Menu

Search for hundreds of thousands of exploits

"FreeBSD 4.3/4.4 - Login Capabilities Privileged File Reading"

Author

Exploit author

"Przemyslaw Frasunek"

Platform

Exploit platform

freebsd

Release date

Exploit published date

2001-09-17

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
source: https://www.securityfocus.com/bid/3344/info

FreeBSD is a freely available, open source implementation of the BSD UNIX Operating System. It is developed and maintained by the FreeBSD Project.

It is possible for a user with access to a system via SSH to gain access to privileged information. This problem is caused by a mixture of problems with login capabilities, the FreeBSD OpenSSH port not dropping privileges during part of the login process, and login not dropping privileges at the correct time. A user could make a malicious entry in the .login.conf file in their home directoy, and read files such as the master.passwd file and gain access to encrypted passwords on the system.

This issue does not appear to affect other BSD distributions. 

In a .login.conf entry contained in a home directory, make the following entry if accessing the system via OpenSSH:

default: :copyright=/etc/master.passwd:

or

:welcome=/etc/master.passwd:

Otherwise, if accessing the system via login, make the following entry in a .login.conf:

default: :nologin=/etc/master.passwd:
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-04-06 "pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting" webapps freebsd "Matthew Aberegg"
2020-02-11 "OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Escalation + Remote Code Execution" remote freebsd "Marco Ivaldi"
2019-12-30 "FreeBSD-SA-19:15.mqueuefs - Privilege Escalation" local freebsd "Karsten König"
2019-12-30 "FreeBSD-SA-19:02.fd - Privilege Escalation" local freebsd "Karsten König"
2019-07-10 "FreeBSD 12.0 - 'fd' Local Privilege Escalation" local freebsd gr4yf0x
2016-01-25 "FreeBSD SCTP ICMPv6 - Error Processing" dos freebsd ptsecurity
2015-01-29 "FreeBSD - Multiple Vulnerabilities" dos freebsd "Core Security"
2013-10-04 "FreeBSD 9.0 - Intel SYSRET Kernel Privilege Escalation" local freebsd CurcolHekerLink
2013-06-26 "FreeBSD 9 - Address Space Manipulation Privilege Escalation (Metasploit)" local freebsd Metasploit
2013-06-21 "FreeBSD 9.0 < 9.1 - 'mmap/ptrace' Local Privilege Escalation" local freebsd Hunger
Release Date Title Type Platform Author
2009-10-08 "FreeBSD 7.2 - VFS/devfs Race Condition" local freebsd "Przemyslaw Frasunek"
2009-10-08 "FreeBSD 6.4 - 'pipeclose()'/'knlist_cleardel()' Race Condition" local freebsd "Przemyslaw Frasunek"
2009-08-24 "FreeBSD 6.1 - 'kqueue()' Null Pointer Dereference Privilege Escalation" local freebsd "Przemyslaw Frasunek"
2009-08-14 "Linux Kernel 2.x - 'sock_sendpage()' Local Privilege Escalation (4)" local linux "Przemyslaw Frasunek"
2005-06-28 "Solaris 9/10 - 'ld.so' Local Privilege Escalation (2)" local solaris "Przemyslaw Frasunek"
2005-06-28 "Solaris 9/10 - 'ld.so' Local Privilege Escalation (1)" local solaris "Przemyslaw Frasunek"
2005-06-24 "Sun Solaris 10 Traceroute - Multiple Local Buffer Overflow Vulnerabilities" local solaris "Przemyslaw Frasunek"
2003-12-20 "Tcpdump 3.x - L2TP Parser Remote Denial of Service" dos linux "Przemyslaw Frasunek"
2002-04-11 "OpenBSD 2.9/3.0 - Default Crontab Root Command Injection" local openbsd "Przemyslaw Frasunek"
2001-12-18 "ZYXEL Prestige 681 SDSL Router - IP Fragment Reassembly" remote hardware "Przemyslaw Frasunek"
2001-09-17 "FreeBSD 4.3/4.4 - Login Capabilities Privileged File Reading" local freebsd "Przemyslaw Frasunek"
2001-04-21 "Mercury/NLM 1.4 - Buffer Overflow" dos multiple "Przemyslaw Frasunek"
1999-08-31 "Martin Stover Mars NWE 0.99 - Local Buffer Overflow" local linux "Przemyslaw Frasunek" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected