FreeBSD Security Advisories

FreeBSD Security Advisories are available at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/

FreeBSD Security Advisories are mirrored on ftp://ftp.svbug.com/pub/FreeBSD/CERT/advisories/

NOTE: THE MIRROR AT ftp.svbug.com IS NOT CURRENT AS OF THE LAST MIRRORED DATE. But they are temporarily available here.

Date of Last Mirrored Security Advisory: 2005-05-21 (yyyy-mm-dd)

FreeBSD summaries linked below:
2005  2004   2003  2002   2001  2000   1999  1998   1997  1996  

Security Notices

2005

filenameTopicAnnounced Date (yyyy-mm-dd)
FreeBSD-SA-05:09.htt.asc information disclosure when using HTT2005-05-13
FreeBSD-SA-05:08.kmem.asc Local kernel memory disclosure2005-05-06
FreeBSD-SA-05:07.ldt.asc Local kernel memory disclosure in i386_get_ldt2005-05-06
FreeBSD-SA-05:06.iir.asc Incorrect permissions on /dev/iir2005-05-06
FreeBSD-SA-05:05.cvs.asc Multiple vulnerabilities in CVS2005-04-22
FreeBSD-SA-05:04.ifconf.asc Kernel memory disclosure in ifconf()2005-04-15
FreeBSD-SA-05:03.amd64.asc unprivileged hardware access on amd642005-04-06
FreeBSD-SA-05:02.sendfile.asc sendfile kernel memory disclosure2005-04-04
FreeBSD-SA-05:01.telnet.asc telnet client buffer overflows2005-03-28

2004

filenameTopicAnnounced Date (yyyy-mm-dd)
FreeBSD-SA-04:17.procfs.asc Kernel memory disclosure in procfs and linprocfs2004-12-01
FreeBSD-SA-04:16.fetch.asc Overflow error in fetch2004-11-18
FreeBSD-SA-04:15.syscons.asc Boundary checking errors in syscons2004-10-04
FreeBSD-SA-04:14.cvs.asc CVS2004-09-19
FreeBSD-SA-04:13.linux.asc Linux binary compatibility mode input validation error2004-06-30
FreeBSD-SA-04:12.jailroute.asc Jailed processes can manipulate host routing tables2004-06-07
FreeBSD-SA-04:11.msync.asc buffer cache invalidation implementation issues2004-05-26
FreeBSD-SA-04:10.cvs.asc CVS pserver protocol parser errors2004-05-19
FreeBSD-SA-04:09.kadmind.asc heimdal kadmind remote heap buffer overflow2004-05-05
FreeBSD-SA-04:08.heimdal.asc heimdal cross-realm trust vulnerability2004-05-05
FreeBSD-SA-04:07.cvs.asc CVS path validation errors2004-04-15
FreeBSD-SA-04:06.ipv6.asc setsockopt(2) IPv6 sockets input validation error2004-03-29
FreeBSD-SA-04:05.openssl.asc Denial-of-service vulnerability in OpenSSL2004-03-17
FreeBSD-SA-04:04.tcp.asc many out-of-sequence TCP packets denial-of-service2004-03-02
FreeBSD-SA-04:03.jail.asc Jailed processes can attach to other jails2004-02-25
FreeBSD-SA-04:02.shmat.asc shmat reference counting bug2004-02-05
FreeBSD-SA-04:01.mksnap_ffs.asc mksnap_ffs clears file system options2004-01-30

2003

filenameTopicAnnounced Date (yyyy-mm-dd)
FreeBSD-SA-03:19.bind.asc bind8 negative cache poison attack2003-11-28
FreeBSD-SA-03:15.openssh.asc OpenSSH PAM challenge/authentication error2003-10-05
FreeBSD-SA-03:18.openssl.asc OpenSSL vulnerabilities in ASN.1 parsing2003-10-03
FreeBSD-SA-03:17.procfs.asc kernel memory disclosure via procfs2003-10-03
FreeBSD-SA-03:16.filedesc.asc file descriptor leak in readv2003-10-02
FreeBSD-SA-03:14.arp.asc denial of service due to ARP resource starvation2003-09-25
FreeBSD-SA-03:13.sendmail.asc a third sendmail header parsing buffer overflow2003-09-17
FreeBSD-SA-03:12.openssh.asc OpenSSH buffer management error2003-09-16
FreeBSD-SA-03:11.sendmail.asc sendmail DNS map problem2003-08-26
FreeBSD-SA-03:10.ibcs2.asc Kernel memory disclosure via ibcs22003-08-10
FreeBSD-SA-03:09.signal.asc Insufficient range checking of signal numbers2003-08-10
FreeBSD-SA-03:08.realpath.asc Single byte buffer overflow in realpath(3)2003-08-03
FreeBSD-SA-03:07.sendmail.asc a second sendmail header parsing buffer overflow2003-03-30
FreeBSD-SA-03:06.openssl.asc OpenSSL timing-based SSL/TLS attack2003-03-21
FreeBSD-SA-03:05.xdr.asc remote denial-of-service in XDR encoder/decoder2003-03-20
FreeBSD-SA-03:04.sendmail.asc sendmail header parsing buffer overflow2003-03-03
FreeBSD-SA-03:02.openssl.asc OpenSSL timing-based SSL/TLS attack2003-02-25
FreeBSD-SA-03:03.syncookies.asc Brute force attack on SYN cookies2003-02-24
FreeBSD-SA-03:01.cvs.asc remotely exploitable vulnerability in cvs server2003-02-04
FreeBSD-SA-02:44.filedesc.asc file descriptor leak in fpathconf2003-01-07

2002

filenameTopicAnnounced Date (yyyy-mm-dd)
FreeBSD-SA-02:43.bind.asc multiple vulnerabilities in BIND [REVISED]2002-11-15
FreeBSD-SA-02:41.smrsh.asc smrsh restrictions can be bypassed [REVISED]2002-11-15
FreeBSD-SA-02:42.resolv.asc buffer overrun in resolver2002-11-12
FreeBSD-SA-02:40.kadmind.asc Buffer overflow in kadmind daemon2002-11-12
FreeBSD-SA-02:39.libkvm.asc Applications using libkvm may leak sensitive descriptors2002-09-16
FreeBSD-SA-02:38.signed-error.asc Boundary checking errors involving signed integers2002-08-19
FreeBSD-SA-02:37.kqueue.asc local users can panic the system using the kqueue mechanism2002-08-05
FreeBSD-SA-02:36.nfs.asc Bug in NFS server code allows remote denial of service2002-08-05
FreeBSD-SA-02:35.ffs.asc local users may read and write arbitrary blocks on2002-08-05
FreeBSD-SA-02:33.openssl.asc openssl contains multiple vulnerabilities2002-08-05
FreeBSD-SA-02:34.rpc.asc Sun RPC XDR decoder contains buffer overflow2002-08-01
FreeBSD-SA-02:32.pppd.asc exploitable race condition in pppd2002-07-31
FreeBSD-SA-02:31.openssh.asc openssh contains remote vulnerability2002-07-15
FreeBSD-SA-02:30.ktrace.asc Users may trace previously privileged processes2002-07-12
FreeBSD-SA-02:29.tcpdump.asc Buffer overflow in tcpdump when handling NFS packets2002-07-12
FreeBSD-SA-02:28.resolv.asc buffer overflow in resolver2002-06-26
FreeBSD-SA-02:27.rc.asc rc uses file globbing dangerously2002-05-29
FreeBSD-SA-02:26.accept.asc Remote denial-of-service when using accept filters2002-05-29
FreeBSD-SA-02:25.bzip2.asc bzip2 contains multiple security vulnerabilities2002-05-20
FreeBSD-SA-02:24.k5su.asc k5su utility does not honor `wheel' group2002-05-20
FreeBSD-SA-02:23.stdio.asc insecure handling of stdio file descriptors2002-04-22
FreeBSD-SA-02:22.mmap.asc mmap/msync denial of service2002-04-18
FreeBSD-SA-02:21.tcpip.asc routing table memory leak2002-04-17
FreeBSD-SA-02:20.syncache.asc syncache/syncookies denial of service2002-04-16
FreeBSD-SA-02:19.squid.asc squid heap buffer overflow in DNS handling2002-03-26
FreeBSD-SA-02:18.zlib.v1.2.asc zlib double-free2002-03-18
FreeBSD-SA-02:17.mod_frontpage.asc mod_frontpage port contains exploitable buffer overflow2002-03-12
FreeBSD-SA-02:16.netscape.asc GIF/JPEG comment vulnerability in Netscape2002-03-12
FreeBSD-SA-02:15.cyrus-sasl.asc cyrus-sasl library contains format string vulnerability2002-03-12
FreeBSD-SA-02:14.pam-pgsql.asc pam-pgsql port authentication bypass2002-03-12
FreeBSD-SA-02:13.openssh.asc OpenSSH contains exploitable off-by-one bug2002-03-07
FreeBSD-SA-02:12.squid.asc multiple security vulnerabilities in squid port2002-02-21
FreeBSD-SA-02:11.snmp.asc ucd-snmp/net-snmp remotely exploitable vulnerabilities2002-02-12
FreeBSD-SA-02:10.rsync.asc rsync port contains remotely exploitable vulnerability2002-02-06
FreeBSD-SA-02:09.fstatfs.asc fstatfs race condition may allow local denial of2002-02-06
FreeBSD-SA-02:08.exec.asc race condition during exec may allow local root compromise2002-01-24
FreeBSD-SA-02:07.k5su.asc Kerberos 5 su command uses getlogin for authorization2002-01-18
FreeBSD-SA-02:06.sudo.asc sudo port may enable local privilege escalation2002-01-16
FreeBSD-SA-02:05.pine.asc pine port insecure URL handling [REVISED]2002-01-04
FreeBSD-SA-02:04.mutt.asc mutt ports contain remotely exploitable buffer overflow2002-01-04
FreeBSD-SA-02:03.mod_auth_pgsql.asc mod_auth_pgsql port authentication bypass2002-01-04
FreeBSD-SA-02:02.pw.asc pw(8) race condition may allow disclosure of master.passwd2002-01-04
FreeBSD-SA-02:01.pkg_add.asc Directory permission vulnerability in pkg_add [REVISED]2002-01-04

2001

filenameTopicAnnounced Date (yyyy-mm-dd)
FreeBSD-SA-01:68.xsane.asc xsane port uses insecure temporary file handling2001-12-17
FreeBSD-SA-01:67.htdig.asc htdig configuration file vulnerability2001-12-17
FreeBSD-SA-01:66.thttpd.asc thttpd port contains remotely vulnerability2001-12-11
FreeBSD-SA-01:65.libgtop.asc Buffer overflow in libgtop_server2001-12-11
FreeBSD-SA-01:64.wu-ftpd.asc wu-ftpd port contains remote root compromise2001-12-04
FreeBSD-SA-01:63.openssh.asc OpenSSH UseLogin directive permits privilege escalation2001-12-02
FreeBSD-SA-01:62.uucp.asc UUCP allows local root exploit2001-10-08
FreeBSD-SA-01:61.squid.asc Squid in accelerator-only mode ignores ACLs2001-10-08
FreeBSD-SA-01:60.procmail.asc Multiple vulnerabilities in procmail signal handling2001-09-24
FreeBSD-SA-01:59.rmuser.v1.1.asc rmuser contains a race condition exposing /etc/master.passwd2001-09-04
FreeBSD-SA-01:58.lpd.asc lpd contains remote root vulnerability2001-08-30
FreeBSD-SA-01:57.sendmail.v1.2.asc sendmail contains local root vulnerability [REVISED]2001-08-27
FreeBSD-SA-01:56.tcp_wrappers.asc tcp_wrappers PARANOID hostname checking does not work2001-08-23
FreeBSD-SA-01:55.procfs.asc procfs vulnerability leaks set[ug]id process memory2001-08-21
FreeBSD-SA-01:54.ports-telnetd.asc telnetd contains remote buffer overflow2001-08-20
FreeBSD-SA-01:53.ipfw.asc ipfw `me' on P2P interfaces matches remote address2001-08-17
FreeBSD-SA-01:52.fragment.asc Denial of service using fragmented IPv4 packets2001-08-06
FreeBSD-SA-01:51.openssl.v1.1.asc OpenSSL 0.9.6a and earlier contain flaw in PRNG [REVISED]2001-07-30
FreeBSD-SA-01:50.windowmaker.asc windowmaker contains possibly exploitable buffer overflow2001-07-27
FreeBSD-SA-01:49.telnetd.v1.1.asc telnetd contains remote buffer overflow2001-07-23
FreeBSD-SA-01:48.tcpdump.asc tcpdump contains remote buffer overflow2001-07-17
FreeBSD-SA-01:47.xinetd.asc xinetd contains multiple vulnerabilities2001-07-10
FreeBSD-SA-01:46.w3m.asc w3m contains remotely exploitable buffer overflow2001-07-10
FreeBSD-SA-01:45.samba.asc samba2001-07-10
FreeBSD-SA-01:44.gnupg.asc gnupg contains format string vulnerability2001-07-10
FreeBSD-SA-01:43.fetchmail.asc fetchmail contains potentially exploitable buffer2001-07-10
FreeBSD-SA-01:42.signal.v1.1.asc signal handling during exec may allow local root2001-07-10
FreeBSD-SA-01:41.hanterm.asc hanterm ports allow local root compromise2001-07-09
FreeBSD-SA-01:40.fts.v1.1.asc fts(3) routines contain race condition [REVISED]2001-06-04
FreeBSD-SA-01:39.tcp-isn.asc TCP initial sequence number generation contains2001-05-02
FreeBSD-SA-01:38.sudo.asc sudo contains local buffer overflow2001-04-23
FreeBSD-SA-01:37.slrn.asc slrn contains remotely-exploitable buffer overflow2001-04-23
FreeBSD-SA-01:36.samba.asc samba ports contain locally exploitable /tmp races2001-04-23
FreeBSD-SA-01:35.licq.asc licq contains multiple remote vulnerabilities2001-04-23
FreeBSD-SA-01:34.hylafax.asc hylafax contains local compromise2001-04-23
FreeBSD-SA-01:33.ftpd-glob.v1.1.asc globbing vulnerability in ftpd [REVISED]2001-04-17
FreeBSD-SA-01:32.ipfilter.v1.1.asc IPFilter may incorrectly pass packets [REVISED]2001-04-16
FreeBSD-SA-01:31.ntpd.asc ntpd contains potential remote compromise2001-04-06
FreeBSD-SA-01:30.ufs-ext2fs.asc UFS/EXT2FS allows disclosure of deleted data2001-03-22
FreeBSD-SA-01:29.rwhod.asc rwhod allows remote denial of service2001-03-12
FreeBSD-SA-01:28.timed.asc timed allows remote denial of service2001-03-12
FreeBSD-SA-01:27.cfengine.asc cfengine port contains remote root vulnerability2001-03-12
FreeBSD-SA-01:26.interbase.asc interbase contains remote backdoor2001-03-12
FreeBSD-SA-01:23.icecast.asc icecast port contains remote vulnerability2001-03-12
FreeBSD-SA-01:25.kerberosIV.asc Local and remote vulnerabilities in Kerberos IV2001-02-14
FreeBSD-SA-01:24.ssh.asc SSH1 implementations may allow remote system, data compromise2001-02-12
FreeBSD-SA-01:22.dc20ctrl.asc dc20ctrl port contains a locally exploitable buffer overflow2001-02-07
FreeBSD-SA-01:21.ja-elvis.asc ja-elvis and ko-helvis ports contain a local2001-02-07
FreeBSD-SA-01:20.mars_nwe.asc mars_nwe contains potential remote root compromise2001-02-07
FreeBSD-SA-01:19.ja-klock.asc ja-xklock port contains a local root compromise2001-02-07
FreeBSD-SA-01:18.bind.asc BIND remotely exploitable buffer overflow2001-01-31
FreeBSD-SA-01:17.exmh.asc exmh symlink vulnerability2001-01-29
FreeBSD-SA-01:16.mysql.asc mysql may allow remote users to gain increased2001-01-29
FreeBSD-SA-01:15.tinyproxy.asc tinyproxy contains remote vulnerabilities2001-01-29
FreeBSD-SA-01:14.micq.asc micq remote buffer overflow vulnerability2001-01-29
FreeBSD-SA-01:13.sort.asc sort uses insecure temporary files2001-01-29
FreeBSD-SA-01:12.periodic.v1.1.asc periodic uses insecure temporary files [REVISED]2001-01-29
FreeBSD-SA-01:11.inetd.v1.1.asc inetd ident server allows remote users to partially2001-01-29
FreeBSD-SA-01:10.bind.asc bind remote denial of service2001-01-23
FreeBSD-SA-01:09.crontab.v1.1.asc crontab allows users to read certain files [REVISED]2001-01-23
FreeBSD-SA-01:08.ipfw.asc ipfw/ip6fw allows bypassing of 'established' keyword2001-01-23
FreeBSD-SA-01:07.xfree86.asc Multiple XFree86 3.3.6 vulnerabilities2001-01-23
FreeBSD-SA-01:06.zope.asc zope vulnerability allows escalation of privileges2001-01-15
FreeBSD-SA-01:05.stunnel.asc stunnel contains potential remote compromise2001-01-15
FreeBSD-SA-01:04.joe.asc joe creates insecure recovery files2001-01-15
FreeBSD-SA-01:03.bash1.asc bash1 creates insecure temporary files2001-01-15
FreeBSD-SA-01:02.syslog-ng.asc syslog-ng remote denial-of-service2001-01-15
FreeBSD-SA-01:01.openssh.asc Hostile server OpenSSH agent/X11 forwarding2001-01-15

2000

filenameTopicAnnounced Date (yyyy-mm-dd)
FreeBSD-SA-00:81.ethereal.asc ethereal allows remote code execution2000-12-20
FreeBSD-SA-00:80.halflifeserver.asc halflifeserver allows remote code execution2000-12-20
FreeBSD-SA-00:79.oops.asc oops allows remote code execution2000-12-20
FreeBSD-SA-00:78.bitchx.v1.1.asc bitchx/ko-bitchx allows remote code execution [REVISED]2000-12-20
FreeBSD-SA-00:77.procfs.v1.1.asc Several vulnerabilities in procfs [REVISED]2000-12-18
FreeBSD-SA-00:76.tcsh-csh.asc tcsh/csh creates insecure temporary file2000-11-20
FreeBSD-SA-00:75.php.asc mod_php3/mod_php4 allows remote code execution2000-11-20
FreeBSD-SA-00:74.gaim.asc gaim remote vulnerability2000-11-20
FreeBSD-SA-00:73.thttpd.asc thttpd allows remote reading of local files2000-11-20
FreeBSD-SA-00:72.curl.asc curl client-side vulnerability2000-11-20
FreeBSD-SA-00:71.mgetty.asc mgetty can create or overwrite files2000-11-20
FreeBSD-SA-00:70.ppp-nat.asc ppp "deny_incoming" does not correctly deny incoming packets2000-11-14
FreeBSD-SA-00:69.telnetd.v1.1.asc telnetd allows remote system resource consumption [REVISED]2000-11-14
FreeBSD-SA-00:68.ncurses.v1.1.asc ncurses allows local privilege escalation [REVISED]2000-11-13
FreeBSD-SA-00:67.gnupg.asc gnupg fails to correctly verify signatures2000-11-10
FreeBSD-SA-00:66.netscape.asc Client vulnerability in Netscape2000-11-06
FreeBSD-SA-00:65.xfce.asc xfce allows local X session compromise2000-11-06
FreeBSD-SA-00:64.global.asc global port allows remote compromise through CGI script2000-11-06
FreeBSD-SA-00:63.getnameinfo.asc getnameinfo function allows remote denial of service2000-11-01
FreeBSD-SA-00:62.top.v1.1.asc top allows reading of kernel memory [REISSUED]2000-11-01
FreeBSD-SA-00:61.tcpdump.v1.1.asc tcpdump contains remote vulnerabilities [REISSUED]2000-10-31
FreeBSD-SA-00:60.boa.asc boa web server allows arbitrary file access/execution2000-10-30
FreeBSD-SA-00:59.pine.asc pine4 port contains remote vulnerability2000-10-30
FreeBSD-SA-00:58.chpass.asc chpass family contains local root vulnerability2000-10-30
FreeBSD-SA-00:57.muh.asc muh IRC bouncer remote vulnerability2000-10-13
FreeBSD-SA-00:56.lprng.asc LPRng contains potential root compromise2000-10-13
FreeBSD-SA-00:55.xpdf.asc xpdf contains multiple vulnerabilities2000-10-13
FreeBSD-SA-00:54.fingerd.asc fingerd allows remote reading of filesystem2000-10-13
FreeBSD-SA-00:52.tcp-iss.asc TCP uses weak initial sequence numbers2000-10-06
FreeBSD-SA-00:53.catopen.asc catopen() may pose security risk for third party code2000-09-27
FreeBSD-SA-00:51.mailman.asc mailman port allows local root compromise2000-09-13
FreeBSD-SA-00:50.listmanager.asc listmanager port allows local root compromise2000-09-13
FreeBSD-SA-00:49.eject.asc eject port allows local root exploit2000-09-13
FreeBSD-SA-00:48.xchat.asc xchat port inappropriately handles URLs2000-09-13
FreeBSD-SA-00:47.pine.asc pine4 port allows denial of service2000-09-13
FreeBSD-SA-00:46.screen.asc screen port contains local root compromise2000-09-13
FreeBSD-SA-00:45.esound.asc esound port allows file permissions to be modified2000-08-31
FreeBSD-SA-00:44.xlock.asc xlockmore port allows reading of password file2000-08-28
FreeBSD-SA-00:43.brouted.asc brouted port allows gid kmem compromise2000-08-28
FreeBSD-SA-00:42.linux.asc Linux binary compatability mode can cause system compromise2000-08-28
FreeBSD-SA-00:41.elf.asc Malformed ELF images can cause a system hang2000-08-28
FreeBSD-SA-00:40.mopd.asc mopd port allows remote root compromise2000-08-28
FreeBSD-SA-00:39.netscape.asc Two vulnerabilities in Netscape2000-08-28
FreeBSD-SA-00:38.zope.asc zope port allows remote modification of DTML documents2000-08-14
FreeBSD-SA-00:37.cvsweb.asc cvsweb allows increased access to CVS committers2000-08-14
FreeBSD-SA-00:36.ntop.asc ntop port allows remote and minor local compromise2000-08-14
FreeBSD-SA-00:35.proftpd.asc proftpd port contains remote root compromise2000-08-14
FreeBSD-SA-00:34.dhclient.asc dhclient vulnerable to malicious dhcp server2000-08-14
FreeBSD-SA-00:33.kerberosIV.asc kerberosIV distribution contains multiple vulnerabilities2000-07-12
FreeBSD-SA-00:32.bitchx.asc bitchx port contains client-side vulnerability2000-07-05
FreeBSD-SA-00:31.canna.asc Canna port contains remote vulnerability [REVISED]2000-07-05
FreeBSD-SA-00:30.openssh.asc OpenSSH UseLogin directive permits remote root access2000-07-05
FreeBSD-SA-00:29.wu-ftpd.asc wu-ftpd port contains remote root compromise [REVISED]2000-07-05
FreeBSD-SA-00:28.majordomo.asc majordomo is not safe to run on multi-user machines2000-07-05
FreeBSD-SA-00:27.XFree86-4.asc XFree86-4.0 port contains local root overflow2000-07-05
FreeBSD-SA-00:26.popper.asc popper port contains remote vulnerability [REVISED]2000-07-05
FreeBSD-SA-00:24.libedit.asc libedit reads config file from current directory2000-07-05
FreeBSD-SA-00:23.ipopt.asc Remote denial-of-service in IP stack [REVISED]2000-06-19
FreeBSD-SA-00:25.alpha-random.asc FreeBSD/Alpha platform lacks kernel pseudo-random number2000-06-12
FreeBSD-SA-00:22.apsfilter.asc apsfilter allows users to execute arbitrary commands as2000-06-07
FreeBSD-SA-00:21.ssh.asc ssh port listens on extra network port [REVISED]2000-06-07
FreeBSD-SA-00:20.krb5.asc krb5 port contains remote and local root exploits.2000-05-26
FreeBSD-SA-00:19.semconfig.asc local users can prevent all processes from exiting2000-05-23
FreeBSD-SA-00:18.gnapster.knapster.asc gnapster/knapster ports allows remote users to view local files2000-05-09
FreeBSD-SA-00:17.libmytinfo.asc Buffer overflow in libmytinfo may yield increased2000-05-09
FreeBSD-SA-00:16.golddig.asc golddig port allows users to overwrite local files2000-05-09
FreeBSD-SA-00:15.imap-uw.asc imap-uw allows local users to deny service to any mailbox2000-04-24
FreeBSD-SA-00:14.imap-uw.asc imap-uw contains security vulnerabilities for "closed"2000-04-24
FreeBSD-SA-00:13.generic-nqs.asc generic-nqs contains a local root compromise2000-04-19
FreeBSD-SA-00:12.healthd.asc healthd allows a local root compromise2000-04-10
FreeBSD-SA-00:11.ircii.asc ircII port contains a remote overflow2000-04-10
FreeBSD-SA-00:10.orville-write.asc orville-write port contains local root compromise.2000-03-15
FreeBSD-SA-00:09.mtr.asc mtr port contains a local root exploit.2000-03-15
FreeBSD-SA-00:08.lynx.asc Lynx ports contain numerous buffer overflows2000-03-15
FreeBSD-SA-00:07.mh.asc mh/nmh/exmh/exmh2 ports allow remote execution of binary code2000-03-15
FreeBSD-SA-00:06.htdig.asc htdig port allows remote reading of files2000-03-01
FreeBSD-SA-00:05.mysql.asc MySQL allows bypassing of password authentication2000-02-28
FreeBSD-SA-00:04.delegate.asc Delegate port contains numerous buffer overflows2000-02-19
FreeBSD-SA-00:03.asmon.asc Asmon/Ascpu ports fail to drop privileges2000-02-19
FreeBSD-SA-00:02.procfs.asc Old procfs hole incompletely filled2000-01-24
FreeBSD-SA-00:01.make.asc Insecure temporary file handling in make(1)2000-01-19

1999

filenameTopicAnnounced Date (yyyy-mm-dd)
FreeBSD-SA-99:06.amd.asc remote amd attack1999-09-16
FreeBSD-SA-99:05.fts.asc fts library routine vulnerability1999-09-15
FreeBSD-SA-99:04.core.asc Coredumps and symbolic links1999-09-15
FreeBSD-SA-99:03.ftpd.asc Three ftp daemons in ports vulnerable to attack.1999-09-05
FreeBSD-SA-99:02.profil.asc Profiling Across Exec Calls1999-09-04
FreeBSD-SA-99:01.chflags.asc BSD File Flags and Programming Techniques1999-09-04

1998

filenameTopicAnnounced Date (yyyy-mm-dd)
FreeBSD-SA-98:08.fragment.asc IP fragmentation denial of service1998-11-04
FreeBSD-SA-98:07.rst.asc TCP RST denial of sevice1998-10-13
FreeBSD-SA-98:06.icmp.asc smurf attack1998-06-10
FreeBSD-SA-98:05.nfs.asc system crash with NFS1998-06-04
FreeBSD-SA-98:04.mmap.asc security compromise via mmap1998-06-02
FreeBSD-SA-98:03.ttcp.asc Problems with TTCP1998-05-14, revised at 1998-05-18
FreeBSD-SA-98:02.mmap.asc security compromise via mmap1998-03-12

1997

filenameTopicAnnounced Date (yyyy-mm-dd)
FreeBSD-SA-97:06.f00f.asc Pentium processors have flaw allowing unpriviledged crashes1997-12-09
FreeBSD-SA-98:01.land.asc LAND attack can cause harm to running FreeBSD systems1997-12-01
FreeBSD-SA-97:05.open.asc security compromise via open()1997-10-29
FreeBSD-SA-97:04.procfs.asc security compromise via procfs1997-08-19
FreeBSD-SA-97:03.sysinstall.asc sysinstall bug1997-04-07
FreeBSD-SA-97:02.lpd.asc Buffer overflow in lpd1997-03-26
FreeBSD-SA-97:01.setlocale.asc setlocale() bug in all released versions of FreeBSD1997-02-05
FreeBSD-SA-96:21.talkd.asc unauthorized access via buffer overrun in talkd1997-01-18

1996

filenameTopicAnnounced Date (yyyy-mm-dd)
FreeBSD-SA-96:20.stack-overflow.asc unauthorized access via buffer overruns1996-12-16
FreeBSD-SA-96:19.modstat.asc Buffer overflow in modstat1996-12-10
FreeBSD-SA-96:18.lpr.asc Buffer overflow in lpr (revised)1996-11-25
FreeBSD-SA-96:17.rzsz.asc "Trojan Horse" vulnerability via rz program1996-07-16
FreeBSD-SA-96:16.rdist.asc security vulnerability in rdist1996-07-12
FreeBSD-SA-96:15.ppp.asc security compromise from ppp1996-07-04
FreeBSD-SA-96:12.perl.asc security compromise from perl (suidperl) utility1996-06-28
FreeBSD-SA-96:14.ipfw.asc Firewall filter leak with user level ipfw1996-06-24
FreeBSD-SA-96:13.comsat.asc unauthorized mail reading via comsat1996-06-05
FreeBSD-SA-96:11.man.asc security compromise from man page utility1996-05-21
FreeBSD-SA-96:10.mount_union.asc system stability compromise via mount_union program1996-05-17
FreeBSD-SA-96:09.vfsload.asc unauthorized access via mount_union / mount_msdos (vfsload)1996-05-17
FreeBSD-SA-96:02.apache.asc apache httpd meta-character escaping1996-04-22
FreeBSD-SA-96:08.syslog.asc syslog vulnerability1996-04-21
FreeBSD-SA-96:01.sliplogin.asc sliplogin unauthorized access vulnerability1996-04-21
FreeBSD-SA-96:03.sendmail-suggestion.asc *suggested action only* sendmail smrsh now available1996-04-20

Security Notices

FreeBSD-SN-03:02.asc - security issue in SETI@home clien
FreeBSD-SN-03:01.asc - security issue in samba port

FreeBSD-SN-02:06.asc - security issues in port
FreeBSD-SN-02:05.asc - security issues in port
FreeBSD-SN-02:04.asc - security issues in port
FreeBSD-SN-02:03.asc - security issues in port
FreeBSD-SN-02:02.asc - security issues in port
FreeBSD-SN-02:01.asc - security issues in port


HOME
Events - SVBUG Events
BABE - Bay Area BSD Events
BSD Developer (Documentation, Mirrors, Benchmarks, Online Tools)
BSD Administrator (Man, Security, Ports)

About SVBUG
Past SVBUG Events
About BSD
History of BSD

Links
Site Map


For questions or comments, please send mail to: webmaster@svbug.com

svbug.com © 30-Apr-2006