Posts Tagged ‘vulnerabilities in FreeBSD’

Vulnerabilities in FreeBSD“CVE-2014-8517” vulnerability: Remote command execution in FreeBSD

FreeBSD developers have published a notification of elimination of vulnerability in FreeBSD.

Operation of vulnerability allows to execute arbitrary commands, provides access to critical information and locks the computer. A malicious HTTP server could cause ftp to execute arbitrary commands.

Danger level: High
Availability fixes: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: M / Au: N / C: C / I: C / A: C / E: U / RL: O / RC: C) = Base: 9.3 / Temporal: 6.9
CVE ID: CVE-2014-8517 (more…)

Vulnerabilities in FreeBSD#1 Denial of service and system compromise in FreeBSD (Remote Buffer Overflow vulnerability)

Danger level: High
Availability Corrections: Yes
Quantity of vulnerabilities: 1

CVSSv2 Rating: (AV: L / AC: M / Au: N / C: C / I: C / A: C / E: U / RL: O / RC: C) = Base: 6.9 / Temporal: 5.1
CVE ID: CVE-2014-3954

Vector of operation: Remote
Impact: Remote Buffer Overflow (Denial of service, system compromise) (more…)

FreeBSD Logo

Vulnerability in FreeBSD

Cyber security news 2014: Denial of service in FreeBSD

Revealed the vulnerability in all supported branches of FreeBSD

The flaw allows an attacker to reset the TCP connection by sending a specially designed package.

In all versions of network operating systems FreeBSD has been discovered vulnerability (CVE-2004-0230). The flaw allows an attacker to reset the TCP connection by sending a TCP packet, which contain bogus IP-address. To commit attacks cybercriminals was enough just to know numbers of active ports. (more…)

FreeBSD Logo

Multiple vulnerabilities

Vulnerability: Multiple vulnerabilities in FreeBSD

Danger: Middle
Patch: Yes
Number of vulnerabilities: 2

CVE ID: CVE-2012-4244
CVE-2012-5166
Vector of operation: Remote
Impact: Denial of service
Affected products: FreeBSD 7.4, FreeBSD 8.3, FreeBSD 9.0

Affected versions: FreeBSD 7.4, 8.3, 9.0

Description:

Which can be exploited by malicious people to execute arbitrary code on the target system.

The product contains the vulnerable version of ISC BIND. A detailed description of vulnerabilities can be found here: (more…)