt 8.4_22

Network Time Foundation reports:

NTF's NTP Project has been notified of the following 1 medium-severity vulnerability that is fixed in ntp-4.2.8p5, released on Thursday, 7 January 2016:

NtpBug2956: Small-step/Big-step CVE-2015-5300

< 4.2.8p5

< 4.3.78

ge 10.2 lt 10.2_9

ge 10.1 lt 10.1_26

ge 9.3 lt 9.3_33

Problem Description:

Due to the interaction between devfs and VFS, a race condition exists where the kernel might dereference a NULL pointer.

Impact:

Successful exploitation of the race condition can lead to local kernel privilege escalation, kernel data corruption and/or crash.

To exploit this vulnerability, an attacker must be able to run code with user privileges on the target system.

Workaround:

An errata note, FreeBSD-EN-09:05.null has been released simultaneously to this advisory, and contains a kernel patch implementing a workaround for a more broad class of vulnerabilities. However, prior to those changes, no workaround is available.

ge 6.3 lt 6.3_13

ge 6.4 lt 6.4_7

ge 7.1 lt 7.1_8

ge 7.2 lt 7.2_4

Network Time Foundation reports:

NTF's NTP Project has been notified of the following low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p6, released on Tuesday, 19 January 2016:

• Bug 2948 / CVE-2015-8158: Potential Infinite Loop in ntpq. Reported by Cisco ASIG.
• Bug 2945 / CVE-2015-8138: origin: Zero Origin Timestamp Bypass. Reported by Cisco ASIG.
• Bug 2942 / CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode. Reported by Cisco ASIG.
• Bug 2940 / CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list. Reported by Cisco ASIG.
• Bug 2939 / CVE-2015-7977: reslist NULL pointer dereference. Reported by Cisco ASIG.
• Bug 2938 / CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames. Reported by Cisco ASIG.
• Bug 2937 / CVE-2015-7975: nextvar() missing length check. Reported by Cisco ASIG.
• Bug 2936 / CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers. Reported by Cisco ASIG.
• Bug 2935 / CVE-2015-7973: Deja Vu: Replay attack on authenticated broadcast mode. Reported by Cisco ASIG.

Additionally, mitigations are published for the following two issues:

• Bug 2947 / CVE-2015-8140: ntpq vulnerable to replay attacks. Reported by Cisco ASIG.
• Bug 2946 / CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin. Reported by Cisco ASIG.

< 4.2.8p6

< 4.3.90

ge 10.2 lt 10.2_11

ge 10.1 lt 10.1_28

ge 9.3 lt 9.3_35

Problem description:

A logic bug in pf's IP fragment cache may result in a packet fragment being inserted twice, violating a kernel invariant.

Impact:

By sending carefully crafted sequence of IP packet fragments, a remote attacker can cause a system running pf with a ruleset containing a 'scrub fragment crop' or 'scrub fragment drop-ovl' rule to crash.

Workaround:

Do not use 'scrub fragment crop' or 'scrub fragment drop-ovl' rules on systems running pf. In most cases, such rules can be replaced by 'scrub fragment reassemble' rules; see the pf.conf(5) manual page for more details.

Systems which do not use pf, or use pf but do not use the aforementioned rules, are not affected by this issue.

ge 6.0 lt 6.0_4

ge 5.4 lt 5.4_10

ge 5.3 lt 5.3_25

Problem description:

A programming error in the handling of some Linux system calls may result in memory locations being accessed without proper validation.

ge 7.4 lt 7.4_11

ge 8.3 lt 8.3_5

ge 9.0 lt 9.0_5

OpenSSL Reports:

A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.

Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

The bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.

The code used to handle the Heartbeat Extension does not do sufficient boundary checks on record length, which allows reading beyond the actual payload.

ge 1.0.1 lt 1.0.1_10

ge 1.0.1 lt 1.0.1g

ge 10.0 lt 10.0_1

Problem Description:

When the arc4random(9) random number generator is initialized, there may be inadequate entropy to meet the needs of kernel systems which rely on arc4random(9); and it may take up to 5 minutes before arc4random(9) is reseeded with secure entropy from the Yarrow random number generator.

Impact:

All security-related kernel subsystems that rely on a quality random number generator are subject to a wide range of possible attacks for the 300 seconds after boot or until 64k of random data is consumed. The list includes:

* GEOM ELI providers with onetime keys. When a provider is configured in a way so that it gets attached at the same time during boot (e.g. it uses the rc subsystem to initialize) it might be possible for an attacker to recover the encrypted data.

* GEOM shsec providers. The GEOM shsec subsytem is used to split a shared secret between two providers so that it can be recovered when both of them are present. This is done by writing the random sequence to one of providers while appending the result of the random sequence on the other host to the original data. If the provider was created within the first 300 seconds after booting, it might be possible for an attacker to extract the original data with access to only one of the two providers between which the secret data is split.

* System processes started early after boot may receive predictable IDs.

* The 802.11 network stack uses arc4random(9) to generate initial vectors (IV) for WEP encryption when operating in client mode and WEP authentication challenges when operating in hostap mode, which may be insecure.

* The IPv4, IPv6 and TCP/UDP protocol implementations rely on a quality random number generator to produce unpredictable IP packet identifiers, initial TCP sequence numbers and outgoing port numbers. During the first 300 seconds after booting, it may be easier for an attacker to execute IP session hijacking, OS fingerprinting, idle scanning, or in some cases DNS cache poisoning and blind TCP data injection attacks.

* The kernel RPC code uses arc4random(9) to retrieve transaction identifiers, which might make RPC clients vulnerable to hijacking attacks.

Workaround:

No workaround is available for affected systems.

ge 6.3 lt 6.3_6

ge 7.0 lt 7.0_6

ISC reports:

When configured to perform DNSSEC validation, named can crash when encountering a rare set of conditions in the managed trust anchors.

< 9.10.1P2

< 9.9.6P2

ge 9.3 lt 9.3_10

ge 8.4 lt 8.4_24

nwtime.org reports:

Three ntp vulnerabilities, Depending on configuration, may have little impact up to termination of the ntpd process.

NTP Bug 3610: Process_control() should exit earlier on short packets. On systems that override the default and enable ntpdc (mode 7) fuzz testing detected that a short packet will cause ntpd to read uninitialized data.

NTP Bug 3596: An unauthenticated unmonitored ntpd is vulnerable to attack on IPv4 with highly predictable transmit timestamps. An off-path attacker who can query time from the victim's ntp which receives time from an unauthenticated time source must be able to send from a spoofed IPv4 address of upstream ntp server and and the victim must be able to process a large number of packets with the spoofed IPv4 address of the upstream server. After eight or more successful attacks in a row the attacker can either modify the victim's clock by a small amount or cause ntpd to terminate. The attack is especially effective when unusually short poll intervals have been configured.

NTP Bug 3592: The fix for https://bugs.ntp.org/3445 introduced a bug such that a ntp can be prevented from initiating a time volley to its peer resulting in a DoS.

All three NTP bugs may result in DoS or terimation of the ntp daemon.

ge 11.3 lt 11.3_7

ge 12.1 lt 12.1_3

< 4.2.8p14

le 4.3.99_6

The OpenSSL project reports:

High: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default.

High: NULL pointer deref in signature_algorithms processing (CVE-2021-3449)

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack.

< 1.1.1k,1

ge 12.2 lt 12.2_5

The OpenSSL Project reports:

An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. [CVE-2014-0224]

By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. [CVE-2014-0221]

A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. [CVE-2014-0195]

OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack. [CVE-2014-3470]

ge 1.0.1 lt 1.0.1_13

ge 1.0.1 lt 1.0.1h

ge 8.0 lt 8.4_12

ge 9.1 lt 9.1_15

ge 9.2 lt 9.2_8

ge 10.0 lt 10.0_5

It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks.

< 6.9.p1_2,1

ge 10.1 lt 10.1_16

ge 9.3 lt 9.3_21

ge 8.4 lt 8.4_36

Problem Description:

In the FW_GCROM ioctl, a signed integer comparison is used instead of an unsigned integer comparison when computing the length of a buffer to be copied from the kernel into the calling application.

Impact:

A user in the "operator" group can read the contents of kernel memory. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way; for example, a terminal buffer might include a user-entered password.

Workaround:

No workaround is available, but systems without IEEE 1394 ("FireWire") interfaces are not vulnerable. (Note that systems with IEEE 1394 interfaces are affected regardless of whether any devices are attached.)

Note also that FreeBSD does not have any non-root users in the "operator" group by default; systems on which no users have been added to this group are therefore also not vulnerable.

ge 6.1 lt 6.1_11

ge 6.0 lt 6.2_16

ge 5.5 lt 5.5_9

ge 4.11 lt 4.11_26

Problem Description:

Potential side channel attacks in the SAE implementations used by both hostapd and wpa_supplicant (see CVE-2019-9494 and VU#871675). EAP-pwd uses a similar design for deriving PWE from the password and while a specific attack against EAP-pwd is not yet known to be tested, there is no reason to believe that the EAP-pwd implementation would be immune against the type of cache attack that was identified for the SAE implementation. Since the EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP peer) does not support MODP groups, the timing attack described against SAE is not applicable for the EAP-pwd implementation.

See https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt for a detailed description of the bug.

Impact:

All wpa_supplicant and hostapd versions with EAP-pwd support (CONFIG_EAP_PWD=y in the build configuration and EAP-pwd being enabled in the runtime configuration).

ge 12.0 lt 12.0_3

ge 11.2 lt 11.2_9

< 2.8

< 2.8

Vulnerability:

Such applications are affected if they use the option SSL_OP_MSIE_SSLV2_RSA_PADDING. This option is implied by use of SSL_OP_ALL, which is intended to work around various bugs in third-party software that might prevent interoperability. The SSL_OP_MSIE_SSLV2_RSA_PADDING option disables a verification step in the SSL 2.0 server supposed to prevent active protocol-version rollback attacks. With this verification step disabled, an attacker acting as a "man in the middle" can force a client and a server to negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0. The SSL 2.0 protocol is known to have severe cryptographic weaknesses and is supported as a fallback only.

Applications using neither SSL_OP_MSIE_SSLV2_RSA_PADDING nor SSL_OP_ALL are not affected. Also, applications that disable use of SSL 2.0 are not affected.

le 0.9.7g

ge 0.9.8 le 0.9.8_1

ge 0.9.*_20050325 le 0.9.*_20051011

le 0.9.8_1

ge 0.9.*_20050325 le 0.9.*_20051011

< 5.4.0.8

< 4.10_19

ge 4.11 lt 4.11_13

ge 5.3 lt 5.3_23

ge 5.4 lt 5.4_8

Problem description:

A part of the NFS server code charged with handling incoming RPC messages via TCP had an error which, when the server received a message with a zero-length payload, would cause a NULL pointer dereference which results in a kernel panic. The kernel will only process the RPC messages if a userland nfsd daemon is running.

Impact:

The NULL pointer deference allows a remote attacker capable of sending RPC messages to an affected FreeBSD system to crash the FreeBSD system.

Workaround:

1. Disable the NFS server: set the nfs_server_enable variable to "NO" in /etc/rc.conf, and reboot.

   Alternatively, if there are no active NFS clients (as listed by the showmount(8) utility), simply killing the mountd and nfsd processes should suffice.

2. Add firewall rules to block RPC traffic to the NFS server from untrusted hosts.

ge 6.0 lt 6.0_5

ge 5.4 lt 5.4_12

ge 5.3 lt 5.3_27

ge 4.11 lt 4.11_15

ge 4.10 lt 4.10_21

Problem Description

Two problems related to extraction of files exist in gzip:

The first problem is that gzip does not properly sanitize filenames containing "/" when uncompressing files using the -N command line option.

The second problem is that gzip does not set permissions on newly extracted files until after the file has been created and the file descriptor has been closed.

Impact

The first problem can allow an attacker to overwrite arbitrary local files when uncompressing a file using the -N command line option.

The second problem can allow a local attacker to change the permissions of arbitrary local files, on the same partition as the one the user is uncompressing a file on, by removing the file the user is uncompressing and replacing it with a hardlink before the uncompress operation is finished.

Workaround

Do not use the -N command line option on untrusted files and do not uncompress files in directories where untrusted users have write access.

ge 5.4 lt 5.4_2

ge 5.0 lt 5.3_16

ge 4.11 lt 4.11_10

ge 4.10 lt 4.10_15

ge 4.9 lt 4.9_18

< 4.8_33

< 1.3.5_2

Problem Description:

The BIND DNS implementation does not randomize the UDP source port when doing remote queries, and the query id alone does not provide adequate randomization.

Impact:

The lack of source port randomization reduces the amount of data the attacker needs to guess in order to successfully execute a DNS cache poisoning attack. This allows the attacker to influence or control the results of DNS queries being returned to users from target systems.

Workaround:

Limiting the group of machines that can do recursive queries on the DNS server will make it more difficult, but not impossible, for this vulnerability to be exploited.

To limit the machines able to perform recursive queries, add an ACL in named.conf and limit recursion like the following:

acl example-acl {

   192.0.2.0/24;

};

options {

	recursion yes;

	allow-recursion { example-acl; };

};

ge 6.3 lt 6.3_3

ge 7.0 lt 7.0_3

The syscons CONS_SCRSHOT ioctl(2) does insufficient validation of its input arguments. In particular, negative coordinates or large coordinates may cause unexpected behavior.

It may be possible to cause the CONS_SCRSHOT ioctl to return portions of kernel memory. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way. For example, a terminal buffer might include a user-entered password.

This bug may be exploitable by users who have access to the physical console or can otherwise open a /dev/ttyv* device node.

ge 5.0 lt 5.2.1_11

A remote attacker could cause an application using OpenSSL to crash by performing a specially crafted SSL/TLS handshake.

< 0.9.7d

ge 4.0 lt 4.8_17

ge 4.9 lt 4.9_4

ge 5.0 lt 5.1_16

ge 5.2 lt 5.2.1_3

A flaw in the OpenSSL handling of OCSP response verification could be exploited to cause a denial of service attack.

OpenSSL has a weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS. The weakness could reveal plaintext in a timing attack.

ge 8.3 lt 8.3_7

ge 9.0 lt 9.0_7

ge 9.1 lt 9.1_2

Problem Description:

When processing the SSH_MSG_KEXINIT message, the server could allocate up to a few hundreds of megabytes of memory per each connection, before any authentication take place.

Impact:

A remote attacker may be able to cause a SSH server to allocate an excessive amount of memory. Note that the default MaxStartups setting on FreeBSD will limit the effectiveness of this attack.

< 7.3p1_1

ge 11.0 lt 11.0_3

ge 10.3 lt 10.3_12

Problem description:

Because OpenSSH and OpenPAM have conflicting designs (one is event- driven while the other is callback-driven), it is necessary for OpenSSH to fork a child process to handle calls to the PAM framework. However, if the unprivileged child terminates while PAM authentication is under way, the parent process incorrectly believes that the PAM child also terminated. The parent process then terminates, and the PAM child is left behind.

Due to the way OpenSSH performs internal accounting, these orphaned PAM children are counted as pending connections by the master OpenSSH server process. Once a certain number of orphans has accumulated, the master decides that it is overloaded and stops accepting client connections.

Impact:

By repeatedly connecting to a vulnerable server, waiting for a password prompt, and closing the connection, an attacker can cause OpenSSH to stop accepting client connections until the system restarts or an administrator manually kills the orphaned PAM processes.

Workaround:

The following command will show a list of orphaned PAM processes:

# pgrep -lf 'sshd.*\[pam\]'

The following command will kill orphaned PAM processes:

# pkill -f 'sshd.*\[pam\]'

To prevent OpenSSH from leaving orphaned PAM processes behind, perform one of the following:

1. Disable PAM authentication in OpenSSH. Users will still be able to log in using their Unix password, OPIE or SSH keys.

   To do this, execute the following commands as root:

   # echo 'UsePAM no' >>/etc/ssh/sshd_config

   # echo 'PasswordAuthentication yes' >>/etc/ssh/sshd_config

   # /etc/rc.d/sshd restart

2. If disabling PAM is not an option - if, for instance, you use RADIUS authentication, or store user passwords in an SQL database - you may instead disable privilege separation. However, this may leave OpenSSH vulnerable to hitherto unknown bugs, and should be considered a last resort.

   To do this, execute the following commands as root:

   # echo 'UsePrivilegeSeparation no' >>/etc/ssh/sshd_config

   # /etc/rc.d/sshd restart

ge 5.4 lt 5.4_12

ge 5.3 lt 5.3_27

Problem description:

A number of issues has been discovered in cpio:

When creating a new file, cpio closes the file before setting its permissions. (CVE-2005-1111)

When extracting files cpio does not properly sanitize file names to filter out ".." components, even if the --no-absolute-filenames option is used. (CVE-2005-1229)

When adding large files (larger than 4 GB) to a cpio archive on 64-bit platforms an internal buffer might overflow. (CVE-2005-4268)

Impact

The first problem can allow a local attacker to change the permissions of files owned by the user executing cpio providing that they have write access to the directory in which the file is being extracted. (CVE-2005-1111)

The lack of proper file name sanitation can allow an attacker to overwrite arbitrary local files when extracting files from a cpio archive. (CVE-2005-1229)

The buffer-overflow on 64-bit platforms could lead cpio to a Denial-of-Service situation (crash) or possibly execute arbitrary code with the permissions of the user running cpio. (CVE-2005-4268)

Workaround

Use a different utility to create and extract cpio archives, for example pax(1) or (on FreeBSD 5.3 or later) tar(1). If this is not possible, do not extract untrusted archives and when running on 64-bit platforms do not add untrusted files to cpio archives.

ge 6.0 lt 6.0_2

ge 5.4 lt 5.4_9

ge 5.3 lt 5.3_24

ge 4.11 lt 4.11_14

ge 4.10 lt 4.10_20

Problem Description:

The default devfs rulesets are not loaded on boot, even when jails are used. Device nodes will be created in the jail with their normal default access permissions, while most of them should be hidden and inaccessible.

Impact:

Jailed processes can get access to restricted resources on the host system. For jailed processes running with superuser privileges this implies access to all devices on the system. This level of access could lead to information leakage and privilege escalation.

ge 10.0 lt 10.0_2

Problem Description

IPv6 routers may allow "on-link" IPv6 nodes to create and update the router's neighbor cache and forwarding information. A malicious IPv6 node sharing a common router but on a different physical segment from another node may be able to spoof Neighbor Discovery messages, allowing it to update router information for the victim node.

Impact:

An attacker on a different physical network connected to the same IPv6 router as another node could redirect IPv6 traffic intended for that node. This could lead to denial of service or improper access to private network traffic.

Workaround:

Firewall packet filters can be used to filter incoming Neighbor Solicitation messages but may interfere with normal IPv6 operation if not configured carefully.

Reverse path forwarding checks could be used to make gateways, such as routers or firewalls, drop Neighbor Solicitation messages from nodes with unexpected source addresses on a particular interface.

IPv6 router administrators are encouraged to read RFC 3756 for further discussion of Neighbor Discovery security implications.

ge 6.3 lt 6.3_5

ge 7.0 lt 7.0_5

SO-AND-SO reports:

A vulnerability was found in how wpa_supplicant processes EAPOL-Key frames. It is possible for an attacker to modify the frame in a way that makes wpa_supplicant decrypt the Key Data field without requiring a valid MIC value in the frame, i.e., without the frame being authenticated. This has a potential issue in the case where WPA2/RSN style of EAPOL-Key construction is used with TKIP negotiated as the pairwise cipher. It should be noted that WPA2 is not supposed to be used with TKIP as the pairwise cipher. Instead, CCMP is expected to be used and with that pairwise cipher, this vulnerability is not applicable in practice.

When TKIP is negotiated as the pairwise cipher, the EAPOL-Key Key Data field is encrypted using RC4. This vulnerability allows unauthenticated EAPOL-Key frames to be processed and due to the RC4 design, this makes it possible for an attacker to modify the plaintext version of the Key Data field with bitwise XOR operations without knowing the contents. This can be used to cause a denial of service attack by modifying GTK/IGTK on the station (without the attacker learning any of the keys) which would prevent the station from accepting received group-addressed frames. Furthermore, this might be abused by making wpa_supplicant act as a decryption oracle to try to recover some of the Key Data payload (GTK/IGTK) to get knowledge of the group encryption keys.

Full recovery of the group encryption keys requires multiple attempts (128 connection attempts per octet) and each attempt results in disconnection due to a failure to complete the 4-way handshake. These failures can result in the AP/network getting disabled temporarily or even permanently (requiring user action to re-enable) which may make it impractical to perform the attack to recover the keys before the AP has already changes the group keys. By default, wpa_supplicant is enforcing at minimum a ten second wait time between each failed connection attempt, i.e., over 20 minutes waiting to recover each octet while hostapd AP implementation uses 10 minute default for GTK rekeying when using TKIP. With such timing behavior, practical attack would need large number of impacted stations to be trying to connect to the same AP to be able to recover sufficient information from the GTK to be able to determine the key before it gets changed.

< 2.6_2

le 10.4_10

le 11.2_1

Problem Description:

A ftpd(8) bug in the implementation of the file system sandbox, combined with capabilities available to an authenticated FTP user, can be used to escape the file system restriction configured in ftpchroot(5). Moreover, the bug allows a malicious client to gain root privileges.

Impact:

A malicious FTP user can gain privileged access to an affected system.

ge 12.1 lt 12.1_10

ge 11.4 lt 11.4_4

ge 11.3 lt 11.3_14

Problem Description:

If a General Protection Fault happens on a FreeBSD/amd64 system while it is returning from an interrupt, trap or system call, the swapgs CPU instruction may be called one extra time when it should not resulting in userland and kernel state being mixed.

Impact:

A local attacker can by causing a General Protection Fault while the kernel is returning from an interrupt, trap or system call while manipulating stack frames and, run arbitrary code with kernel privileges.

The vulnerability can be used to gain kernel / supervisor privilege. This can for example be used by normal users to gain root privileges, to break out of jails, or bypass Mandatory Access Control (MAC) restrictions.

Workaround:

No workaround is available, but only systems running the 64 bit FreeBSD/amd64 kernels are vulnerable.

Systems with 64 bit capable CPUs, but running the 32 bit FreeBSD/i386 kernel are not vulnerable.

ge 6.3 lt 6.3_4

ge 7.0 lt 7.0_4

Problem Description:

There is a programming error in sendmail(8) that prevented open file descriptors have close-on-exec properly set. Consequently a subprocess will be able to access all open files that the parent process have open.

Impact:

A local user who can execute their own program for mail delivery will be able to interfere with an open SMTP connection.

ge 10.0 lt 10.0_4

ge 9.2 lt 9.2_7

ge 9.1 lt 9.1_14

ge 8.4 lt 8.4_11

Problem Description:

When downloading updates to FreeBSD via 'freebsd-update fetch' or 'freebsd-update upgrade', the freebsd-update(8) utility copies currently installed files into its working directory (/var/db/freebsd-update by default) both for the purpose of merging changes to configuration files and in order to be able to roll back installed updates.

The default working directory used by freebsd-update(8) is normally created during the installation of FreeBSD with permissions which allow all local users to see its contents, and freebsd-update(8) does not take any steps to restrict access to files stored in said directory.

ge 6.3 lt 6.3_14

ge 6.4 lt 6.4_8

ge 7.1 lt 7.1_9

ge 7.2 lt 7.2_5

ge 8.0 lt 8.0_1

Problem Description:

The OpenPAM library searches for policy definitions in several locations. While doing so, the absence of a policy file is a soft failure (handled by searching in the next location) while the presence of an invalid file is a hard failure (handled by returning an error to the caller).

The policy parser returns the same error code (ENOENT) when a syntactically valid policy references a non-existent module as when the requested policy file does not exist. The search loop regards this as a soft failure and looks for the next similarly-named policy, without discarding the partially-loaded configuration.

A similar issue can arise if a policy contains an include directive that refers to a non-existent policy.

Impact:

If a module is removed, or the name of a module is misspelled in the policy file, the PAM library will proceed with a partially loaded configuration. Depending on the exact circumstances, this may result in a fail-open scenario where users are allowed to log in without a password, or with an incorrect password.

In particular, if a policy references a module installed by a package or port, and that package or port is being reinstalled or upgraded, there is a brief window of time during which the module is absent and policies that use it may fail open. This can be especially damaging to Internet-facing SSH servers, which are regularly subjected to brute-force scans.

ge 9.2 lt 9.2_7

ge 10.0 lt 10.0_4

Problem Description:

There is no limit on the password length.

Impact:

A remote attacker may be able to cause an affected SSH server to use excessive amount of CPU by sending very long passwords, when PasswordAuthentication is enabled by the system administrator.

ge 11.1 lt 11.1_1

ge 11.0 lt 11.0_12

ge 10.3 lt 10.3_21

Problem Description:

A NULL pointer dereference in the initialization code of the HZ module and an out of bounds array access in the initialization code of the VIQR module make iconv_open(3) calls involving HZ or VIQR result in an application crash.

Impact:

Services where an attacker can control the arguments of an iconv_open(3) call can be caused to crash resulting in a denial-of-service. For example, an email encoded in HZ may cause an email delivery service to crash if it converts emails to a more generic encoding like UTF-8 before applying filtering rules.

ge 10.0 lt 10.0_6

Problem Description:

A specifically crafted Composite Document File (CDF) file can trigger an out-of-bounds read or an invalid pointer dereference. [CVE-2012-1571]

A flaw in regular expression in the awk script detector makes use of multiple wildcards with unlimited repetitions. [CVE-2013-7345]

A malicious input file could trigger infinite recursion in libmagic(3). [CVE-2014-1943]

A specifically crafted Portable Executable (PE) can trigger out-of-bounds read. [CVE-2014-2270]

Impact:

An attacker who can cause file(1) or any other applications using the libmagic(3) library to be run on a maliciously constructed input can the application to crash or consume excessive CPU resources, resulting in a denial-of-service.

ge 10.0 lt 10.0_6

ge 9.2 lt 9.2_9

ge 9.1 lt 9.1_16

ge 8.4 lt 8.4_13

The kernel interface for creating a snapshot of a filesystem is the same as that for changing the flags on that filesystem. Due to an oversight, the mksnap_ffs(8) command called that interface with only the snapshot flag set, causing all other flags to be reset to the default value.

A regularly scheduled backup of a live filesystem, or any other process that uses the mksnap_ffs command (for instance, to provide a rough undelete functionality on a file server), will clear any flags in effect on the filesystem being snapshot. Possible consequences depend on local usage, but can include disabling extended access control lists or enabling the use of setuid executables stored on an untrusted filesystem.

The mksnap_ffs command is normally only available to the superuser and members of the `operator' group. There is therefore no risk of a user gaining elevated privileges directly through use of the mksnap_ffs command unless it has been intentionally made available to unprivileged users.

ge 5.2 lt 5.2_1

ge 5.1 lt 5.1_12

Problem description

Due to insufficient parameter checking of the node type during device creation, any user can expose hidden device nodes on devfs mounted file systems within their jail. Device nodes will be created in the jail with their normal default access permissions.

Impact

Jailed processes can get access to restricted resources on the host system. For jailed processes running with superuser privileges this implies access to all devices on the system. This level of access can lead to information leakage and privilege escalation.

ge 5.4 lt 5.4_5

ge 5.* lt 5.3_19

Problem description

The ispell_op function used by ee(1) while executing spell check operations employs an insecure method of temporary file generation. This method produces predictable file names based on the process ID and fails to confirm which path will be over written with the user.

It should be noted that ispell does not have to be installed in order for this to be exploited. The option simply needs to be selected.

Impact

These predictable temporary file names are problematic because they allow an attacker to take advantage of a race condition in order to execute a symlink attack, which could allow them to overwrite files on the system in the context of the user running the ee(1) editor.

Workaround

Instead of invoking ispell through ee(1), invoke it directly.

ge 6.0 lt 6.0_2

ge 5.4 lt 5.4_9

ge 5.3 lt 5.3_24

ge 4.11 lt 4.11_14

ge 4.10 lt 4.10_20

Problem Description:

Due to a missing length check in the code that handles DNS parameters, a malformed router advertisement message can result in a stack buffer overflow in rtsold(8).

Impact:

Receipt of a router advertisement message with a malformed DNSSL option, for instance from a compromised host on the same network, can cause rtsold(8) to crash.

While it is theoretically possible to inject code into rtsold(8) through malformed router advertisement messages, it is normally compiled with stack protection enabled, rendering such an attack extremely difficult.

When rtsold(8) crashes, the existing DNS configuration will remain in force, and the kernel will continue to receive and process periodic router advertisements.

ge 10.0 lt 10.0_10

ge 9.3 lt 9.3_3

ge 9.2 lt 9.2_13

ge 9.1 lt 9.1_20

ISC reports:

An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit.

< 9.10.2P3

< 9.9.7P2

gt 0

ge 9.3 lt 9.3_21

ge 8.4 lt 8.4_35

Problem Description:

The input path in routed(8) will accept queries from any source and attempt to answer them. However, the output path assumes that the destination address for the response is on a directly connected network.

Impact:

Upon receipt of a query from a source which is not on a directly connected network, routed(8) will trigger an assertion and terminate. The affected system's routing table will no longer be updated. If the affected system is a router, its routes will eventually expire from other routers' routing tables, and its networks will no longer be reachable unless they are also connected to another router.

ge 10.0 lt 10.0_10

ge 9.3 lt 9.3_3

ge 9.2 lt 9.2_13

ge 9.1 lt 9.1_20

ge 8.4 lt 8.4_17

Problem Description:

Although OpenSSH is not multithreaded, when OpenSSH is compiled with Kerberos support, the Heimdal libraries bring in the POSIX thread library as a dependency. Due to incorrect library ordering while linking sshd(8), symbols in the C library which are shadowed by the POSIX thread library may not be resolved correctly at run time.

Note that this problem is specific to the FreeBSD build system and does not affect other operating systems or the version of OpenSSH available from the FreeBSD ports tree.

Impact:

An incorrectly linked sshd(8) child process may deadlock while handling an incoming connection. The connection may then time out or be interrupted by the client, leaving the deadlocked sshd(8) child process behind. Eventually, the sshd(8) parent process stops accepting new connections.

An attacker may take advantage of this by repeatedly connecting and then dropping the connection after having begun, but not completed, the authentication process.

ge 10.0 lt 10.0_12

ge 9.2 lt 9.2_15

ge 9.1 lt 9.1_22

Problem Description:

A malicious HTTP server could cause ftp(1) to execute arbitrary commands.

Impact:

When operating on HTTP URIs, the ftp(1) client follows HTTP redirects, and uses the part of the path after the last '/' from the last resource it accesses as the output filename if '-o' is not specified.

If the output file name provided by the server begins with a pipe ('|'), the output is passed to popen(3), which might be used to execute arbitrary commands on the ftp(1) client machine.

ge 10.0 lt 10.0_12

ge 9.3 lt 9.3_5

ge 9.2 lt 9.2_15

ge 9.1 lt 9.1_22

ge 8.4 lt 8.4_19

Problem Description:

A programming error in the standard I/O library's __sflush() function could erroneously adjust the buffered stream's internal state even when no write actually occurred in the case when write(2) system call returns an error.

Impact:

The accounting mismatch would accumulate, if the caller does not check for stream status and will eventually lead to a heap buffer overflow.

Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program.

ge 10.1 lt 10.1_1

An integer overflow condition in fetch(1) in the processing of HTTP headers can result in a buffer overflow.

A malicious server or CGI script can respond to an HTTP or HTTPS request in such a manner as to cause arbitrary portions of the client's memory to be overwritten, allowing for arbitrary code execution.

ge 5.3 lt 5.3_1

ge 5.2.1 lt 5.2.1_12

ge 5.1 lt 5.1_18

ge 5.0 lt 5.0_22

ge 4.10 lt 4.10_4

ge 4.9 lt 4.9_13

ge 4.8 lt 4.8_26

< 4.7_28

Problem Description:

When parsing option 119 data, dhclient(8) computes the uncompressed domain list length so that it can allocate an appropriately sized buffer to store the uncompressed list. The code to compute the length failed to handle certain malformed input, resulting in a heap overflow when the uncompressed list is copied into in inadequately sized buffer.

Impact:

The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit. However, it is possible the bug could be combined with other vulnerabilities to escape the sandbox.

ge 12.1 lt 12.1_9

ge 11.4 lt 11.4_3

ge 11.3 lt 11.3_13

Problem Description:

A programming error in the OPIE library could allow an off-by-one buffer overflow to write a single zero byte beyond the end of an on-stack buffer.

ge 6.4 lt 6.4_10

ge 7.1 lt 7.1_12

ge 7.2 lt 7.2_8

ge 7.3 lt 7.3_1

ge 8.0 lt 8.0_3

ISC reports:

A specially crafted query that includes malformed rdata can cause named to terminate with an assertion failure while rejecting the malformed query.

gt 9.9.3 lt 9.9.3.2

gt 9.9.3 lt 9.9.3.2

gt 9.8.5 lt 9.8.5.2

gt 9.8.5 lt 9.8.5.2

ge 9.0 lt 9.1_5

ge 8.4 lt 8.4_2

Problem Description:

The read-only flag is not correctly copied when a mbuf buffer reference is duplicated. When the sendfile(2) system call is used to transmit data over the loopback interface, this can result in the backing pages for the transmitted file being modified, causing data corruption.

ge 7.1 lt 7.1_13

ge 7.3 lt 7.3_2

ge 8.0 lt 8.0_4

Problem Description:

The SNMP protocol supports an authentication model called USM, which relies on a shared secret. The default permission of the snmpd configuration file, /etc/snmpd.config, is weak and does not provide adequate protection against local unprivileged users.

Impact:

A local user may be able to read the shared secret, if configured and used by the system administrator.

ge 10.2 lt 10.2_9

ge 10.1 lt 10.1_26

ge 9.3 lt 9.3_33

Problem description:

A buffer allocated from the kernel stack may not be completely initialized before being copied to userland. [CVE-2006-0379]

A logic error in computing a buffer length may allow too much data to be copied into userland. [CVE-2006-0380]

Impact:

Portions of kernel memory may be disclosed to local users. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way. For example, a terminal buffer might include a user-entered password.

Workaround:

No workaround is available.

ge 6.0 lt 6.0_4

Problem Description:

A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP3) shares the RSA keys of the non-vulnerable server. This vulnerability is known as DROWN. [CVE-2016-0800]

A double free bug was discovered when OpenSSL parses malformed DSA private keys and could lead to a DoS attack or memory corruption for applications that receive DSA private keys from untrusted sources. This scenario is considered rare. [CVE-2016-0705]

The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory management semantics; the returned pointer was sometimes newly allocated, and sometimes owned by the callee. The calling code has no way of distinguishing these two cases. [CVE-2016-0798]

In the BN_hex2bn function, the number of hex digits is calculated using an int value |i|. Later |bn_expand| is called with a value of |i * 4|. For large values of |i| this can result in |bn_expand| not allocating any memory because |i * 4| is negative. This can leave the internal BIGNUM data field as NULL leading to a subsequent NULL pointer dereference. For very large values of |i|, the calculation |i * 4| could be a positive value smaller than |i|. In this case memory is allocated to the internal BIGNUM data field, but it is insufficiently sized leading to heap corruption. A similar issue exists in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn is ever called by user applications with very large untrusted hex/dec data. This is anticipated to be a rare occurrence. [CVE-2016-0797]

The internal |fmtstr| function used in processing a "%s" formatted string in the BIO_*printf functions could overflow while calculating the length of a string and cause an out-of-bounds read when printing very long strings. [CVE-2016-0799]

A side-channel attack was found which makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture which could lead to the recovery of RSA keys. [CVE-2016-0702]

s2_srvr.c did not enforce that clear-key-length is 0 for non-export ciphers. If clear-key bytes are present for these ciphers, they displace encrypted-key bytes. [CVE-2016-0703]

s2_srvr.c overwrites the wrong bytes in the master key when applying Bleichenbacher protection for export cipher suites. [CVE-2016-0704]

Impact:

Servers that have SSLv2 protocol enabled are vulnerable to the "DROWN" attack which allows a remote attacker to fast attack many recorded TLS connections made to the server, even when the client did not make any SSLv2 connections themselves.

An attacker who can supply malformed DSA private keys to OpenSSL applications may be able to cause memory corruption which would lead to a Denial of Service condition. [CVE-2016-0705]

An attacker connecting with an invalid username can cause memory leak, which could eventually lead to a Denial of Service condition. [CVE-2016-0798]

An attacker who can inject malformed data into an application may be able to cause memory corruption which would lead to a Denial of Service condition. [CVE-2016-0797, CVE-2016-0799]

A local attacker who has control of code in a thread running on the same hyper-threaded core as the victim thread which is performing decryptions could recover RSA keys. [CVE-2016-0702]

An eavesdropper who can intercept SSLv2 handshake can conduct an efficient divide-and-conquer key recovery attack and use the server as an oracle to determine the SSLv2 master-key, using only 16 connections to the server and negligible computation. [CVE-2016-0703]

An attacker can use the Bleichenbacher oracle, which enables more efficient variant of the DROWN attack. [CVE-2016-0704]

ge 10.2 lt 10.2_13

ge 10.1 lt 10.1_30

ge 9.3 lt 9.3_38

MITRE reports:

Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.

Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.

Libarchive issue tracker reports:

Using a crafted tar file bsdtar can perform an out-of-bounds memory read which will lead to a SEGFAULT. The issue exists when the executable skips data in the archive. The amount of data to skip is defined in byte offset [16-19] If ASLR is disabled, the issue can lead to an infinite loop.

< 3.1.2_5,1

ge 10.3 lt 10.3_4

ge 10.2 lt 10.2_18

ge 10.1 lt 10.1_35

ge 9.3 lt 9.3_43

OpenSSL reports:

A flaw in the implementation of Montgomery Ladder Approach would create a side-channel that leaks sensitive timing information.

A local attacker might be able to snoop a signing process and might recover the signing key from it.

ge 1.0.1 lt 1.0.1_10

ge 1.0.1 lt 1.0.1g

ge 8.3 lt 8.3_15

ge 8.4 lt 8.4_8

ge 9.1 lt 9.1_11

ge 9.2 lt 9.2_4

ge 10.0 lt 10.0_1

Problem Description:

Multiple vulnerabilities have been discovered in the NTP suite:

The fix for Sec 3007 in ntp-4.2.8p7 contained a bug that could cause ntpd to crash. [CVE-2016-4957, Reported by Nicolas Edet of Cisco]

An attacker who knows the origin timestamp and can send a spoofed packet containing a CRYPTO-NAK to an ephemeral peer target before any other response is sent can demobilize that association. [CVE-2016-4953, Reported by Miroslav Lichvar of Red Hat]

An attacker who is able to spoof packets with correct origin timestamps from enough servers before the expected response packets arrive at the target machine can affect some peer variables and, for example, cause a false leap indication to be set. [CVE-2016-4954, Reported by Jakub Prokes of Red Hat]

An attacker who is able to spoof a packet with a correct origin timestamp before the expected response packet arrives at the target machine can send a CRYPTO_NAK or a bad MAC and cause the association's peer variables to be cleared. If this can be done often enough, it will prevent that association from working. [CVE-2016-4955, Reported by Miroslav Lichvar of Red Hat]

The fix for NtpBug2978 does not cover broadcast associations, so broadcast clients can be triggered to flip into interleave mode. [CVE-2016-4956, Reported by Miroslav Lichvar of Red Hat.]

Impact:

Malicious remote attackers may be able to break time synchronization, or cause the ntpd(8) daemon to crash.

ge 10.3 lt 10.3_5

ge 10.2 lt 10.2_19

ge 10.1 lt 10.1_36

ge 9.3 lt 9.3_44

Problem Description:

The implementation of bspatch does not check for a negative value on numbers of bytes read from the diff and extra streams, allowing an attacker who can control the patch file to write at arbitrary locations in the heap.

This issue was first discovered by The Chromium Project and reported independently by Lu Tung-Pin to the FreeBSD project.

Impact:

An attacker who can control the patch file can cause a crash or run arbitrary code under the credentials of the user who runs bspatch, in many cases, root.

ge 10.3 lt 10.3_6

ge 10.2 lt 10.2_20

ge 10.1 lt 10.1_37

ge 9.3 lt 9.3_45

Problem Description:

Various user defined input such as mount points, devices, and mount options are prepared and passed as arguments to nmount(2) into the kernel. Under certain error conditions, user defined data will be copied into a stack allocated buffer stored in the kernel without sufficient bounds checking.

Impact:

If the system is configured to allow unprivileged users to mount file systems, it is possible for a local adversary to exploit this vulnerability and execute code in the context of the kernel.

Workaround:

It is possible to work around this issue by allowing only privileged users to mount file systems by running the following sysctl(8) command:

# sysctl vfs.usermount=0

ge 6.3 lt 6.3_4

ge 7.0 lt 7.0_4

Problem Description:

Side channel attacks in the SAE implementations used by both hostapd (AP) and wpa_supplicant (infrastructure BSS station/mesh station). SAE (Simultaneous Authentication of Equals) is also known as WPA3-Personal. The discovered side channel attacks may be able to leak information about the used password based on observable timing differences and cache access patterns. This might result in full password recovery when combined with an offline dictionary attack and if the password is not strong enough to protect against dictionary attacks.

See https://w1.fi/security/2019-1/sae-side-channel-attacks.txt for a detailed description of the bug.

Impact:

All wpa_supplicant and hostapd versions with SAE support (CONFIG_SAE=y in the build configuration and SAE being enabled in the runtime configuration).

ge 12.0 lt 12.0_3

ge 11.2 lt 11.2_9

< 2.8

< 2.8

The OpenSSL team reports:

• Missing DHE man-in-the-middle protection (Logjam) (CVE-2015-4000)
• Malformed ECParameters causes infinite loop (CVE-2015-1788)
• Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
• PKCS#7 crash with missing EnvelopedContent (CVE-2015-1790)
• CMS verify infinite loop with unknown hash function (CVE-2015-1792)
• Race condition handling NewSessionTicket (CVE-2015-1791)
• Invalid free in DTLS (CVE-2014-8176)

< 1.0.2_2

ge 1.0.1 lt 1.0.2b

< 1.0.1e_6

< 2.1.7

ge 10.1 lt 10.1_12

ge 9.3 lt 9.3_16

ge 8.4 lt 8.4_30

Problem Description:

When named(8) receives a specially crafted dynamic update message an internal assertion check is triggered which causes named(8) to exit.

To trigger the problem, the dynamic update message must contains a record of type "ANY" and at least one resource record set (RRset) for this fully qualified domain name (FQDN) must exist on the server.

Impact:

An attacker which can send DNS requests to a nameserver can cause it to exit, thus creating a Denial of Service situation.

Workaround:

No generally applicable workaround is available, but some firewalls may be able to prevent nsupdate DNS packets from reaching the nameserver.

NOTE WELL: Merely configuring named(8) to ignore dynamic updates is NOT sufficient to protect it from this vulnerability.

< 9.3.6.1.1

< 9.4.3.3

ge 6.3 lt 6.3_12

ge 6.4 lt 6.4_6

ge 7.1 lt 7.1_7

ge 7.2 lt 7.2_3

Problem description

A fixed-size buffer is used in the decompression of data streams. Due to erronous analysis performed when zlib was written, this buffer, which was belived to be sufficiently large to handle any possible input stream, is in fact too small.

Impact

A carefully constructed compressed data stream can result in zlib overwriting some data structures. This may cause applications to halt, resulting in a denial of service; or it may result in an attacker gaining elevated privileges.

< 9.3_1

ge 5.4 lt 5.4_6

ge 5.3 lt 5.3_20

Problem Description:

While parsing the exports(5) table, a network mask in the form of "-network=netname/prefixlength" results in an incorrect network mask being computed if the prefix length is not a multiple of 8.

For example, specifying the ACL for an export as "-network 192.0.2.0/23" would result in a netmask of 255.255.127.0 being used instead of the correct netmask of 255.255.254.0.

ge 7.3 lt 7.3_5

ge 7.4 lt 7.4_1

ge 8.1 lt 8.1_3

ge 8.2 lt 8.2_1

The OpenSSL Project reports:

A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. [CVE-2014-3508]

The issue affects OpenSSL clients and allows a malicious server to crash the client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. [CVE-2014-5139]

If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory. [CVE-2014-3509]

An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack. [CVE-2014-3505]

An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack. [CVE-2014-3506]

By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack. [CVE-2014-3507]

OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages. [CVE-2014-3510]

A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher protocol version, by modifying the client's TLS records. [CVE-2014-3511]

A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected. [CVE-2014-3512]

ge 1.0.1 lt 1.0.1_14

ge 1.0.1 lt 1.0.1i

ge 8.4 lt 8.4_15

ge 9.1 lt 9.1_18

ge 9.2 lt 9.2_11

ge 9.3 lt 9.3_1

ge 10.0 lt 10.0_8

Problem Description:

When writing data into a buffer in the file_printf function, the length of the unused portion of the buffer is not correctly tracked, resulting in a buffer overflow when processing certain files.

Impact:

An attacker who can cause file(1) to be run on a maliciously constructed input can cause file(1) to crash. It may be possible for such an attacker to execute arbitrary code with the privileges of the user running file(1).

The above also applies to any other applications using the libmagic(3) library.

Workaround:

No workaround is available, but systems where file(1) and other libmagic(3)-using applications are never run on untrusted input are not vulnerable.

< 4.21

ge 6.2 lt 6.2_5

ge 6.1 lt 6.1_17

ge 5.5 lt 5.5_13

Problem Description:

The implementation of lib9p's handling of RWALK messages was missing a bounds check needed when unpacking the message contents. The missing check means that the receipt of a specially crafted message will cause lib9p to overwrite unrelated memory.

Impact:

The bug can be triggered by a malicious bhyve guest kernel to overwrite memory in the bhyve(8) process. This could potentially lead to user-mode code execution on the host, subject to bhyve's Capsicum sandbox.

ge 13.1 lt 13.1_1

ge 13.0 lt 13.0_12

A programming error in the handling of some Linux system calls may result in memory locations being accessed without proper validation.

It may be possible for a local attacker to read and/or overwrite portions of kernel memory, resulting in disclosure of sensitive information or potential privilege escalation. A local attacker can cause a system panic.

ge 4.9 lt 4.9_10

ge 4.8 lt 4.8_23

Problem Description

An error in the handling of corrupt compressed data streams can result in a buffer being overflowed.

Impact

By carefully crafting a corrupt compressed data stream, an attacker can overwrite data structures in a zlib-using application. This may cause the application to halt, causing a denial of service; or it may result in the attacker gaining elevated privileges.

< 0.4.1

ge 5.4 lt 5.4_4

ge 5.3 lt 5.3_18

A programming error has been found in the jail_attach(2) system call which affects the way that system call verifies the privilege level of the calling process. Instead of failing immediately if the calling process was already jailed, the jail_attach system call would fail only after changing the calling process's root directory.

A process with superuser privileges inside a jail could change its root directory to that of a different jail, and thus gain full read and write access to files and directories within the target jail.

ge 5.1 lt 5.1_14

ge 5.2 lt 5.2.1

The Internet Systems Consortium reports:

Organizations across the Internet reported crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crashed after logging an error in query.c with the following message: "INSIST(! dns_rdataset_isassociated(sigrdataset))" Multiple versions were reported being affected, including all currently supported release versions of ISC BIND 9.

Because it may be possible to trigger this bug even on networks that do not allow untrusted users to access the recursive name servers (perhaps via specially crafted e-mail messages, and/or malicious web sites) it is recommended that ALL operators of recursive name servers upgrade immediately.

ge 7.3 lt 7.3_9

ge 7.4 lt 7.4_5

ge 8.1 lt 8.1_7

ge 8.2 lt 8.2_5

< 9.6.3.1.ESV.R5.1

< 9.7.4.1

< 9.8.1.1

Problem Description

A race condition exists in the pipe close() code relating to kqueues, causing use-after-free for kernel memory, which may lead to an exploitable NULL pointer vulnerability in the kernel, kernel memory corruption, and other unpredictable results.

Impact:

Successful exploitation of the race condition can lead to local kernel privilege escalation, kernel data corruption and/or crash.

To exploit this vulnerability, an attacker must be able to run code on the target system.

Workaround

An errata notice, FreeBSD-EN-09:05.null has been released simultaneously to this advisory, and contains a kernel patch implementing a workaround for a more broad class of vulnerabilities. However, prior to those changes, no workaround is available.

ge 6.3 lt 6.4_7

ge 6.4 lt 6.3_13

OpenSSL reports:

Critical vulnerability in OpenSSL 1.1.0a

Fix Use After Free for large message sizes (CVE-2016-6309)

Moderate vulnerability in OpenSSL 1.0.2i

Missing CRL sanity check (CVE-2016-7052)

< 1.0.2j,1

< 1.1.0b

< 2.4.3

< 2.4.3

ge 11.0 lt 11.0_1

Problem Description:

If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer overread. [CVE-2017-3735]

There is a carry propagating bug in the x86_64 Montgomery squaring procedure. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. [CVE-2017-3736] This bug only affects FreeBSD 11.x.

Impact:

Application using OpenSSL may display erroneous certificate in text format. [CVE-2017-3735]

Mishandling of carry propagation will produce incorrect output, and make it easier for a remote attacker to obtain sensitive private-key information. No EC algorithms are affected, analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely.

Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. [CVE-2017-3736]

ge 11.1 lt 11.1_5

ge 11.0 lt 11.0_16

ge 10.4 lt 10.4_4

ge 10.3 lt 10.3_25

RedHat reports:

Thomas Jarosch of Intra2net AG reported a number of denial of service issues (resource consumption) in the ELF parser used by file(1). These issues were fixed in the 5.21 release of file(1), but by mistake are missing from the changelog.

< 5.21

ge 8.4 lt 8.4_20

ge 9.1 lt 9.1_23

ge 9.2 lt 9.2_16

ge 9.3 lt 9.3_6

ge 10.0 lt 10.0_13

ge 10.1 lt 10.1_1

The OpenSSL project reports:

SM2 Decryption Buffer Overflow (CVE-2021-3711: High)

Read buffer overruns processing ASN.1 strings (CVE-2021-3712: Moderate)

< 1.1.1l,1

< 3.0.0.b3

ge 13.0 lt 13.0_4

ge 12.2 lt 12.2_10

The OpenSSL project reports:

Null pointer deref in X509_issuer_and_serial_hash() CVE-2021-23841

(Moderate) The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack.

Integer overflow in CipherUpdate CVE-2021-23840

(Low) Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash.

< 1.1.1j,1

< 3.0.0.a12

ge 12.2 lt 12.2_10

ge 11.4 lt 11.4_13

Jonathan Heusser discovered vulnerabilities in tcpdump's L2TP, ISAKMP, and RADIUS protocol handlers. These vulnerabilities may be used by an attacker to crash a running `tcpdump' process.

< 3.8.1_351

< 5.2.1

Problem Description:

When replaying setattr transaction, the replay code would set the attributes with certain insecure defaults, when the logged transaction did not touch these attributes.

ge 7.1 lt 7.1_10

ge 7.2 lt 7.2_6

ge 8.0 lt 8.0_2

Problem Description:

When hostapd is used to operate an access point with SAE (Simultaneous Authentication of Equals; also known as WPA3-Personal), an invalid authentication sequence could result in the hostapd process terminating due to a NULL pointer dereference when processing SAE confirm message. This was caused by missing state validation steps when processing the SAE confirm message in hostapd/AP mode.

See https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt for a detailed description of the bug.

Impact:

All hostapd versions with SAE support (CONFIG_SAE=y in the build configuration and SAE being enabled in the runtime configuration).

ge 12.0 lt 12.0_3

ge 11.2 lt 11.2_9

< 2.8

< 2.8

OpenSSL project reports:

• Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204). OpenSSL only.
• Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
• ASN.1 structure reuse memory corruption (CVE-2015-0287)
• PKCS#7 NULL pointer dereferences (CVE-2015-0289)
• Base64 decode (CVE-2015-0292). OpenSSL only.
• DoS via reachable assert in SSLv2 servers (CVE-2015-0293). OpenSSL only.
• Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
• X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)

ge 1.0.1 lt 1.0.1_19

ge 1.0.1 lt 1.0.1m

< 1.0.1e_4

le 2.1.5_1

ge 10.1 lt 10.1_8

ge 9.3 lt 9.3_12

ge 8.4 lt 8.4_26

Problem Description:

Invoking SSL_read()/SSL_write() while in an error state causes data to be passed without being decrypted/encrypted directly from the SSL/TLS record layer.

In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. [CVE-2017-3737]

There is an overflow bug in the x86_64 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). [CVE-2017-3738] This bug only affects FreeBSD 11.x.

Impact:

Applications with incorrect error handling may inappropriately pass unencrypted data. [CVE-2017-3737]

Mishandling of carry propagation will produce incorrect output, and make it easier for a remote attacker to obtain sensitive private-key information. No EC algorithms are affected and analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely.

Attacks against DH1024 are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. [CVE-2017-3738]

ge 11.1 lt 11.1_6

ge 10.4 lt 10.4_5

ge 10.3 lt 10.3_26

Problem Description

Several tcpdump protocol decoders contain programming errors which can cause them to go into infinite loops.

Impact

An attacker can inject specially crafted packets into the network which, when processed by tcpdump, could lead to a denial-of-service. After the attack, tcpdump would no longer capture traffic, and would potentially use all available processor time.

ge 5.4 lt 5.4_2

ge 5.3 lt 5.3_16

< 3.8.3_2

Problem Description:

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field.

Impact:

Applications that call inflateGetHeader may be vulnerable to a buffer overflow. Note that inflateGetHeader is not used by anything in the FreeBSD base system, but may be used by third party software.

ge 13.1 lt 13.1_2

ge 13.0 lt 13.0_13

ge 12.3 lt 12.3_7

Problem Description:

EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP peer) does not to validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to NULL pointer dereference.

See https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt for a detailed description of the bug.

Impact:

All wpa_supplicant and hostapd versions with EAP-pwd support could suffer a denial of service attack through process termination.

ge 12.0 lt 12.0_3

ge 11.2 lt 11.2_9

< 2.8

< 2.8

NLNetLabs reports:

This release fixes CVE-2020-12662 and CVE-2020-12663.

Bug Fixes:

• CVE-2020-12662 Unbound can be tricked into amplifying an incoming query into a large number of queries directed to a target.
• CVE-2020-12663 Malformed answers from upstream name servers can be used to make Unbound unresponsive.

< 1.10.1

ge 12.1 lt 12.1_7

ge 11.4 lt 11.4_1

ge 11.3 lt 11.3_11

Problem Description:

Certain VirtIO-based device models failed to handle errors when fetching I/O descriptors. Such errors could be triggered by a malicious guest. As a result, the device model code could be tricked into operating on uninitialized I/O vectors, leading to memory corruption.

Impact:

A malicious guest may be able to crash the bhyve process. It may be possible to exploit the memory corruption bugs to achieve arbitrary code execution in the bhyve process.

ge 13.0 lt 13.0_4

ge 12.2 lt 12.2_10

ge 11.4 lt 11.4_13

Problem Description:

A regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when they should not. This means that rules denying access may be ignored.

Impact:

The configuration in login.access(5) may not be applied, permitting login access to users even when the system is configured to deny it.

ge 12.2 lt 12.2_4

ge 11.4 lt 11.4_8

ISC reports:

Named is potentially vulnerable to the OpenSSL vulnerability described in CVE-2015-3193.

Incorrect reference counting could result in an INSIST failure if a socket error occurred while performing a lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945]

Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted, triggering a REQUIRE failure when those records were subsequently cached. This flaw is disclosed in CVE-2015-8000. [RT #40987]

< 9.9.8P2

< 9.10.3P2

< 9.11.0.a20151215

ge 9.3 lt 9.3_32

ISC reports:

We have today posted updated versions of 9.9.6 and 9.10.1 to address a significant security vulnerability in DNS resolution. The flaw was discovered by Florian Maury of ANSSI, and applies to any recursive resolver that does not support a limit on the number of recursions. [CERTFR-2014-AVI-512], [USCERT VU#264212]

A flaw in delegation handling could be exploited to put named into an infinite loop, in which each lookup of a name server triggered additional lookups of more name servers. This has been addressed by placing limits on the number of levels of recursion named will allow (default 7), and on the number of queries that it will send before terminating a recursive query (default 50). The recursion depth limit is configured via the max-recursion-depth option, and the query limit via the max-recursion-queries option. For more information, see the security advisory at https://kb.isc.org/article/AA-01216/. [CVE-2014-8500] [RT #37580]

In addition, we have also corrected a potential security vulnerability in the GeoIP feature in the 9.10.1 release only. For more information on this issue, see the security advisory at https://kb.isc.org/article/AA-01217. [CVE-2014-8680]

< 9.9.6

gt 0

ge 9.3 lt 9.3_6

ge 9.2 lt 9.2_16

ge 9.1 lt 9.1_23

ge 8.4 lt 8.4_20

Due to insufficient permission checks in the virtual memory system, a tracing process (such as a debugger) may be able to modify portions of the traced process's address space to which the traced process itself does not have write access.

ge 9.0 lt 9.1_4

Problem Description:

When running setuid programs rtld will normally remove potentially dangerous environment variables. Due to recent changes in FreeBSD environment variable handling code, a corrupt environment may result in attempts to unset environment variables failing.

ge 7.1 lt 7.1_9

ge 7.2 lt 7.2_5

ge 8.0 lt 8.0_1

Problem description:

FreeBSD/amd64 runs on CPUs from different vendors. Due to varying behaviour of CPUs in 64 bit mode a sanity check of the kernel may be insufficient when returning from a system call.

Successful exploitation of the problem can lead to local kernel privilege escalation, kernel data corruption and/or crash. To exploit this vulnerability, an attacker must be able to run code with user privileges on the target system.

ge 7.4 lt 7.4_9

ge 8.1 lt 8.1_12

ge 8.2 lt 8.2_9

ge 8.3 lt 8.3_3

ge 9.0 lt 9.0_3

Network Time Foundation reports:

The NTP Project at Network Time Foundation is releasing ntp-4.2.8p11.

This release addresses five security issues in ntpd:

• LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability: ephemeral association attack
• INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak
• LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated ephemeral associations
• LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode cannot recover from bad state
• LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet can reset authenticated interleaved association

one security issue in ntpq:

• MEDIUM: Sec 3414 / CVE-2018-7183 / VU#961909: ntpq:decodearr() can write beyond its buffer limit

and provides over 33 bugfixes and 32 other improvements.

ge 11.1 lt 11.1_7

ge 10.4 lt 10.4_6

ge 10.3 lt 10.3_27

< 4.2.8p11

gt 0

Problem Description:

Under certain conditions involving use of the highlight buffer while text is scrolling on the console, console data may overwrite data structures associated with the system console or other kernel memory.

Impact:

Users with access to the system console may be able to cause system misbehaviour.

ge 13.0 lt 13.0_6

ge 12.2 lt 12.2_12

Network Time Foundation reports:

NTF's NTP Project has been notified of the following low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p7, released on Tuesday, 26 April 2016:

• Bug 3020 / CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering. Reported by Matt Street and others of Cisco ASIG
• Bug 3012 / CVE-2016-1549: Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY. Reported by Matthew Van Gundy of Cisco ASIG
• Bug 3011 / CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion botch. Reported by Yihan Lian of the Cloud Security Team, Qihoo 360
• Bug 3010 / CVE-2016-2517: Remote configuration trustedkey/requestkey values are not properly validated. Reported by Yihan Lian of the Cloud Security Team, Qihoo 360
• Bug 3009 / CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC. Reported by Yihan Lian of the Cloud Security Team, Qihoo 360
• Bug 3008 / CVE-2016-2519: ctl_getitem() return value not always checked. Reported by Yihan Lian of the Cloud Security Team, Qihoo 360
• Bug 3007 / CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos. Reported by Stephen Gray and Matthew Van Gundy of Cisco ASIG
• Bug 2978 / CVE-2016-1548: Interleave-pivot - MITIGATION ONLY. Reported by Miroslav Lichvar of RedHat and separately by Jonathan Gardner of Cisco ASIG.
• Bug 2952 / CVE-2015-7704: KoD fix: peer associations were broken by the fix for NtpBug2901, AKA: Symmetric active/passive mode is broken. Reported by Michael Tatarinov, NTP Project Developer Volunteer
• Bug 2945 / Bug 2901 / CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks. Reported by Jonathan Gardner of Cisco ASIG
• Bug 2879 / CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypt-timing. Reported independently by Loganaden Velvindron, and Matthew Van Gundy and Stephen Gray of Cisco ASIG.

< 4.2.8p7

< 4.3.92

ge 10.3 lt 10.3_1

ge 10.2 lt 10.2_15

ge 10.1 lt 10.1_32

ge 9.3 lt 9.3_40

ISC reports:

Specific APL data could trigger an INSIST in apl_42.c

< 9.9.8P3

< 9.10.3P3

ge 9.3 lt 9.3_35

Problem Description:

The nullfs(5) implementation of the VOP_LINK(9) VFS operation does not check whether the source and target of the link are both in the same nullfs instance. It is therefore possible to create a hardlink from a location in one nullfs instance to a file in another, as long as the underlying (source) filesystem is the same.

Impact:

If multiple nullfs views into the same filesystem are mounted in different locations, a user with read access to one of these views and write access to another will be able to create a hard link from the latter to a file in the former, even though they are, from the user's perspective, different filesystems. The user may thereby gain write access to files which are nominally on a read-only filesystem.

ge 9.1 lt 9.1_7

ge 8.4 lt 8.4_4

ge 8.3 lt 8.3_11

Heimdal does not correctly validate the `transited' field of Kerberos tickets when computing the authentication path. This could allow a rogue KDC with which cross-realm relationships have been established to impersonate any KDC in the authentication path.

< 0.6.1

ge 5.0 lt 5.2_6

ge 4.9 lt 4.9_6

ge 4.0 lt 4.8_19

Problem description

The "sort_offline" function used by texindex(1) employs the "maketempname" function, which produces predictable file names and fails to validate that the paths do not exist.

Impact

These predictable temporary file names are problematic because they allow an attacker to take advantage of a race condition in order to execute a symlink attack, which could enable them to overwrite files on the system in the context of the user running the texindex(1) utility.

Workaround

No workaround is available, but the problematic code is only executed if the input file being processed is 500kB or more in length; as a result, users working with documents of less than several hundred pages are very unlikely to be affected.

ge 6.0 lt 6.0_2

ge 5.4 lt 5.4_9

ge 5.3 lt 5.3_24

ge 4.11 lt 4.11_14

ge 4.10 lt 4.10_20

Network Time Foundation reports:

A crafted malicious authenticated mode 6 (ntpq) packet from a permitted network address can trigger a NULL pointer dereference, crashing ntpd.

Note that for this attack to work, the sending system must be on an address that the target's ntpd accepts mode 6 packets from, and must use a private key that is specifically listed as being used for mode 6 authorization.

Impact: The ntpd daemon can crash due to the NULL pointer dereference, causing a denial of service.

Mitigation:

• Use restrict noquery to limit addresses that can send mode 6 queries.
• Limit access to the private controlkey in ntp.keys.
• Upgrade to 4.2.8p13, or later.

< 4.2.8p13

ge 12.0 lt 12.0_2

ge 11.2 lt 11.2_8

ntp.org reports:

NTF's NTP Project has been notified of the following 13 low- and medium-severity vulnerabilities that are fixed in ntp-4.2.8p4, released on Wednesday, 21 October 2015:

• Bug 2941 CVE-2015-7871 NAK to the Future: Symmetric association authentication bypass via crypto-NAK (Cisco ASIG)
• Bug 2922 CVE-2015-7855 decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (IDA)
• Bug 2921 CVE-2015-7854 Password Length Memory Corruption Vulnerability. (Cisco TALOS)
• Bug 2920 CVE-2015-7853 Invalid length data provided by a custom refclock driver could cause a buffer overflow. (Cisco TALOS)
• Bug 2919 CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability. (Cisco TALOS)
• Bug 2918 CVE-2015-7851 saveconfig Directory Traversal Vulnerability. (OpenVMS) (Cisco TALOS)
• Bug 2917 CVE-2015-7850 remote config logfile-keyfile. (Cisco TALOS)
• Bug 2916 CVE-2015-7849 trusted key use-after-free. (Cisco TALOS)
• Bug 2913 CVE-2015-7848 mode 7 loop counter underrun. (Cisco TALOS)
• Bug 2909 CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC. (Tenable)
• Bug 2902 : CVE-2015-7703 configuration directives "pidfile" and "driftfile" should only be allowed locally. (RedHat)
• Bug 2901 : CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field. (Boston University)
• Bug 2899 : CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks. (Tenable)

The only generally-exploitable bug in the above list is the crypto-NAK bug, which has a CVSS2 score of 6.4.

Additionally, three bugs that have already been fixed in ntp-4.2.8 but were not fixed in ntp-4.2.6 as it was EOL'd have a security component, but are all below 1.8 CVSS score, so we're reporting them here:

• Bug 2382 : Peer precision < -31 gives division by zero
• Bug 1774 : Segfaults if cryptostats enabled when built without OpenSSL
• Bug 1593 : ntpd abort in free() with logconfig syntax error

< 4.2.8p4

< 4.3.76

ge 10.2 lt 10.2_7

ge 10.1 lt 10.1_24

ge 9.3 lt 9.3_30

sqlite3 update:

Various security issues could be used by an attacker to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.

• CVE-2020-11655: SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
• CVE-2020-13434: SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
• CVE-2020-13435: SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
• CVE-2020-13630: ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
• CVE-2020-13631: SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
• CVE-2020-13632: ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.

< 3.32.2,1

ge 12.1 lt 12.1_8

ge 11.4 lt 11.4_2

ge 11.3 lt 11.3_12

lukemftpd(8) is an enhanced BSD FTP server produced within the NetBSD project. The sources for lukemftpd are shipped with some versions of FreeBSD, however it is not built or installed by default. The build system option WANT_LUKEMFTPD must be set to build and install lukemftpd. [NOTE: An exception is FreeBSD 4.7-RELEASE, wherein lukemftpd was installed, but not enabled, by default.]

Przemyslaw Frasunek discovered several vulnerabilities in lukemftpd arising from races in the out-of-band signal handling code used to implement the ABOR command. As a result of these races, the internal state of the FTP server may be manipulated in unexpected ways.

A remote attacker may be able to cause FTP commands to be executed with the privileges of the running lukemftpd process. This may be a low-privilege `ftp' user if the `-r' command line option is specified, or it may be superuser privileges if `-r' is *not* specified.

< 20040810

ge 0

le 4.7

Problem description

A temporary file is created, used, deleted, and then re-created with the same name. This creates a window during which an attacker could replace the file with a link to another file. While cvsbug(1) is based on the send-pr(1) utility, this problem does not exist in the version of send-pr(1) distributed with FreeBSD.

In FreeBSD 4.10 and 5.3, some additional problems exist concerning temporary file usage in both cvsbug(1) and send-pr(1).

Impact

A local attacker could cause data to be written to any file to which the user running cvsbug(1) (or send-pr(1) in FreeBSD 4.10 and 5.3) has write access. This may cause damage in itself (e.g., by destroying important system files or documents) or may be used to obtain elevated privileges.

Workaround

Do not use the cvsbug(1) utility on any system with untrusted users.

Do not use the send-pr(1) utility on a FreeBSD 4.10 or 5.3 system with untrusted users.

ge 5.4 lt 5.4_7

ge 5.3 lt 5.3_22

ge 4.11 lt 4.11_12

ge 4.10 lt 4.10_18

< 1.11.17_1

Problem Description

A suitably malformed multipart MIME message can cause sendmail to exceed predefined limits on its stack usage.

Impact

An attacker able to send mail to, or via, a server can cause queued messages on the system to not be delivered, by causing the sendmail process which handles queued messages to crash. Note that this will not stop new messages from entering the queue (either from local processes, or incoming via SMTP).

Workaround

No workaround is available, but systems which do not receive email from untrusted sources are not vulnerable.

ge 4.11 lt 4.11_19

ge 5.3 lt 5.3_31

ge 5.4 lt 5.4_16

ge 5.5 lt 5.5_2

ge 6.0 lt 6.0_9

ge 6.1 lt 6.1_2

Problem Description:

Some function pointers for netgraph and bluetooth sockets are not properly initialized.

Impact:

A local user can cause the FreeBSD kernel to execute arbitrary code. This could be used by an attacker directly; or it could be used to gain root privilege or to escape from a jail.

Workaround:

No workaround is available, but systems without local untrusted users are not vulnerable. Furthermore, systems are not vulnerable if they have neither the ng_socket nor ng_bluetooth kernel modules loaded or compiled into the kernel.

Systems with the security.jail.socket_unixiproute_only sysctl set to 1 (the default) are only vulnerable if they have local untrusted users outside of jails.

If the command

# kldstat -v | grep ng_

produces no output, the system is not vulnerable.

ge 6.3 lt 6.3_7

ge 6.4 lt 6.4_1

ge 7.0 lt 7.0_7

ISC reports:

Testing by ISC has uncovered a critical error condition which can occur when a nameserver is constructing a response. A defect in the rendering of messages into packets can cause named to exit with an assertion failure in buffer.c while constructing a response to a query that meets certain criteria.

< 9.9.9P3

< 9.10.4P3

< 9.11.0.rc3

< 9.12.0.a.2016.09.10

ge 9.3 lt 9.3_48

ISC reports:

An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c.

le 9.8.8

ge 9.9.0 lt 9.9.8P4

ge 9.10.0 lt 9.10.3P4

< 9.11.0.a20160309

ge 9.3 lt 9.3_38

ISC reports:

A very uncommon combination of zone data has been found that triggers a bug in BIND, with the result that named will exit with a "REQUIRE" failure in name.c when validating the data returned in answer to a recursive query.

A recursive resolver that is performing DNSSEC validation can be deliberately terminated by any attacker who can cause a query to be performed against a maliciously constructed zone. This will result in a denial of service to clients who rely on that resolver.

< 9.10.2P2

< 9.9.7P1

gt 0

ge 9.3 lt 9.3_19

ge 8.4 lt 8.4_33

Problem Description

While processing Link Control Protocol (LCP) configuration options received from the remote host, sppp(4) fails to correctly validate option lengths. This may result in data being read or written beyond the allocated kernel memory buffer.

Impact

An attacker able to send LCP packets, including the remote end of a sppp(4) connection, can cause the FreeBSD kernel to panic. Such an attacker may also be able to obtain sensitive information or gain elevated privileges.

Workaround

No workaround is available, but systems which do not use sppp(4) are not vulnerable.

< 4.11_20

ge 5.3 lt 5.3_32

ge 5.4 lt 5.4_17

ge 5.5 lt 5.5_3

ge 6.0 lt 6.0_10

ge 6.1 lt 6.1_4

ISC reports:

Because of a defect in handling queries for NSEC3-signed zones, BIND can crash with an "INSIST" failure in name.c when processing queries possessing certain properties. By exploiting this defect an attacker deliberately constructing a query with the right properties could achieve denial of service against an authoritative nameserver serving NSEC3-signed zones.

< 9.9.4.2

< 9.9.4.2

< 9.8.6.2

< 9.8.6.2

< 9.6.3.2.ESV.R10.2

< 9.6.3.2.ESV.R10.2

ge 9.2 lt 9.2_3

ge 9.1 lt 9.1_10

ge 8.4 lt 8.4_7

ge 8.3 lt 8.3_14

ISC reports:

A problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c

le 9.8.8

ge 9.9.0 lt 9.9.8P4

ge 9.10.0 lt 9.10.3P4

< 9.11.0.a20160309

ge 9.3 lt 9.3_38

Problem Description:

The implementation of bspatch is susceptible to integer overflows with carefully crafted input, potentially allowing an attacker who can control the patch file to write at arbitrary locations in the heap. This issue was partially addressed in FreeBSD-SA-16:25.bspatch, but some possible integer overflows remained.

Impact:

An attacker who can control the patch file can cause a crash or run arbitrary code under the credentials of the user who runs bspatch, in many cases, root.

ge 11.0 lt 11.0_1

ge 10.3 lt 10.3_10

ge 10.2 lt 10.2_23

ge 10.1 lt 10.1_40

ge 9.3 lt 9.3_48

Problem Description

smbfs does not properly sanitize paths containing a backslash character; in particular the directory name '..\' is interpreted as the parent directory by the SMB/CIFS server, but smbfs handles it in the same manner as any other directory.

Impact

When inside a chroot environment which resides on a smbfs mounted file-system it is possible for an attacker to escape out of this chroot to any other directory on the smbfs mounted file-system.

Workaround

Mount the smbfs file-systems which need to be used with chroot on top, in a way so the chroot directory is exactly on the mount point and not a sub directory

ge 4.10 lt 4.10_24

ge 4.11 lt 4.11_18

ge 5.3 lt 5.3_30

ge 5.4 lt 5.4_15

ge 5.5 lt 5.5_1

ge 6.0 lt 6.0_8

ge 6.1 lt 6.1_1

A number of vulnerabilities were discovered in CVS by Stefan Esser, Sebastian Krahmer, and Derek Price.

• Insufficient input validation while processing "Entry" lines. (CVE-2004-0414)
• A double-free resulting from erroneous state handling while processing "Argumentx" commands. (CVE-2004-0416)
• Integer overflow while processing "Max-dotdot" commands. (CVE-2004-0417)
• Erroneous handling of empty entries handled while processing "Notify" commands. (CVE-2004-0418)
• A format string bug while processing CVS wrappers.
• Single-byte buffer underflows while processing configuration files from CVSROOT.
• Various other integer overflows.

Additionally, iDEFENSE reports an undocumented command-line flag used in debugging does not perform input validation on the given path names.

CVS servers ("cvs server" or :pserver: modes) are affected by these vulnerabilities. They vary in impact but include information disclosure (the iDEFENSE-reported bug), denial-of-service (CVE-2004-0414, CVE-2004-0416, CVE-2004-0417 and other bugs), or possibly arbitrary code execution (CVE-2004-0418). In very special situations where the attacker may somehow influence the contents of CVS configuration files in CVSROOT, additional attacks may be possible.

< 1.11.17

ge 5.2 lt 5.2.1_10

ge 4.10 lt 4.10_3

ge 4.9 lt 4.9_12

ge 4.8 lt 4.8_25

Problem Description:

The passive mode in FTP communication allows an out of boundary read while libfetch uses strtol to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for *p == '\0' one byte too late because p++ was already performed.

Impact:

The connection buffer size can be controlled by a malicious FTP server because the size is increased until a newline is encountered (or no more characters are read). This also allows to move the buffer into more interesting areas within the address space, potentially parsing relevant numbers for the attacker. Since these bytes become available to the server in form of a new TCP connection to a constructed port number or even part of the IPv6 address this is a potential information leak.

ge 13.0 lt 13.0_4

ge 12.2 lt 12.2_10

ge 11.4 lt 11.4_13

The OpenSSL project reports:

• Truncated packet could crash via OOB read (CVE-2017-3731)
• Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)
• BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
• Montgomery multiplication may produce incorrect results (CVE-2016-7055)

< 1.0.2k,1

< 1.1.0d

< 1.0.1e_13

< 1.0.1e_3

ge 11.0 lt 11.0_8

ge 10.3 lt 10.3_17

ISC reports:

A malformed query response received by a recursive server in response to a query of RTYPE ANY could trigger an assertion failure while named is attempting to add the RRs in the query response to the cache.

Depending on the type of query and the EDNS options in the query they receive, DNSSEC-enabled authoritative servers are expected to include RRSIG and other RRsets in their responses to recursive servers. DNSSEC-validating servers will also make specific queries for DS and other RRsets. Whether DNSSEC-validating or not, an error in processing malformed query responses that contain DNSSEC-related RRsets that are inconsistent with other RRsets in the same query response can trigger an assertion failure. Although the combination of properties which triggers the assertion should not occur in normal traffic, it is potentially possible for the assertion to be triggered deliberately by an attacker sending a specially-constructed answer.

An unusually-formed answer containing a DS resource record could trigger an assertion failure. While the combination of properties which triggers the assertion should not occur in normal traffic, it is potentially possible for the assertion to be triggered deliberately by an attacker sending a specially-constructed answer having the required properties.

An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes.

< 9.9.9P5

< 9.10.4P5

< 9.11.0P2

le 9.12.0.a.2016.12.28

ge 9.3 lt 10.0

Problem description:

The firewall maintains a pointer to layer 4 header information in the event that it needs to send a TCP reset or ICMP error message to discard packets. Due to incorrect handling of IP fragments, this pointer fails to get initialized.

Impact:

An attacker can cause the firewall to crash by sending ICMP IP fragments to or through firewalls which match any reset, reject or unreach actions.

Workaround:

Change any reset, reject or unreach actions to deny. It should be noted that this will result in packets being silently discarded.

ge 6.0 lt 6.0_2

Problem description:

An integer overflow in the handling of corrupt IEEE 802.11 beacon or probe response frames when scanning for existing wireless networks can result in the frame overflowing a buffer.

Impact:

An attacker able broadcast a carefully crafted beacon or probe response frame may be able to execute arbitrary code within the context of the FreeBSD kernel on any system scanning for wireless networks.

Workaround:

No workaround is available, but systems without IEEE 802.11 hardware or drivers loaded are not vulnerable.

ge 6.0 lt 6.0_3

Problem description:

When insufficient memory is available to handle an incoming selective acknowledgement, the TCP/IP stack may enter an infinite loop.

Impact:

By opening a TCP connection and sending a carefully crafted series of packets, an attacker may be able to cause a denial of service.

Workaround:

On FreeBSD 5.4, the net.inet.tcp.sack.enable sysctl can be used to disable the use of SACK:

# sysctl net.inet.tcp.sack.enable=0

No workaround is available for FreeBSD 5.3.

ge 5.4 lt 5.4_11

ge 5.3 lt 5.3_26

OpenSSH reports:

OpenSSH clients between versions 5.4 and 7.1 are vulnerable to information disclosure that may allow a malicious server to retrieve information including under some circumstances, user's private keys.

gt 5.4.p0,1 lt 7.1.p2,1

ge 10.2 lt 10.2_10

ge 10.1 lt 10.1_27

ge 9.3 lt 9.3_34

Problem Description:

An unexpected sequence of memory allocation failures combined with insufficient error checking could result in the construction and execution of an argument sequence that was not intended.

Impact:

An attacker who controls the sequence of memory allocation failures and success may cause login(1) to run without authentication and may be able to cause misbehavior of login(1) replacements.

No practical way of controlling these memory allocation failures is known at this time.

ge 11.0 lt 11.0_4

ge 10.3 lt 10.3_13

ge 10.2 lt 10.2_26

ge 10.1 lt 10.1_43

ge 9.3 lt 9.3_51

Problem Description:

Two bugs exist in rtsold(8)'s RDNSS and DNSSL option handling. First, rtsold(8) failed to perform sufficient bounds checking on the extent of the option. In particular, it does not verify that the option does not extend past the end of the received packet before processing its contents. The kernel currently ignores such malformed packets but still passes them to userspace programs.

Second, when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains the label's length. rtsold(8) did not validate label lengths correctly and could overflow the destination buffer.

Impact:

It is believed that these bugs could be exploited to gain remote code execution within the rtsold(8) daemon, which runs as root. Note that rtsold(8) only processes messages received from hosts attached to the same physical link as the interface(s) on which rtsold(8) is listening.

In FreeBSD 12.2 rtsold(8) runs in a Capsicum sandbox, limiting the scope of a compromised rtsold(8) process.

ge 12.2 lt 12.2_1

ge 12.1 lt 12.1_11

ge 11.4 lt 11.4_5

FreeBSD does not limit the number of TCP segments that may be held in a reassembly queue. A remote attacker may conduct a low-bandwidth denial-of-service attack against a machine providing services based on TCP (there are many such services, including HTTP, SMTP, and FTP). By sending many out-of-sequence TCP segments, the attacker can cause the target machine to consume all available memory buffers (``mbufs''), likely leading to a system crash.

ge 5.2 lt 5.2.1_2

ge 5.0 lt 5.1_15

ge 4.9 lt 4.9_3

ge 4.8 lt 4.8_16

< 4.7_26

The OpenSSH project reports:

Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth(1).

Injection of xauth commands grants the ability to read arbitrary files under the authenticated user's privilege, Other xauth commands allow limited information leakage, file overwrite, port probing and generally expose xauth(1), which was not written with a hostile user in mind, as an attack surface.

Mitigation:

Set X11Forwarding=no in sshd_config. This is the default.

For authorized_keys that specify a "command" restriction, also set the "restrict" (available in OpenSSH >=7.2) or "no-x11-forwarding" restrictions.

< 7.2.p2,1

ge 10.2 lt 10.2_14

ge 10.1 lt 10.1_31

ge 9.3 lt 9.3_39

Problem Description:

If a client requests DNSSEC records with the Checking Disabled (CD) flag set, BIND may cache the unvalidated responses. These responses may later be returned to another client that has not set the CD flag.

ge 6.3 lt 6.3_15

ge 6.4 lt 6.4_9

ge 7.1 lt 7.1_10

ge 7.2 lt 7.2_6

ge 8.0 lt 8.0_2

Problem Description

IPsec provides an anti-replay service which when enabled prevents an attacker from successfully executing a replay attack. This is done through the verification of sequence numbers. A programming error in the fast_ipsec(4) implementation results in the sequence number associated with a Security Association not being updated, allowing packets to unconditionally pass sequence number verification checks.

Impact

An attacker able to intercept IPSec packets can replay them. If higher level protocols which do not provide any protection against packet replays (e.g., UDP) are used, this may have a variety of effects.

Workaround

No workaround is available.

ge 6.0 lt 6.0_6

ge 5.4 lt 5.4_13

ge 5.3 lt 5.3_28

ge 4.11 lt 4.11_16

ge 4.10 lt 4.10_22

Problem Description:

Some third-party applications, including KDE's kcheckpass command, allow the user to specify the name of the policy on the command line. Since OpenPAM treats the policy name as a path relative to /etc/pam.d or /usr/local/etc/pam.d, users who are permitted to run such an application can craft their own policies and cause the application to load and execute their own modules.

ge 7.3 lt 7.3_9

ge 7.4 lt 7.4_5

ge 8.1 lt 8.1_7

ge 8.2 lt 8.2_5

Insufficient input validation in the NFS server allows an attacker to cause the underlying file system to treat a regular file as a directory.

ge 8.3 lt 8.3_8

ge 9.1 lt 9.1_3

Problem Description:

The bounds checking of accesses to guest memory greater than 4GB by device emulations is subject to integer overflow.

Impact:

For a bhyve virtual machine with more than 3GB of guest memory configured, a malicious guest could craft device descriptors that could give it access to the heap of the bhyve process. Since the bhyve process is running as root, this may allow guests to obtain full control of the hosts they're running on.

ge 11.0 lt 11.0_4

ge 10.3 lt 10.3_13

ge 10.2 lt 10.2_26

ge 10.1 lt 10.1_43

Problem Description:

Flaws in portsnap's verification of downloaded tar files allows additional files to be included without causing the verification to fail. Portsnap may then use or execute these files.

Impact:

An attacker who can conduct man in the middle attack on the network at the time when portsnap is run can cause portsnap to execute arbitrary commands under the credentials of the user who runs portsnap, typically root.

ge 11.0 lt 11.0_1

ge 10.3 lt 10.3_10

ge 10.2 lt 10.2_23

ge 10.1 lt 10.1_40

ge 9.3 lt 9.3_48

Problem Description

The opiepasswd(1) program uses getlogin(2) to identify the user calling opiepasswd(1). In some circumstances getlogin(2) will return "root" even when running as an unprivileged user. This causes opiepasswd(1) to allow an unpriviled user to configure OPIE authentication for the root user.

Impact

In certain cases an attacker able to run commands as a non privileged users which have not explicitly logged in, for example CGI scripts run by a web server, is able to configure OPIE access for the root user. If the attacker is able to authenticate as root using OPIE authentication, for example if "PermitRootLogin" is set to "yes" in sshd_config or the attacker has access to a local user in the "wheel" group, the attacker can gain root privileges.

Workaround

Disable OPIE authentication in PAM:

# sed -i "" -e /opie/s/^/#/ /etc/pam.d/*

or

Remove the setuid bit from opiepasswd:

# chflags noschg /usr/bin/opiepasswd

# chmod 555 /usr/bin/opiepasswd

# chflags schg /usr/bin/opiepasswd

ge 6.0 lt 6.0_6

ge 5.4 lt 5.4_13

ge 5.3 lt 5.3_28

ge 4.11 lt 4.11_16

ge 4.10 lt 4.10_22

Problem Description:

The ftpd(8) server splits long commands into several requests. This may result in the server executing a command which is hidden inside another very long command.

Impact:

This could, with a specifically crafted command, be used in a cross-site request forgery attack.

FreeBSD systems running ftpd(8) server could act as a point of privilege escalation in an attack against users using web browser to access trusted FTP sites.

Workaround:

No workaround is available, but systems not running FTP servers are not vulnerable. Systems not running the FreeBSD ftp(8) server are not affected, but users of other ftp daemons are advised to take care since several other ftp daemons are known to have related bugs.

ge 6.3 lt 6.3_7

ge 6.4 lt 6.4_1

ge 7.0 lt 7.0_7

The OpenSSL project reports:

Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli.

Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form.

It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters.

Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters.

Thus vulnerable situations include:

• TLS clients consuming server certificates
• TLS servers consuming client certificates
• Hosting providers taking certificates or private keys from customers
• Certificate authorities parsing certification requests from subscribers
• Anything else which parses ASN.1 elliptic curve parameters

Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue.

< 1.1.1n,1

< 3.0.2

< 3.0.2

< 3.4.3

< 3.5.1

ge 13.0 lt 13.0_8

ge 12.3 lt 12.3_3

ge 12.2 lt 12.2_14

ISC reports:

Parsing a malformed DNSSEC key can cause a validating resolver to exit due to a failed assertion in buffer.c. It is possible for a remote attacker to deliberately trigger this condition, for example by using a query which requires a response from a zone containing a deliberately malformed key.

< 9.9.7P3

ge 9.10.2 lt 9.10.2P4

gt 0

ge 9.3 lt 9.3_25

ntp.org reports:

• [Sec 2779] ntpd accepts unauthenticated packets with symmetric key crypto.
• [Sec 2781] Authentication doesn't protect symmetric associations against DoS attacks.

< 4.2.8p2

< 4.3.14

ge 10.1 lt 10.1_9

ge 9.3 lt 9.3_13

ge 8.4 lt 8.4_27

Problem Description:

The OpenSSL library call used to decrypt private keys ignores the passphrase argument if the key is not encrypted. Because the pam_ssh module only checks whether the passphrase provided by the user is null, users with unencrypted SSH private keys may successfully authenticate themselves by providing a dummy passphrase.

ge 7.3 lt 7.3_9

ge 7.4 lt 7.4_5

ge 8.1 lt 8.1_7

ge 8.2 lt 8.2_5

Problem Description

For a recursive DNS server, a remote attacker sending enough recursive queries for the replies to arrive after all the interested clients have left the recursion queue will trigger an INSIST failure in the named(8) daemon. Also for a recursive DNS server, an assertion failure can occur when processing a query whose reply will contain more than one SIG(covered) RRset.

For an authoritative DNS server serving a RFC 2535 DNSSEC zone which is queried for the SIG records where there are multiple SIG(covered) RRsets (e.g. a zone apex), named(8) will trigger an assertion failure when it tries to construct the response.

Impact

An attacker who can perform recursive lookups on a DNS server and is able to send a sufficiently large number of recursive queries, or is able to get the DNS server to return more than one SIG(covered) RRsets can stop the functionality of the DNS service.

An attacker querying an authoritative DNS server serving a RFC 2535 DNSSEC zone may be able to crash the DNS server.

Workaround

A possible workaround is to only allow trusted clients to perform recursive queries.

ge 6.1 lt 6.1_6

ge 6.0 lt 6.0_11

ge 5.5 lt 5.5_4

ge 5.4 lt 5.4_18

ge 5.0 lt 5.3_33

ge 9.0 lt 9.3.2.1

A programming error in BIND 8 named can result in a DNS message being incorrectly cached as a negative response. As a result, an attacker may arrange for malicious DNS messages to be delivered to a target name server, and cause that name server to cache a negative response for some target domain name. The name server would thereafter respond negatively to legitimate queries for that domain name, resulting in a denial-of-service for applications that require DNS.

ge 8.3 lt 8.3.7

ge 8.4 lt 8.4.3

ge 5.1 lt 5.1_11

ge 5.0 lt 5.0_19

ge 4.9 lt 4.9_1

ge 4.8 lt 4.8_14

ge 4.7 lt 4.7_24

ge 4.6 lt 4.6.2_27

ge 4.5 lt 4.5_37

< 4.4_47

Problem description:

The internal authentication server of hostapd does not sufficiently validate the message length field of EAP-TLS messages.

ge 8.3 lt 8.3_5

ge 9.0 lt 9.0_5

Problem Description:

When a UNIX-domain socket is attached to a location using the bind(2) system call, the length of the provided path is not validated. Later, when this address was returned via other system calls, it is copied into a fixed-length buffer.

Linux uses a larger socket address structure for UNIX-domain sockets than FreeBSD, and the FreeBSD's linux emulation code did not translate UNIX-domain socket addresses into the correct size of structure.

ge 7.3 lt 7.3_8

ge 7.4 lt 7.4_4

ge 8.1 lt 8.1_6

ge 8.2 lt 8.2_4

Problem Description:

With certain inputs, iconv may write beyond the end of the output buffer.

Impact:

Depending on the way in which iconv is used, an attacker may be able to create a denial of service, provoke incorrect program behavior, or induce a remote code execution. iconv is a libc library function and the nature of possible attacks will depend on the way in which iconv is used by applications or daemons.

ge 12.0 lt 12.0_7

ge 11.2 lt 11.2_11

Problem Description:

The jail(8) utility does not change the current working directory while imprisoning. The current working directory can be accessed by its descendants.

ge 8.0 lt 8.0_3

Problem Description

The ipfw tables lookup code caches the result of the last query. The kernel may process multiple packets concurrently, performing several concurrent table lookups. Due to an insufficient locking, a cached result can become corrupted that could cause some addresses to be incorrectly matched against a lookup table.

Impact

When lookup tables are used with ipfw, packets may on very rare occasions incorrectly match a lookup table. This could result in a packet being treated contrary to the defined packet filtering ruleset. For example, a packet may be allowed to pass through when it should have been discarded.

The problem can only occur on Symmetric Multi-Processor (SMP) systems, or on Uni Processor (UP) systems with the PREEMPTION kernel option enabled (not the default).

Workaround

a) Do not use lookup tables.

OR

b) Disable concurrent processing of packets in the network stack by setting the "debug.mpsafenet=0" tunable:

# echo "debug.mpsafenet=0" << /boot/loader.conf

ge 5.4 lt 5.4_3

Chad Loder has discovered vulnerabilities in tcpdump's ISAKMP protocol handler. During an audit to repair these issues, Bill Fenner discovered some related problems.

These vulnerabilities may be used by an attacker to crash a running `tcpdump' process. They can only be triggered if the `-v' command line option is being used.

NOTE: the racoon ISAKMP/IKE daemon incorporates the ISAKMP protocol handler from tcpdump, and so is also affected by this issue.

< 3.8.3

< 20040408a

< 5.2.1

Problem Description:

posix_spawnp spawns a new thread with a limited stack allocated on the heap before delegating to execvp for the final execution within that thread.

execvp would previously make unbounded allocations on the stack, directly proportional to the length of the user-controlled PATH environment variable.

Impact:

Long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end of stack that was allocated, ultimately overflowing the heap-allocated stack with a direct copy of the value stored in PATH.

ge 11.4 lt 11.4_1

Due to a programming error in code used to parse data received from the client, malformed data can cause a heap buffer to overflow, allowing the client to overwrite arbitrary portions of the server's memory.

A malicious CVS client can exploit this to run arbitrary code on the server at the privilege level of the CVS server software.

ge 5.2 lt 5.2_7

ge 5.1 lt 5.1_17

ge 5.0 lt 5.0_21

ge 4.9 lt 4.9_8

ge 4.8 lt 4.8_21

ge 4.0 lt 4.7_27

A programming error in the shmat(2) system call can result in a shared memory segment's reference count being erroneously incremented.

It may be possible to cause a shared memory segment to reference unallocated kernel memory, but remain valid. This could allow a local attacker to gain read or write access to a portion of kernel memory, resulting in sensitive information disclosure, bypass of access control mechanisms, or privilege escalation.

ge 5.2 lt 5.2_2

ge 5.1 lt 5.1_14

ge 5.0 lt 5.0_20

ge 4.9 lt 4.9_2

ge 4.8 lt 4.8_15

< 4.7_25

Problem Description:

Due to insufficient validation of network-provided data it may be possible for a malicious attacker to craft a bootp packet which could cause a stack buffer overflow.

Impact:

It is possible that the buffer overflow could lead to a Denial of Service or remote code execution.

ge 12.0 lt 12.0_1

ge 11.2 lt 11.2_7

A programming error resulting in a failure to verify that an attempt to manipulate routing tables originated from a non-jailed process.

Jailed processes running with superuser privileges could modify host routing tables. This could result in a variety of consequences including packets being sent via an incorrect network interface and packets being discarded entirely.

ge 4.9 lt 4.9_10

ge 4.8 lt 4.8_23

Problem Description

The function ASN1_STRING_print_ex does not properly validate the lengths of BMPString or UniversalString objects before attempting to print them.

Impact

An application which attempts to print a BMPString or UniversalString which has an invalid length will crash as a result of OpenSSL accessing invalid memory locations. This could be used by an attacker to crash a remote application.

Workaround

No workaround is available, but applications which do not use the ASN1_STRING_print_ex function (either directly or indirectly) are not affected.

ge 6.3 lt 6.3_10

ge 6.4 lt 6.4_4

ge 7.0 lt 7.0_12

ge 7.1 lt 7.1_5

Problem description:

The named(8) server does not properly handle DNS resource records where the RDATA field is zero length, which may cause various issues for the servers handling them.

Resolving servers may crash or disclose some portion of memory to the client. Authoritative servers may crash on restart after transferring a zone containing records with zero-length RDATA fields. These would result in a denial of service, or leak of sensitive information.

ge 7.4 lt 7.4_9

ge 8.1 lt 8.1_11

ge 8.2 lt 8.2_9

ge 8.3 lt 8.3_3

ge 9.0 lt 9.0_3

Problem Description:

Multiple vulnerabilities have been discovered in the NTP suite:

CVE-2016-9311: Trap crash, Reported by Matthew Van Gundy of Cisco ASIG.

CVE-2016-9310: Mode 6 unauthenticated trap information disclosure and DDoS vector. Reported by Matthew Van Gundy of Cisco ASIG.

CVE-2016-7427: Broadcast Mode Replay Prevention DoS. Reported by Matthew Van Gundy of Cisco ASIG.

CVE-2016-7428: Broadcast Mode Poll Interval Enforcement DoS. Reported by Matthew Van Gundy of Cisco ASIG.

CVE-2016-7431: Regression: 010-origin: Zero Origin Timestamp Bypass. Reported by Sharon Goldberg and Aanchal Malhotra of Boston University.

CVE-2016-7434: Null pointer dereference in _IO_str_init_static_internal(). Reported by Magnus Stubman.

CVE-2016-7426: Client rate limiting and server responses. Reported by Miroslav Lichvar of Red Hat.

CVE-2016-7433: Reboot sync calculation problem. Reported independently by Brian Utterback of Oracle, and by Sharon Goldberg and Aanchal Malhotra of Boston University.

Impact:

A remote attacker who can send a specially crafted packet to cause a NULL pointer dereference that will crash ntpd, resulting in a Denial of Service. [CVE-2016-9311]

An exploitable configuration modification vulnerability exists in the control mode (mode 6) functionality of ntpd. If, against long-standing BCP recommendations, "restrict default noquery ..." is not specified, a specially crafted control mode packet can set ntpd traps, providing information disclosure and DDoS amplification, and unset ntpd traps, disabling legitimate monitoring by an attacker from remote. [CVE-2016-9310]

An attacker with access to the NTP broadcast domain can periodically inject specially crafted broadcast mode NTP packets into the broadcast domain which, while being logged by ntpd, can cause ntpd to reject broadcast mode packets from legitimate NTP broadcast servers. [CVE-2016-7427]

An attacker with access to the NTP broadcast domain can send specially crafted broadcast mode NTP packets to the broadcast domain which, while being logged by ntpd, will cause ntpd to reject broadcast mode packets from legitimate NTP broadcast servers. [CVE-2016-7428]

Origin timestamp problems were fixed in ntp 4.2.8p6. However, subsequent timestamp validation checks introduced a regression in the handling of some Zero origin timestamp checks. [CVE-2016-7431]

If ntpd is configured to allow mrulist query requests from a server that sends a crafted malicious packet, ntpd will crash on receipt of that crafted malicious mrulist query packet. [CVE-2016-7434]

An attacker who knows the sources (e.g., from an IPv4 refid in server response) and knows the system is (mis)configured in this way can periodically send packets with spoofed source address to keep the rate limiting activated and prevent ntpd from accepting valid responses from its sources. [CVE-2016-7426]

Ntp Bug 2085 described a condition where the root delay was included twice, causing the jitter value to be higher than expected. Due to a misinterpretation of a small-print variable in The Book, the fix for this problem was incorrect, resulting in a root distance that did not include the peer dispersion. The calculations and formulas have been reviewed and reconciled, and the code has been updated accordingly. [CVE-2016-7433]

ge 11.0 lt 11.0_6

ge 10.3 lt 10.3_15

ge 10.2 lt 10.2_28

ge 10.1 lt 10.1_45

ge 9.3 lt 9.3_53

Problem Description:

The code used to decompress a file created by compress(1) does not do sufficient boundary checks on compressed code words, allowing reference beyond the decompression table, which may result in a stack overflow or an infinite loop when the decompressor encounters a corrupted file.

ge 7.3 lt 7.3_7

ge 7.4 lt 7.4_3

ge 8.1 lt 8.1_5

ge 8.2 lt 8.2_3