FreeBSD Security Advisory FreeBSD-SA-22:10.aio

submited 10 November 2022

FreeBSD's aio(4) subsystem implements asynchronous I/O. II. Problem Description The aioaqueue function, used by the liolistio system call, fails to release a reference to a credential in an error case. An attacker may cause the reference count to overflow, leading to a use after free (UAF).

The BSD community linklog
Made a script? Written a blog post? Found a useful tutorial? Share it with the BSD community here or just enjoy what everyone else has found!

Submit

02 December 2022
Help the OpenBSD Foundation Reach Its 2022 Funding Goal  

The OpenBSD Foundation, which is central to funding the OpenBSD project, needs your help to reach its 2022 Fundraising Goal of $300,000.

Authentication gateway with SSH on OpenBSD  

A neat feature in OpenBSD is the program authpf, an authenticating gateway using SSH. Basically, it allows to dynamically configure the local firewall PF by connecting/disconnecting into a user account over SSH, either to toggle an IP into a table or rules through a PF anchor.

01 December 2022
FreeBSD Security Advisory FreeBSD-SA-22:14.heimdal [REVISED]  

Multiple security vulnerabilities have been discovered in the Heimdal implementation of the Kerberos 5 network authentication protocols and KDC. - - CVE-2022-42898 PAC parse integer overflows - - CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour - - CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors - - CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec - - CVE-2019-14870 Validate client attributes in protocol-transition - - CVE-2019-14870 Apply forwardable policy in protocol-transition - - CVE-2019-14870 Always lookup impersonate client in DB

FreeBSD Errata Notice FreeBSD-EN-22:28.heimdal  

The patch released with FreeBSD-SA-22:14.heimdal included an inadvertently merged block of code which prevents the KDC from issuing valid tickets.

FreeBSD Security Advisory FreeBSD-SA-22:15.ping  

ping reads raw IP packets from the network to process responses in the prpack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. The quoted packet again has an IP header and an ICMP header. The prpack() copies received IP and ICMP headers into stack buffers for further processing. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet. When IP options are present, pr_pack() overflows the destination buffer by up to 40 bytes.

Running OpenZFS – Choosing Between FreeBSD and Linux  

Age-old discussion: ZFS running on Linux or FreeBSD? We're not going to set out to tell you which operating system you should use. Both choices are excellent — but we’ll lay out how different (or alike) it is to run OpenZFS on either to help anyone on the fence decide which OS to use beneath our favorite filesystem.

Enjoying DiscoverBSD? There is more...

Subscribe to BSD Weekly, our free, once–weekly e-mail round-up of BSD news and articles. It is currated from your content on DiscoverBSD and BSDSec (a deadsimple BSD Security Advisories and Announcements).

You can also support the work on Patreon.
load more