diff options
| author | brd <brd@FreeBSD.org> | 2014-09-11 22:09:43 +0800 |
|---|---|---|
| committer | brd <brd@FreeBSD.org> | 2014-09-11 22:09:43 +0800 |
| commit | faef895646f9e4a5e752a43a9e1a1360c21f8682 (patch) | |
| tree | f942b1d10e423e5bb5112327ba7607c74172e914 | |
| parent | 049ac53bd62ba17f8f27898bcb4c16f53dc950dc (diff) | |
| download | freebsd-ports-gnome-faef895646f9e4a5e752a43a9e1a1360c21f8682.tar.gz freebsd-ports-gnome-faef895646f9e4a5e752a43a9e1a1360c21f8682.tar.zst freebsd-ports-gnome-faef895646f9e4a5e752a43a9e1a1360c21f8682.zip | |
Document CVE-2014-5284 affecting security/ossec-hids-* < 2.8.1.
Reviewed by: zi@
| -rw-r--r-- | security/vuxml/vuln.xml | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index a73e5546a25e..1c0c70da3db2 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -57,6 +57,38 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="36858e78-3963-11e4-ad84-000c29f6ae42"> + <topic>security/ossec-hids-* -- root escalation via temp files</topic> + <affects> + <package> + <name>ossec-hids-server</name> + <name>ossec-hids-client</name> + <name>ossec-hids-local</name> + <range><lt>2.8.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>OSSEC reports:</p> + <blockquote cite="http://www.ossec.net/?p=1135"> + <p>This correction will create the temp file for the hosts deny file + in /var/ossec and will use mktemp where available to create + NON-predictable temp file name. In cases where mktemp is not + available we have written a BAD version of mktemp, but should be a + little better then just process id.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2014-5284</cvename> + <url>http://www.ossec.net/?p=1135</url> + </references> + <dates> + <discovery>2014-09-09</discovery> + <entry>2014-09-11</entry> + </dates> + </vuln> + <vuln vid="36a415c8-3867-11e4-b522-00262d5ed8ee"> <topic>www/chromium -- multiple vulnerabilities</topic> <affects> |