Summary
Detail | |||
---|---|---|---|
Vendor | Freebsd | First view | 2009-06-24 |
Product | Freebsd | Last view | 2020-09-25 |
Version | 6.4 | Type | Os |
Update | release_p3 | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:freebsd:freebsd |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
8.2 | 2020-09-25 | CVE-2020-24718 | bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP. |
5.5 | 2020-09-03 | CVE-2020-24863 | A memory corruption vulnerability was found in the kernel function kern_getfsstat in MidnightBSD before 1.2.7 and 1.3 through 2020-08-19, and FreeBSD through 11.4, that allows an attacker to trigger an invalid free and crash the system via a crafted size value in conjunction with an invalid mode. |
5.5 | 2020-09-03 | CVE-2020-24385 | In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux emulation layer that allows attackers to crash the running kernel. During binary interaction, td->td_emuldata in sys/compat/linux/linux_emul.h is not getting initialized and returns NULL from em_find(). |
7.8 | 2020-03-14 | CVE-2020-10566 | grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow. |
7.8 | 2020-03-14 | CVE-2020-10565 | grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhyve process, resulting in code execution as root on the host OS. |
6.5 | 2020-02-20 | CVE-2015-2923 | The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. |
7.5 | 2020-02-20 | CVE-2012-5365 | The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries. |
7.5 | 2020-02-20 | CVE-2012-5363 | The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393. |
9.8 | 2020-02-18 | CVE-2014-3879 | OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password. |
7.5 | 2019-11-27 | CVE-2011-2480 | Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to the user, disclosing potentially sensitive information. |
8.1 | 2019-04-17 | CVE-2019-9499 | The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. |
8.1 | 2019-04-17 | CVE-2019-9498 | The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. |
10 | 2018-12-04 | CVE-2018-17160 | In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root. |
7.5 | 2018-12-04 | CVE-2018-17159 | In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Unprivileged remote users with access to the NFS server can cause a resource exhaustion by forcing the server to allocate an arbitrarily large memory allocation. |
7.5 | 2018-12-04 | CVE-2018-17158 | In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request. |
9.8 | 2018-12-04 | CVE-2018-17157 | In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code. |
5.9 | 2018-11-28 | CVE-2018-17156 | In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to incorrectly accounting for padding on 64-bit platforms, a buffer underwrite could occur when constructing an ICMP reply packet when using a non-standard value for the net.inet.icmp.quotelen sysctl. |
5.5 | 2018-09-28 | CVE-2018-6925 | In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the kernel to crash. |
5.5 | 2018-09-28 | CVE-2018-17155 | In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data. |
5.5 | 2018-09-28 | CVE-2018-17154 | In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur. Unprivileged authenticated local users may be able to cause a denial of service. |
7.1 | 2018-09-12 | CVE-2018-6924 | In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE, and 10.4-RELEASE-p12, insufficient validation in the ELF header parser could allow a malicious ELF binary to cause a kernel crash or disclose kernel memory. |
7.8 | 2018-09-12 | CVE-2017-1085 | In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() to increase RLIMIT_STACK may turn a read-only memory region below the stack into a read-write region. A specially crafted executable could be exploited to execute arbitrary code in the user context. |
7.5 | 2018-09-12 | CVE-2017-1084 | In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by the guard-page. This results in the possibility a poorly written process could be cause a stack overflow. |
7.5 | 2018-09-12 | CVE-2017-1083 | In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is disabled by default. This results in the possibility a poorly written process could be cause a stack overflow. |
7.5 | 2018-09-12 | CVE-2017-1082 | In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if the input follows the pathological pattern. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
18% (8) | CWE-200 | Information Exposure |
13% (6) | CWE-20 | Improper Input Validation |
11% (5) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
6% (3) | CWE-787 | Out-of-bounds Write |
6% (3) | CWE-476 | NULL Pointer Dereference |
6% (3) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
6% (3) | CWE-287 | Improper Authentication |
6% (3) | CWE-190 | Integer Overflow or Wraparound |
4% (2) | CWE-362 | Race Condition |
2% (1) | CWE-416 | Use After Free |
2% (1) | CWE-310 | Cryptographic Issues |
2% (1) | CWE-269 | Improper Privilege Management |
2% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
2% (1) | CWE-189 | Numeric Errors |
2% (1) | CWE-125 | Out-of-bounds Read |
2% (1) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-8 | Buffer Overflow in an API Call |
CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
CAPEC-10 | Buffer Overflow via Environment Variables |
CAPEC-14 | Client-side Injection-induced Buffer Overflow |
CAPEC-24 | Filter Failure through Buffer Overflow |
CAPEC-42 | MIME Conversion |
CAPEC-44 | Overflow Binary Resource File |
CAPEC-45 | Buffer Overflow via Symbolic Links |
CAPEC-46 | Overflow Variables and Tags |
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CAPEC-100 | Overflow Buffers |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
64949 | OPIE readrec.c __opiereadrec() Off-by-One Remote Code Execution |
63646 | J Programming Language libc dtoa Implementation Floating Point Parsing Memory... |
63641 | Matlab libc dtoa Implementation Floating Point Parsing Memory Corruption |
63639 | Apple Mac OS X libc dtoa Implementation Floating Point Parsing Memory Corruption |
62402 | K-Meleon libc dtoa Implementation Floating Point Parsing Memory Corruption |
61189 | Mozilla Sunbird libc dtoa Implementation Floating Point Parsing Memory Corrup... |
61188 | Flock Browser libc dtoa Implementation Floating Point Parsing Memory Corruption |
61187 | KDE kdelibs libc dtoa Implementation Floating Point Parsing Memory Corruption |
61186 | Opera libc dtoa Implementation Floating Point Parsing Memory Corruption |
61091 | Mozilla Multiple Products libc dtoa Implementation Floating Point Parsing Mem... |
55603 | libc gdtoa/misc.c dtoa() Implementation printf Function Array Overflow |
55045 | FreeBSD IPv6 SIOCSIFINFO_IN6 IOCTL Unprivileged Interface Property Manipulation |
ExploitDB Exploits
id | Description |
---|---|
12762 | FreeBSD 8.0 ftpd off-by one PoC (FreeBSD-SA-10:05) |
10380 | Sunbird 0.9 Array Overrun (code execution) 0day |
10187 | Opera 10.01 Remote Array Overrun |
10186 | K-Meleon 1.5.3 Remote Array Overrun |
10185 | SeaMonkey 1.1.8 Remote Array Overrun |
10184 | KDE KDELibs 4.3.3 Remote Array Overrun |
OpenVAS Exploits
id | Description |
---|---|
2012-12-18 | Name : Fedora Update for xen FEDORA-2012-19828 File : nvt/gb_fedora_2012_19828_xen_fc16.nasl |
2012-12-14 | Name : Fedora Update for xen FEDORA-2012-19717 File : nvt/gb_fedora_2012_19717_xen_fc17.nasl |
2012-12-13 | Name : SuSE Update for xen openSUSE-SU-2012:0886-1 (xen) File : nvt/gb_suse_2012_0886_1.nasl |
2012-11-23 | Name : Fedora Update for xen FEDORA-2012-18249 File : nvt/gb_fedora_2012_18249_xen_fc16.nasl |
2012-11-23 | Name : Fedora Update for xen FEDORA-2012-18242 File : nvt/gb_fedora_2012_18242_xen_fc17.nasl |
2012-11-15 | Name : Fedora Update for xen FEDORA-2012-17408 File : nvt/gb_fedora_2012_17408_xen_fc16.nasl |
2012-11-15 | Name : Fedora Update for xen FEDORA-2012-17204 File : nvt/gb_fedora_2012_17204_xen_fc17.nasl |
2012-10-03 | Name : Gentoo Security Advisory GLSA 201209-24 (PostgreSQL) File : nvt/glsa_201209_24.nasl |
2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-03 (php) File : nvt/glsa_201209_03.nasl |
2012-09-25 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004) File : nvt/gb_macosx_su12-004.nasl |
2012-09-22 | Name : Fedora Update for xen FEDORA-2012-13443 File : nvt/gb_fedora_2012_13443_xen_fc16.nasl |
2012-09-22 | Name : Fedora Update for xen FEDORA-2012-13434 File : nvt/gb_fedora_2012_13434_xen_fc17.nasl |
2012-08-30 | Name : Fedora Update for postgresql FEDORA-2012-12165 File : nvt/gb_fedora_2012_12165_postgresql_fc17.nasl |
2012-08-30 | Name : Fedora Update for postgresql FEDORA-2012-12156 File : nvt/gb_fedora_2012_12156_postgresql_fc16.nasl |
2012-08-30 | Name : Fedora Update for xen FEDORA-2012-11755 File : nvt/gb_fedora_2012_11755_xen_fc17.nasl |
2012-08-30 | Name : Fedora Update for xen FEDORA-2012-11182 File : nvt/gb_fedora_2012_11182_xen_fc17.nasl |
2012-08-30 | Name : Fedora Update for php FEDORA-2012-10936 File : nvt/gb_fedora_2012_10936_php_fc17.nasl |
2012-08-30 | Name : Fedora Update for php FEDORA-2012-9490 File : nvt/gb_fedora_2012_9490_php_fc17.nasl |
2012-08-30 | Name : Fedora Update for postgresql FEDORA-2012-8924 File : nvt/gb_fedora_2012_8924_postgresql_fc17.nasl |
2012-08-30 | Name : Fedora Update for xen FEDORA-2012-9386 File : nvt/gb_fedora_2012_9386_xen_fc17.nasl |
2012-08-30 | Name : Fedora Update for maniadrive FEDORA-2012-9490 File : nvt/gb_fedora_2012_9490_maniadrive_fc17.nasl |
2012-08-24 | Name : Fedora Update for xen FEDORA-2012-11785 File : nvt/gb_fedora_2012_11785_xen_fc16.nasl |
2012-08-10 | Name : FreeBSD Ports: FreeBSD File : nvt/freebsd_FreeBSD18.nasl |
2012-08-10 | Name : FreeBSD Ports: FreeBSD File : nvt/freebsd_FreeBSD16.nasl |
2012-08-10 | Name : Debian Security Advisory DSA 2508-1 (kfreebsd-8) File : nvt/deb_2508_1.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2018-07-10 | Microsoft Windows Interrupt Service Routine stack rollback attempt RuleID : 46910 - Type : INDICATOR-COMPROMISE - Revision : 2 |
2018-07-10 | Microsoft Windows Interrupt Service Routine stack rollback attempt RuleID : 46909 - Type : INDICATOR-COMPROMISE - Revision : 2 |
2018-07-10 | Microsoft Windows processor modification return to user-mode attempt RuleID : 46908 - Type : INDICATOR-COMPROMISE - Revision : 2 |
2018-07-10 | Microsoft Windows processor modification return to user-mode attempt RuleID : 46907 - Type : INDICATOR-COMPROMISE - Revision : 2 |
2018-07-10 | Microsoft Windows malicious CONTEXT structure creation attempt RuleID : 46906 - Type : INDICATOR-COMPROMISE - Revision : 2 |
2018-07-10 | Microsoft Windows malicious CONTEXT structure creation attempt RuleID : 46905 - Type : INDICATOR-COMPROMISE - Revision : 2 |
2018-07-10 | Microsoft Windows SYSTEM token stealing attempt RuleID : 46904 - Type : INDICATOR-COMPROMISE - Revision : 2 |
2018-07-10 | Microsoft Windows SYSTEM token stealing attempt RuleID : 46903 - Type : INDICATOR-COMPROMISE - Revision : 2 |
2018-07-03 | Microsoft Windows kernel privilege escalation attempt RuleID : 46835 - Type : OS-WINDOWS - Revision : 1 |
2018-07-03 | Microsoft Windows kernel privilege escalation attempt RuleID : 46834 - Type : OS-WINDOWS - Revision : 1 |
2018-07-03 | Microsoft Windows ROP gadget locate attempt RuleID : 46833 - Type : OS-WINDOWS - Revision : 1 |
2018-07-03 | Microsoft Windows ROP gadget locate attempt RuleID : 46832 - Type : OS-WINDOWS - Revision : 1 |
2018-07-03 | Microsoft Windows kernel privilege escalation attempt RuleID : 46831 - Type : OS-WINDOWS - Revision : 1 |
2018-07-03 | Microsoft Windows kernel privilege escalation attempt RuleID : 46830 - Type : OS-WINDOWS - Revision : 1 |
2014-01-10 | PHP truncated crypt function attempt RuleID : 23896 - Type : SERVER-WEBAPP - Revision : 4 |
2014-01-10 | PHP truncated crypt function attempt RuleID : 23895 - Type : SERVER-WEBAPP - Revision : 5 |
2014-01-10 | truncated crypt function attempt RuleID : 23894 - Type : SERVER-WEBAPP - Revision : 7 |
2014-01-10 | Mozilla products floating point buffer overflow attempt RuleID : 21155 - Type : BROWSER-FIREFOX - Revision : 6 |
2014-01-10 | Mozilla products floating point buffer overflow attempt RuleID : 21154 - Type : BROWSER-FIREFOX - Revision : 6 |
2014-01-10 | Multiple vendors OPIE off-by-one stack buffer overflow attempt RuleID : 17155 - Type : SERVER-OTHER - Revision : 13 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-a7ac26523d.nasl - Type: ACT_GATHER_INFO |
2018-12-11 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_32498c8ffc8411e8be12a4badb2f4699.nasl - Type: ACT_GATHER_INFO |
2018-11-30 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_sa-18-13_nfs.nasl - Type: ACT_GATHER_INFO |
2018-11-13 | Name: The remote Debian host is missing a security update. File: debian_DLA-1577.nasl - Type: ACT_GATHER_INFO |
2018-11-02 | Name: The remote Debian host is missing a security update. File: debian_DLA-1564.nasl - Type: ACT_GATHER_INFO |
2018-11-02 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL17403481.nasl - Type: ACT_GATHER_INFO |
2018-09-18 | Name: The remote EulerOS Virtualization host is missing multiple security updates. File: EulerOS_SA-2018-1263.nasl - Type: ACT_GATHER_INFO |
2018-09-18 | Name: The remote EulerOS Virtualization host is missing multiple security updates. File: EulerOS_SA-2018-1270.nasl - Type: ACT_GATHER_INFO |
2018-09-13 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_a67c122ab69311e8ac58a4badb2f4699.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-1_0-0132-a.nasl - Type: ACT_GATHER_INFO |
2018-07-24 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-2_0-0037-a.nasl - Type: ACT_GATHER_INFO |
2018-07-18 | Name: The remote Virtuozzo host is missing multiple security updates. File: Virtuozzo_VZA-2018-048.nasl - Type: ACT_GATHER_INFO |
2018-07-16 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2018-2164.nasl - Type: ACT_GATHER_INFO |
2018-06-15 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_ioctl_call.nasl - Type: ACT_GATHER_INFO |
2018-06-05 | Name: The remote Debian host is missing a security update. File: debian_DLA-1392.nasl - Type: ACT_GATHER_INFO |
2018-06-05 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_13_5.nasl - Type: ACT_GATHER_INFO |
2018-06-05 | Name: The remote host is missing a macOS or Mac OS X security update that fixes mul... File: macosx_SecUpd2018-003.nasl - Type: ACT_GATHER_INFO |
2018-05-31 | Name: The remote Virtuozzo host is missing multiple security updates. File: Virtuozzo_VZA-2018-037.nasl - Type: ACT_GATHER_INFO |
2018-05-31 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2018-1318.nasl - Type: ACT_GATHER_INFO |
2018-05-30 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2018-1023.nasl - Type: ACT_GATHER_INFO |
2018-05-30 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1023.nasl - Type: ACT_GATHER_INFO |
2018-05-29 | Name: The remote Debian host is missing a security update. File: debian_DLA-1383.nasl - Type: ACT_GATHER_INFO |
2018-05-29 | Name: The remote Fedora host is missing a security update. File: fedora_2018-7cd077ddd3.nasl - Type: ACT_GATHER_INFO |
2018-05-17 | Name: The remote Fedora host is missing a security update. File: fedora_2018-98684f429b.nasl - Type: ACT_GATHER_INFO |
2018-05-16 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2018-1121.nasl - Type: ACT_GATHER_INFO |