FreeBSD

Citrix ADC and Gateway Directory Traversal Vulnerability Exploit

Citrix Application Delivery Controller (ADC) and Citrix Gateway are prone to a directory traversal vulnerability that allows attackers to upload an XML file via newbm.pl and execute system commands.

FreeBSD IOCTL CDIOCREADSUBCHANNELSYSSPACE Local Privilege Escalation Exploit

A bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory when media is present thereby allowing a malicious user in the operator group to gain root privileges.

pfSense system groupmanager Command Execution Exploit

This module exploits a post authentication vulnerability in pfSense by abusing the system_groupmanager.php page which allows users to get Code Execution.

FreeBSD atkbd SETFKEY Ioctl Privilege Escalation Exploit Update

Incorrect signedness comparison in the ioctl handler of the atkbd keyboard driver in the FreeBSD kernel can be leveraged by a local unprivileged user to overwrite a portion of the kernel memory, thus allowing the attacker to gain root privileges on the affected system. This update improves the checking of preconditions before launching the attack.

FreeBSD atkbd SETFKEY Ioctl Privilege Escalation Exploit

Incorrect signedness comparison in the ioctl handler of the atkbd keyboard driver in the FreeBSD kernel can be leveraged by a local unprivileged user to overwrite a portion of the kernel memory, thus allowing the attacker to gain root privileges on the affected system.

FreeBSD Sysret Instruction Privilege Escalation Exploit

On Intel CPUs, sysret to non-canonical addresses causes a fault on the sysret instruction itself after the stack pointer is set to guest value but before the current privilege level (CPL) is changed. FreeBSD is vulnerable to this issue due to insufficient sanity checks when returning from a system call. This module exploits the vulnerability and installs an agent with root privileges.

PHP-CGI Argument Injection Exploit Update

This module exploits an argument injection vulnerability in PHP up to version 5.3.12 and 5.4.2 when running as a standalone CGI processor and takes advantage of the -d flag to achieve remote code execution. This update adds support for FreeBSD, OpenBSD, RedHat and Windows platforms.

FreeBSD mount Local Privilege Escalation Exploit

FreeBSD is prone to multiple stack-based buffer-overflow vulnerabilities because the kernel fails to perform adequate boundary checks on user-supplied data. If the system is configured to allow unprivileged users to mount file systems, it is possible for a local adversary to exploit this vulnerability and execute code in the context of the kernel.

RPT exploits ordering improvements

With this update, RPT will prioritize newer exploits when attacking a target.

ProFTPD Telnet IAC Buffer Overflow Exploit

This module exploits a stack overflow vulnerability in proftpd in order to install an agent. The vulnerability is within the function pr_netio_telnet_gets(). The issue is triggered when processing specially crafted Telnet IAC packets delivered to the FTP server.