The read-only flag is not correctly copied when a mbuf buffer reference

is duplicated. When the sendfile system call is used to transmit

data over the loopback interface, this can result in the backing pages

for the transmitted file being modified, causing data corruption.



This data corruption can be exploited by an local attacker to escalate

their privilege by carefully controlling the corruption of system files.

It should be noted that the attacker can corrupt any file they have read

access to.

A backdoor introduced by attackers allows unauthenticated users remote root access to systems which run the maliciously modified version of the ProFTPD daemon.



WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations.

Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

Due to failure to handle exceptional conditions, a NULL pointer is dereferenced by the FreeBSD kernel allowing to overwrite arbitrary kernel memory. This module exploits the vulnerability to install an agent with root privileges.

This module exploits a missing verification of the path in the command "sudoedit", provided by the sudo package. This can be exploited to execute any command as root including a shell, allowing an unprivileged process to elevate its privileges to root.



This update adds OSX 10.6 (Snow Leopard) as supported target.

FreeBSD is prone to multiple stack-based buffer-overflow vulnerabilities because the kernel fails to perform adequate boundary checks on user-supplied data.



If the system is configured to allow unprivileged users to mount file

systems, it is possible for a local adversary to exploit this

vulnerability and execute code in the context of the kernel.



This update fixs some issues and adds validations pre-explotation.

FreeBSD is prone to multiple stack-based buffer-overflow vulnerabilities because the kernel fails to perform adequate boundary checks on user-supplied data. If the system is configured to allow unprivileged users to mount file systems, it is possible for a local adversary to exploit this vulnerability and execute code in the context of the kernel. This update fixs some issues and adds validations pre-explotation.

Exploits a missing verification of the path in the command "sudoedit", provided by the sudo package. This can be exploited to e.g. execute any command as root including a shell, allowing an unprivileged process to elevate privileges to root.



This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

FreeBSD is prone to multiple stack-based buffer-overflow vulnerabilities because the kernel fails to perform adequate boundary checks on user-supplied data.



If the system is configured to allow unprivileged users to mount file

systems, it is possible for a local adversary to exploit this

vulnerability and execute code in the context of the kernel.

FreeBSD is prone to multiple stack-based buffer-overflow vulnerabilities because the kernel fails to perform adequate boundary checks on user-supplied data. If the system is configured to allow unprivileged users to mount file systems, it is possible for a local adversary to exploit this vulnerability and execute code in the context of the kernel.

FreeBSD is prone to a local privilege-escalation vulnerability because it fails to adequately bounds-check user-supplied data.



An attacker can exploit this vulnerability to run arbitrary code with elevated privileges.