freebsd From Proxmox to FreeBSD: story of a migration By www.osnews.com Published On :: Mon, 04 Nov 2024 14:26:44 +0000 It’s the start of the work week, so for the IT administrators among us, I have another great article by friend of the website, Stefano Marinelli. This article covers migrating a Proxmox-based setup to FreeBSD with bhyve. The load is not particularly high, and the machines have good performance. Suddenly, however, I received a notification: one of the NVMe drives died abruptly, and the server rebooted. ZFS did its job, and everything remained sufficiently secure, but since it’s a leased server and already several years old, I spoke with the client and proposed getting more recent hardware and redoing the setup based on a FreeBSD host. ↫ Stefano Marinelli If you’re interested in moving one of your own setups, or one of your clients’ setups, from Linux to FreeBSD, this is a great place to start and get some ideas, tips, and tricks. Like I said, it’s Monday, and you need to get to work. Full Article FreeBSD
freebsd LXer: FreeBSD To See Better Laptop Support With Investment Backed By AMD, Dell & Framework By www.linuxquestions.org Published On :: Sun, 29 Sep 2024 23:00:53 GMT Published at LXer: Following AMD and FreeBSD Foundation collaborations and the Sovereign Tech Fund making a big investment into FreeBSD, the FreeBSD Foundation and Quantum Leap Research have... Full Article Syndicated Linux News
freebsd LXer: Germany's Sovereign Tech Fund throws cash at FreeBSD and Samba By www.linuxquestions.org Published On :: Wed, 02 Oct 2024 13:45:01 GMT Published at LXer: Germany's Sovereign Tech Fund (STF), which is backed by the Federal Ministry for Economic Affairs and Climate Action, is funding open source work again. This time, the recipients... Full Article Syndicated Linux News
freebsd FreeBSD Security Advisory - FreeBSD-SA-18:13.nfs By packetstormsecurity.com Published On :: Wed, 28 Nov 2018 18:04:28 GMT FreeBSD Security Advisory - Insufficient and improper checking in the NFS server code could cause a denial of service or possibly remote code execution via a specially crafted network packet. A remote attacker could cause the NFS server to crash, resulting in a denial of service, or possibly execute arbitrary code on the server. Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-18:14.bhyve By packetstormsecurity.com Published On :: Thu, 06 Dec 2018 02:19:30 GMT FreeBSD Security Advisory - Insufficient bounds checking in one of the device models provided by bhyve(8) can permit a guest operating system to overwrite memory in the bhyve(8) processing possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root. Full Article
freebsd FreeBSD Intel SYSRET Privilege Escalation By packetstormsecurity.com Published On :: Thu, 07 Mar 2019 02:01:26 GMT This Metasploit module exploits a vulnerability in the FreeBSD kernel, when running on 64-bit Intel processors. By design, 64-bit processors following the X86-64 specification will trigger a general protection fault (GPF) when executing a SYSRET instruction with a non-canonical address in the RCX register. However, Intel processors check for a non-canonical address prior to dropping privileges, causing a GPF in privileged mode. As a result, the current userland RSP stack pointer is restored and executed, resulting in privileged code execution. Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-19:03.wpa By packetstormsecurity.com Published On :: Wed, 15 May 2019 15:30:08 GMT FreeBSD Security Advisory - Multiple vulnerabilities exist in the hostapd(8) and wpa_supplicant(8) implementations. Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-19:07.mds By packetstormsecurity.com Published On :: Wed, 15 May 2019 15:47:43 GMT FreeBSD Security Advisory - On some Intel processors utilizing speculative execution a local process may be able to infer stale information from microarchitectural buffers to obtain a memory disclosure. An attacker may be able to read secret data from the kernel or from a process when executing untrusted code (for example, in a web browser). Full Article
freebsd FreeBSD rtld execl() Privilege Escalation By packetstormsecurity.com Published On :: Wed, 22 May 2019 00:51:22 GMT This Metasploit module exploits a vulnerability in the FreeBSD run-time link-editor (rtld). The rtld unsetenv() function fails to remove LD_* environment variables if __findenv() fails. This can be abused to load arbitrary shared objects using LD_PRELOAD, resulting in privileged code execution. Full Article
freebsd Linux / FreeBSD TCP-Based Denial Of Service By packetstormsecurity.com Published On :: Tue, 18 Jun 2019 15:50:02 GMT Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels. The vulnerabilities specifically relate to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities. The most serious, dubbed _"SACK Panic_," allows a remotely-triggered kernel panic on recent Linux kernels. There are patches that address most of these vulnerabilities. If patches can not be applied, certain mitigations will be effective. Full Article
freebsd FreeBSD Security Advisory - ntp Authentication Bypass By packetstormsecurity.com Published On :: Mon, 26 Oct 2015 19:32:22 GMT FreeBSD Security Advisory - Crypto-NAK packets can be used to cause ntpd(8) to accept time from an unauthenticated ephemeral symmetric peer by bypassing the authentication required to mobilize peer associations. FreeBSD 9.3 and 10.1 are not affected. Various other issues have also been addressed. Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-19:08.rack By packetstormsecurity.com Published On :: Fri, 21 Jun 2019 18:32:22 GMT FreeBSD Security Advisory - While processing acknowledgements, the RACK code uses several linked lists to maintain state entries. A malicious attacker can cause the lists to grow unbounded. This can cause an expensive list traversal on every packet being processed, leading to resource exhaustion and a denial of service. An attacker with the ability to send specially crafted TCP traffic to a victim system can degrade network performance and/or consume excessive CPU by exploiting the inefficiency of traversing the potentially very large RACK linked lists with relatively small bandwidth cost. Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-19:09.iconv By packetstormsecurity.com Published On :: Wed, 03 Jul 2019 18:20:31 GMT FreeBSD Security Advisory - With certain inputs, iconv may write beyond the end of the output buffer. Depending on the way in which iconv is used, an attacker may be able to create a denial of service, provoke incorrect program behavior, or induce a remote code execution. iconv is a libc library function and the nature of possible attacks will depend on the way in which iconv is used by applications or daemons. Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-19:11.cd_ioctl By packetstormsecurity.com Published On :: Wed, 03 Jul 2019 18:23:20 GMT FreeBSD Security Advisory - To implement one particular ioctl, the Linux emulation code used a special interface present in the cd(4) driver which allows it to copy subchannel information directly to a kernel address. This interface was erroneously made accessible to userland, allowing users with read access to a cd(4) device to arbitrarily overwrite kernel memory when some media is present in the device. A user in the operator group can make use of this interface to gain root privileges on a system with a cd(4) device when some media is present in the device. Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-19:10.ufs By packetstormsecurity.com Published On :: Wed, 03 Jul 2019 18:23:53 GMT FreeBSD Security Advisory - A bug causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding. This data can be viewed by any user with read access to the directory. Additionally, a malicious user with write access to a directory can cause up to 254 bytes of kernel stack memory to be exposed. Some amount of the kernel stack is disclosed and written out to the filesystem. Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-19:12.telnet By packetstormsecurity.com Published On :: Wed, 24 Jul 2019 14:02:22 GMT FreeBSD Security Advisory - Insufficient validation of environment variables in the telnet client supplied in FreeBSD can lead to stack-based buffer overflows. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client. Inbound telnet sessions to telnetd(8) are not affected by this issue. These buffer overflows may be triggered when connecting to a malicious server, or by an active attacker in the network path between the client and server. Specially crafted TELNET command sequences may cause the execution of arbitrary code with the privileges of the user invoking telnet(1). Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-19:14.freebsd32 By packetstormsecurity.com Published On :: Thu, 25 Jul 2019 11:11:11 GMT FreeBSD Security Advisory - Due to insufficient initialization of memory copied to userland in the components listed above small amounts of kernel memory may be disclosed to userland processes. A user who can invoke 32-bit FreeBSD ioctls may be able to read the contents of small portions of kernel memory. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way; for example, a terminal buffer might include a user-entered password. Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-19:15.mqueuefs By packetstormsecurity.com Published On :: Thu, 25 Jul 2019 14:02:22 GMT FreeBSD Security Advisory - System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. A local user can use this flaw to obtain access to files, directories, sockets etc. opened by processes owned by other users. If obtained struct file represents a directory from outside of user's jail, it can be used to access files outside of the jail. If the user in question is a jailed root they can obtain root privileges on the host system. Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-19:16.bhyve By packetstormsecurity.com Published On :: Thu, 25 Jul 2019 15:01:22 GMT FreeBSD Security Advisory - The pci_xhci_device_doorbell() function does not validate the 'epid' and 'streamid' provided by the guest, leading to an out-of-bounds read. A misbehaving bhyve guest could crash the system or access memory that it should not be able to. Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-19:17.fd By packetstormsecurity.com Published On :: Thu, 25 Jul 2019 16:20:22 GMT FreeBSD Security Advisory - If a process attempts to transmit rights over a UNIX-domain socket and an error causes the attempt to fail, references acquired on the rights are not released and are leaked. This bug can be used to cause the reference counter to wrap around and free the corresponding file structure. A local user can exploit the bug to gain root privileges or escape from a jail. Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-19:18.bzip2 By packetstormsecurity.com Published On :: Tue, 06 Aug 2019 21:16:44 GMT FreeBSD Security Advisory - The decompressor used in bzip2 contains a bug which can lead to an out-of-bounds write when processing a specially crafted bzip2(1) file. bzip2recover contains a heap use-after-free bug which can be triggered when processing a specially crafted bzip2(1) file. An attacker who can cause maliciously crafted input to be processed may trigger either of these bugs. The bzip2recover bug may cause a crash, permitting a denial-of-service. The bzip2 decompressor bug could potentially be exploited to execute arbitrary code. Note that some utilities, including the tar(1) archiver and the bspatch(1) binary patching utility (used in portsnap(8) and freebsd-update(8)) decompress bzip2(1)-compressed data internally; system administrators should assume that their systems will at some point decompress bzip2(1)-compressed data even if they never explicitly invoke the bunzip2(1) utility. Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-19:19.mldv2 By packetstormsecurity.com Published On :: Tue, 06 Aug 2019 21:17:10 GMT FreeBSD Security Advisory - The ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic. Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-19:20.bsnmp By packetstormsecurity.com Published On :: Tue, 06 Aug 2019 21:17:59 GMT FreeBSD Security Advisory - A function extracting the length from type-length-value encoding is not properly validating the submitted length. A remote user could cause, for example, an out-of-bounds read, decoding of unrelated data, or trigger a crash of the software such as bsnmpd resulting in a denial of service. Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-19:21.bhyve By packetstormsecurity.com Published On :: Tue, 06 Aug 2019 21:18:57 GMT FreeBSD Security Advisory - The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload ("TSO"). The e1000 device model uses an on-stack buffer to generate the modified packet header when simulating these modifications on transmitted packets. When TCP segmentation offload is requested for a transmitted packet, the e1000 device model used a guest-provided value to determine the size of the on-stack buffer without validation. The subsequent header generation could overflow an incorrectly sized buffer or indirect a pointer composed of stack garbage. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host. Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-19:22.mbuf By packetstormsecurity.com Published On :: Wed, 21 Aug 2019 19:34:21 GMT FreeBSD Security Advisory - Due do a missing check in the code of m_pulldown(9) data returned may not be contiguous as requested by the caller. Extra checks in the IPv6 code catch the error condition and trigger a kernel panic leading to a remote DoS (denial-of-service) attack with certain Ethernet interfaces. At this point it is unknown if any other than the IPv6 code paths can trigger a similar condition. Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-19:23.midi By packetstormsecurity.com Published On :: Wed, 21 Aug 2019 19:35:17 GMT FreeBSD Security Advisory - The kernel driver for /dev/midistat implements a handler for read(2). This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat's data buffer. The races allow a program to read kernel memory within a 4GB window centered at midistat's data buffer. The buffer is allocated each time the device is opened, so an attacker is not limited to a static 4GB region of memory. On 32-bit platforms, an attempt to trigger the race may cause a page fault in kernel mode, leading to a panic. Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-19:24.mqueuefs By packetstormsecurity.com Published On :: Wed, 21 Aug 2019 19:35:29 GMT FreeBSD Security Advisory - System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. A local user can use this flaw to obtain access to files, directories, sockets, etc., opened by processes owned by other users. If obtained struct file represents a directory from outside of user's jail, it can be used to access files outside of the jail. If the user in question is a jailed root they can obtain root privileges on the host system. Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-19:23.midi By packetstormsecurity.com Published On :: Thu, 22 Aug 2019 20:20:23 GMT FreeBSD Security Advisory - The kernel driver for /dev/midistat implements a handler for read(2). This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat's data buffer. The races allow a program to read kernel memory within a 4GB window centered at midistat's data buffer. The buffer is allocated each time the device is opened, so an attacker is not limited to a static 4GB region of memory. On 32-bit platforms, an attempt to trigger the race may cause a page fault in kernel mode, leading to a panic. Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-19:26.mcu By packetstormsecurity.com Published On :: Tue, 12 Nov 2019 21:46:17 GMT FreeBSD Security Advisory - From time to time Intel releases new CPU microcode to address functional issues and security vulnerabilities. Such a release is also known as a Micro Code Update (MCU), and is a component of a broader Intel Platform Update (IPU). FreeBSD distributes CPU microcode via the devcpu-data port and package. Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-19:25.mcepsc By packetstormsecurity.com Published On :: Tue, 12 Nov 2019 21:48:47 GMT FreeBSD Security Advisory - Intel discovered a previously published erratum on some Intel platforms can be exploited by malicious software to potentially cause a denial of service by triggering a machine check that will crash or hang the system. Malicious guest operating systems may be able to crash the host. Full Article
freebsd FreeBSD mqueuefs Privilege Escalation By packetstormsecurity.com Published On :: Mon, 30 Dec 2019 18:31:45 GMT Local root exploit for the FreeBSD mqueuefs vulnerability as disclosed in FreeBSD-SA-19:15.mqueuefs. Full Article
freebsd FreeBSD fd Privilege Escalation By packetstormsecurity.com Published On :: Mon, 30 Dec 2019 18:35:36 GMT Local root exploit for the FreeBSD fd vulnerability as disclosed in FreeBSD-SA-19:02.fd. Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-20:01.libfetch By packetstormsecurity.com Published On :: Tue, 28 Jan 2020 20:01:11 GMT FreeBSD Security Advisory - A programming error allows an attacker who can specify a URL with a username and/or password components to overflow libfetch(3) buffers. An attacker in control of the URL to be fetched (possibly via HTTP redirect) may cause a heap buffer overflow, resulting in program misbehavior or malicious code execution. Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-20:02.ipsec By packetstormsecurity.com Published On :: Tue, 28 Jan 2020 20:44:44 GMT FreeBSD Security Advisory - A missing check means that an attacker can reinject an old packet and it will be accepted and processed by the IPsec endpoint. The impact depends on the higher-level protocols in use over IPsec. For example, an attacker who can capture and inject packets could cause an action that was intentionally performed once to be repeated. Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-20:03.thrmisc By packetstormsecurity.com Published On :: Tue, 28 Jan 2020 22:22:22 GMT FreeBSD Security Advisory - The kernel can create a core dump file when a process crashes that contains process state, for debugging. Due to incorrect initialization of a stack data structure, up to 20 bytes of kernel data stored previously stored on the stack will be exposed to a crashing user process. Sensitive kernel data may be disclosed. Full Article
freebsd FreeBSD Security Advisory - FreeBSD-SA-19:13.pts By packetstormsecurity.com Published On :: Thu, 25 Jul 2019 10:11:11 GMT FreeBSD Security Advisory - The code which handles a close(2) of a descriptor created by posix_openpt(2) fails to undo the configuration which causes SIGIO to be raised. This bug can lead to a write-after-free of kernel memory. The bug permits malicious code to trigger a write-after-free, which may be used to gain root privileges or escape a jail. Full Article
freebsd FreeBSD RTLD Patch By packetstormsecurity.com Published On :: Tue, 01 Dec 2009 20:47:35 GMT This is a quick patch released by FreeBSD to help mitigate the Run-Time Link-Editor (rtld) local root vulnerability discovered in FreeBSD versions 7.x and 8.x. Full Article
freebsd FreeBSD 4.3-RELEASE Released By packetstormsecurity.com Published On :: Tue, 24 Apr 2001 04:36:51 GMT Full Article bsd
freebsd FreeBSD 4.4 Released By packetstormsecurity.com Published On :: Thu, 20 Sep 2001 13:52:56 GMT Full Article bsd
freebsd FreeBSD 4.5 Released By packetstormsecurity.com Published On :: Wed, 30 Jan 2002 21:42:28 GMT Full Article bsd
freebsd FreeBSD 4.6 Released By packetstormsecurity.com Published On :: Mon, 17 Jun 2002 07:20:30 GMT Full Article bsd
freebsd Random Number Bug Blights FreeBSD By packetstormsecurity.com Published On :: Fri, 30 Nov 2007 21:21:25 GMT Full Article bsd
freebsd FreeBSD Bug Grants Local Root Access By packetstormsecurity.com Published On :: Mon, 14 Sep 2009 02:07:55 GMT Full Article bsd
freebsd FreeBSD Bug Gives Untrusted Root Access By packetstormsecurity.com Published On :: Tue, 01 Dec 2009 21:02:11 GMT Full Article bsd
freebsd FreeBSD Project Reveals Servers Were Compromised By packetstormsecurity.com Published On :: Mon, 19 Nov 2012 16:04:03 GMT Full Article headline hacker data loss bsd backdoor
freebsd FreeBSD Abandoning Hardware Randomness By packetstormsecurity.com Published On :: Tue, 10 Dec 2013 05:20:06 GMT Full Article headline flaw bsd nsa cryptography
freebsd Spam-Blasting Malware Infects Thousands Of Linux / FreeBSD Servers By packetstormsecurity.com Published On :: Fri, 01 May 2015 14:20:17 GMT Full Article headline malware linux spam bsd
freebsd Critical FreeBSD Bug Squashed By packetstormsecurity.com Published On :: Fri, 18 Mar 2016 15:38:27 GMT Full Article headline flaw bsd
freebsd Hackers Break Into FreeBSD With Stolen SSH Key By packetstormsecurity.com Published On :: Tue, 20 Nov 2012 16:13:58 GMT Full Article headline hacker bsd ssh backdoor