FreeBSD VuXML

Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML). The current VuXML document that serves as the source for the content of this site can be found:

Please report security issues to the FreeBSD Security Team at . Full contact details, including information handling policies and PGP key, can be found on the FreeBSD Security page.

FreeBSD


Entered Topic
2018-02-28 ntp -- multiple vulnerabilities
2017-12-10 FreeBSD -- OpenSSL multiple vulnerabilities
2017-12-06 FreeBSD -- OpenSSL multiple vulnerabilities
FreeBSD -- WPA2 protocol vulnerability
2017-10-03 FreeBSD -- heimdal KDC-REP service name validation vulnerability
FreeBSD -- OpenSSH Denial of Service vulnerability
2017-05-26 FreeBSD -- Multiple vulnerabilities of ntp
2017-01-26 OpenSSL -- multiple vulnerabilities
2017-01-12 BIND -- multiple vulnerabilities
2017-01-11 FreeBSD -- OpenSSH multiple vulnerabilities
2016-12-22 FreeBSD -- Multiple vulnerabilities of ntp
2016-12-06 FreeBSD -- bhyve(8) virtual machine escape
FreeBSD -- link_ntoa(3) buffer overflow
FreeBSD -- Possible login(1) argument injection in telnetd(8)
2016-11-02 BIND -- Remote Denial of Service vulnerability
FreeBSD -- OpenSSL Remote DoS vulnerability
2016-10-29 FreeBSD -- OpenSSH Remote Denial of Service vulnerability
2016-10-10 FreeBSD -- Heap overflow vulnerability in bspatch
FreeBSD -- Multiple libarchive vulnerabilities
FreeBSD -- Multiple portsnap vulnerabilities
2016-09-28 BIND -- Remote Denial of Service vulnerability
2016-09-26 OpenSSL -- multiple vulnerabilities
2016-09-22 OpenSSL -- multiple vulnerabilities
2016-08-11 FreeBSD -- bsnmpd remote denial of service vulnerability
FreeBSD -- Buffer overflow in stdio
FreeBSD -- Denial of service attack against sshd(8)
FreeBSD -- devfs rules not applied by default for jails
FreeBSD -- Heap vulnerability in bspatch
FreeBSD -- iconv(3) NULL pointer dereference and out-of-bounds array access
FreeBSD -- Incorrect error handling in PAM policy parser
FreeBSD -- Insecure default GELI keyfile permissions
FreeBSD -- Insecure default snmpd.config permissions
FreeBSD -- Multiple integer overflows in expat (libbsdxml) XML parser
FreeBSD -- Multiple ntp vulnerabilities
FreeBSD -- Multiple OpenSSL vulnerabilities
FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3)
FreeBSD -- Remote command execution in ftp(1)
FreeBSD -- routed(8) remote denial of service vulnerability
FreeBSD -- routed(8) remote denial of service vulnerability
FreeBSD -- rpcbind(8) remote denial of service [REVISED]
FreeBSD -- rtsold(8) remote buffer overflow vulnerability
FreeBSD -- sendmail improper close-on-exec flag handling
FreeBSD -- shell injection vulnerability in patch(1)
FreeBSD -- shell injection vulnerability in patch(1)
2016-05-03 OpenSSL -- multiple vulnerabilities
2016-04-27 ntp -- multiple vulnerabilities
2016-03-28 bind -- denial of service vulnerability
bind -- denial of service vulnerability
2016-03-11 openssh -- command injection when X11Forwarding is enabled
2016-01-28 openssl -- multiple vulnerabilities
2016-01-22 bind -- denial of service vulnerability
2016-01-21 ntp -- multiple vulnerabilities
2016-01-18 libarchive -- multiple vulnerabilities
2016-01-14 openssh -- information disclosure
2016-01-08 ntp -- denial of service vulnerability
2015-12-16 bind -- multiple vulnerabilities
2015-12-05 openssl -- multiple vulnerabilities
2015-10-21 ntp -- 13 low- and medium-severity vulnerabilities
2015-09-03 bind -- denial of service vulnerability
2015-08-21 OpenSSH -- PAM vulnerabilities
2015-07-28 bind -- denial of service vulnerability
2015-07-27 OpenSSH -- MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices
2015-07-07 bind -- denial of service vulnerability
2015-06-11 openssl -- multiple vulnerabilities
2015-04-07 ntp -- multiple vulnerabilities
2015-03-19 OpenSSL -- multiple vulnerabilities
2015-02-23 bind -- denial of service vulnerability
2015-01-08 OpenSSL -- multiple vulnerabilities
2015-01-02 file -- multiple vulnerabilities
2014-12-11 bind -- denial of service vulnerability
2014-12-09 unbound -- can be tricked into following an endless series of delegations, this consumes a lot of resources
2014-10-15 OpenSSL -- multiple vulnerabilities
2014-08-06 OpenSSL -- multiple vulnerabilities
2014-06-05 OpenSSL -- multiple vulnerabilities
2014-05-03 OpenSSL -- NULL pointer dereference / DoS
2014-04-23 OpenSSL -- Remote Data Injection / DoS
2014-04-11 OpenSSL -- Local Information Disclosure
2014-04-07 OpenSSL -- Remote Information Disclosure
2014-01-14 ntpd DRDoS / Amplification Attack using ntpdc monlist command
2014-01-13 bind -- denial of service vulnerability
2013-09-19 FreeBSD -- Cross-mount links between nullfs(5) mounts
FreeBSD -- Insufficient credential checks in network ioctl(2)
2013-07-26 bind -- denial of service vulnerability
2013-06-18 FreeBSD -- Privilege escalation via mmap
2013-04-29 FreeBSD -- NFS remote denial of service
2013-04-02 FreeBSD -- BIND remote denial of service
FreeBSD -- OpenSSL multiple vulnerabilities
2013-02-21 FreeBSD -- BIND remote DoS with deliberately crafted DNS64 query
FreeBSD -- glob(3) related resource exhaustion
2012-11-24 FreeBSD -- Insufficient message length validation for EAP-TLS messages
FreeBSD -- Linux compatibility layer input validation error
FreeBSD -- Multiple Denial of Service vulnerabilities with named(8)
2012-08-07 FreeBSD -- named(8) DNSSEC validation Denial of Service
2012-06-27 FreeBSD -- Incorrect crypt() hashing
FreeBSD -- Incorrect handling of zero-length RDATA fields in named(8)
FreeBSD -- OpenSSL multiple vulnerabilities
FreeBSD -- Privilege escalation when returning from kernel
2012-01-29 FreeBSD -- Buffer overflow in handling of UNIX socket addresses
FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1)
FreeBSD -- Network ACL mishandling in mountd(8)
FreeBSD -- pam_ssh improperly grants access when user account has unencrypted SSH private keys
FreeBSD -- pam_ssh() does not validate service names
2011-12-26 krb5-appl -- telnetd code execution vulnerability
2011-12-23 proftpd -- arbitrary code execution vulnerability with chroot
2011-11-16 BIND -- Remote DOS
2011-06-04 BIND -- Large RRSIG RRsets and Negative Caching DoS
2010-10-24 FreeBSD -- BIND named(8) cache poisoning with DNSSEC validation
FreeBSD -- Improper environment sanitization in rtld(1)
FreeBSD -- Inappropriate directory permissions in freebsd-update(8)
FreeBSD -- Insufficient environment sanitization in jail(8)
FreeBSD -- Integer overflow in bzip2 decompression
FreeBSD -- Lost mbuf flag resulting in data corruption
FreeBSD -- ntpd mode 7 denial of service
FreeBSD -- OPIE off-by-one stack overflow
FreeBSD -- SSL protocol flaw
FreeBSD -- Unvalidated input in nfsclient
FreeBSD -- ZFS ZIL playback with insecure permissions
2009-10-06 FreeBSD -- Devfs / VFS NULL pointer race condition
FreeBSD -- kqueue pipe race conditions
2009-08-01 BIND -- Dynamic update message remote DoS
2009-05-07 FreeBSD -- remotely exploitable crash in OpenSSL
2009-01-05 FreeBSD -- arc4random(9) predictable sequence vulnerability
FreeBSD -- Cross-site request forgery in ftpd(8)
FreeBSD -- IPv6 Neighbor Discovery Protocol routing vulnerability
FreeBSD -- netgraph / bluetooth privilege escalation
2008-09-05 FreeBSD -- amd64 swapgs local privilege escalation
FreeBSD -- nmount(2) local arbitrary code execution
FreeBSD -- Remote kernel panics on IPv6 connections
2008-07-13 FreeBSD -- DNS cache poisoning
2007-08-02 FreeBSD -- Buffer overflow in tcpdump(1)
FreeBSD -- Predictable query ids in named(8)
2007-05-23 FreeBSD -- heap overflow in file(1)
2007-04-28 FreeBSD -- IPv6 Routing Header 0 is dangerous
2007-02-27 bind -- Multiple Denial of Service vulnerabilities
FreeBSD -- Jail rc.d script privilege escalation
FreeBSD -- Kernel memory disclosure in firewire(4)
gtar -- name mangling symlink vulnerability
2007-02-26 OpenSSL -- Multiple problems in crypto(3)
2006-12-19 bind9 -- Denial of Service in named(8)
gzip -- multiple vulnerabilities
openssl -- Incorrect PKCS#1 v1.5 padding validation in crypto(3)
2006-09-30 openssh -- multiple vulnerabilities
2006-08-23 sppp -- buffer overflow vulnerability
2006-06-14 sendmail -- Incorrect multipart message handling
2006-06-09 smbfs -- chroot escape
ypserv -- Inoperative access controls in ypserv
2006-04-19 FreeBSD -- FPU information disclosure
2006-03-24 ipsec -- reply attack vulnerability
OPIE -- arbitrary password change
sendmail -- race condition vulnerability
2006-03-12 nfs -- remote denial of service
openssh -- remote denial of service
2006-02-14 FreeBSD -- Infinite loop in SACK handling
FreeBSD -- Local kernel memory disclosure
IEEE 802.11 -- buffer overflow
ipfw -- IP fragment denial of service
pf -- IP fragment handling panic
2006-01-27 cpio -- multiple vulnerabilities
cvsbug -- race condition
ee -- temporary file privilege escalation
texindex -- temporary file privilege escalation
2005-10-12 openssl -- potential SSL 2.0 rollback
2005-09-03 bind9 -- denial of service
2005-08-05 devfs -- ruleset bypass
ipsec -- Incorrect key usage in AES-XCBC-MAC
zlib -- buffer overflow vulnerability
2005-07-06 zlib -- buffer overflow vulnerability
2005-06-29 bzip2 -- denial of service and permission race vulnerabilities
kernel -- ipfw packet matching errors with address tables
kernel -- TCP connection stall denial of service
2005-06-18 gzip -- directory traversal and permission race vulnerabilities
tcpdump -- infinite loops in protocol decoding
2005-05-13 kernel -- information disclosure when using HTT
2004-11-18 Overflow error in fetch
2004-10-04 Boundary checking errors in syscons
2004-08-17 cvs -- numerous vulnerabilities
tnftpd -- remotely exploitable vulnerability
2004-06-30 Linux binary compatibility mode input validation error
2004-06-07 jailed processes can manipulate host routing tables
2004-05-26 buffer cache invalidation implementation issues
2004-05-19 cvs pserver remote heap buffer overflow
2004-05-05 heimdal kadmind remote heap buffer overflow
2004-04-14 CVS path validation errors
2004-04-07 jailed processes can attach to other jails
many out-of-sequence TCP packets denial-of-service
mksnap_ffs clears file system options
shmat reference counting bug
2004-04-02 Incorrect cross-realm trust handling in Heimdal
2004-03-31 tcpdump ISAKMP payload handling remote denial-of-service
2004-03-29 setsockopt(2) IPv6 sockets input validation error
2004-03-17 OpenSSL ChangeCipherSpec denial-of-service vulnerability
2004-01-19 L2TP, ISAKMP, and RADIUS parsing vulnerabilities in tcpdump
2003-12-12 bind8 negative cache poison attack