diff options
| author | nectar <nectar@FreeBSD.org> | 2004-02-13 03:20:51 +0800 |
|---|---|---|
| committer | nectar <nectar@FreeBSD.org> | 2004-02-13 03:20:51 +0800 |
| commit | 8f32e696dd929c0025b79503a7b0e6a9ae55e6a2 (patch) | |
| tree | d8b6e7b86386524d39a5d429395ae39a15a5eb58 /security/vuxml | |
| parent | 5dc471ce899b4740bca8718084d6456f92ef9d17 (diff) | |
| download | freebsd-ports-gnome-8f32e696dd929c0025b79503a7b0e6a9ae55e6a2.tar.gz freebsd-ports-gnome-8f32e696dd929c0025b79503a7b0e6a9ae55e6a2.tar.zst freebsd-ports-gnome-8f32e696dd929c0025b79503a7b0e6a9ae55e6a2.zip | |
Update with information garnered from FORBIDDEN tags used in ports
in the accessibility, arabic, archives, astro, audio, benchmarks,
biology, cad, and chinese categories.
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 238 |
1 files changed, 238 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index ad11eb675625..f45843e12ce1 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,244 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. "http://www.vuxml.org/dtd/vuxml-1/vuxml-10.dtd"> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="0e154a9c-5d7a-11d8-80e3-0020ed76ef5a"> + <topic>seti@home remotely exploitable buffer overflow</topic> + <affects> + <package> + <name>setiathome</name> + <range><lt>3.0.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The seti@home client contains a buffer overflow in the HTTP + response handler. A malicious, spoofed seti@home server can + exploit this buffer overflow to cause remote code execution + on the client. Exploit programs are widely available.</p> + </body> + </description> + <references> + <url>http://setiathome.berkeley.edu/version308.html</url> + <url>http://web.archive.org/web/20030609204812/http://spoor12.edup.tudelft.nl/</url> + </references> + <dates> + <discovery>2003/04/08</discovery> + <entry>2004/02/12</entry> + </dates> + </vuln> + + <vuln vid="5e92e8a2-5d7b-11d8-80e3-0020ed76ef5a"> + <topic>icecast 1.x multiple vulnerabilities</topic> + <affects> + <package> + <name>icecast</name> + <range><lt>1.3.12</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>icecast 1.3.11 and earlier contained numerous security + vulnerabilities, the most severe allowing a remote attacker + to execute arbitrary code as root.</p> + </body> + </description> + <references> + <cvename>CAN-2002-0177</cvename> + <cvename>CAN-2001-1230</cvename> + <cvename>CAN-2001-1229</cvename> + <cvename>CAN-2001-1083</cvename> + <cvename>CAN-2001-0784</cvename> + <bid>4415</bid> + <bid>2933</bid> + </references> + <dates> + <discovery>2002/04/28</discovery> + <entry>2004/02/12</entry> + </dates> + </vuln> + + <vuln vid="83119e27-5d7c-11d8-80e3-0020ed76ef5a"> + <topic>nap allows arbitrary file access</topic> + <affects> + <package> + <name>nap</name> + <range><lt>1.4.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>According to the author:</p> + <blockquote> + <p>Fixed security loophole which allowed remote + clients to access arbitrary files on our + system.</p> + </blockquote> + </body> + </description> + <references> + <url>http://quasar.mathstat.uottawa.ca/~selinger/nap/NEWS</url> + </references> + <dates> + <discovery>2001/04/12</discovery> + <entry>2004/02/12</entry> + </dates> + </vuln> + + <vuln vid="a736deab-5d7d-11d8-80e3-0020ed76ef5a"> + <topic>CCE contains exploitable buffer overflows</topic> + <affects> + <package> + <name>zh-cce</name> + <range><lt>0.40</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Chinese Console Environment contains exploitable buffer + overflows.</p> + </body> + </description> + <references> + <url>http://programmer.lib.sjtu.edu.cn/cce/cce.html</url> + </references> + <dates> + <discovery>2000/06/22</discovery> + <entry>2004/02/12</entry> + </dates> + </vuln> + + <vuln vid="49ad1bf8-5d7e-11d8-80e3-0020ed76ef5a"> + <topic>ChiTeX/ChiLaTeX unsafe set-user-id root</topic> + <affects> + <package> + <name>zh-chitex</name> + <range><gt>0</gt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Niels Heinen reports that ChiTeX installs set-user-id root + executables that invoked system(3) without setting up the + environment, trivially allowing local root compromise.</p> + </body> + </description> + <references> + <url>http://cvsweb.freebsd.org/ports/chinese/chitex/Attic/Makefile?rev=1.5&content-type=text/x-cvsweb-markup</url> + </references> + <dates> + <discovery>2003/04/25</discovery> + <entry>2004/02/12</entry> + </dates> + </vuln> + + <vuln vid="5789a92e-5d7f-11d8-80e3-0020ed76ef5a"> + <topic>pine remotely exploitable buffer overflow in newmail.c</topic> + <affects> + <package> + <name>zh-pine</name> + <name>iw-pine</name> + <name>pine</name> + <name>pine4-ssl</name> + <range><le>4.21</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Kris Kennaway reports a remotely exploitable buffer overflow + in newmail.c. Mike Silbersack submitted the fix.</p> + </body> + </description> + <references> + <url>http://www.freebsd.org/cgi/cvsweb.cgi/ports/mail/pine4/Makefile?rev=1.43&content-type=text/x-cvsweb-markup</url> + </references> + <dates> + <discovery>2000/09/29</discovery> + <entry>2004/02/12</entry> + </dates> + </vuln> + + <vuln vid="34134fd4-5d81-11d8-80e3-0020ed76ef5a"> + <topic>pine insecure URL handling</topic> + <affects> + <package> + <name>pine</name> + <name>zh-pine</name> + <name>iw-pine</name> + <range><lt>4.44</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>An attacker may send an email message containing a specially + constructed URL that will execute arbitrary commands when + viewed.</p> + </body> + </description> + <references> + <freebsdsa>SA-02:05</freebsdsa> + </references> + <dates> + <discovery>2002/01/04</discovery> + <entry>2004/02/12</entry> + </dates> + </vuln> + + <vuln vid="5abfee2d-5d82-11d8-80e3-0020ed76ef5a"> + <topic>pine remote denial-of-service attack</topic> + <affects> + <package> + <name>pine</name> + <name>zh-pine</name> + <name>iw-pine</name> + <range><lt>4.50</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>An attacker may send a specially-formatted email message + that will cause pine to crash.</p> + </body> + </description> + <references> + <url>http://marc.theaimsgroup.com/?l=bugtraq&m=103668430620531&w=2</url> + <cvename>CAN-2002-1320</cvename> + </references> + <dates> + <discovery>2002/10/23</discovery> + <entry>2004/02/12</entry> + </dates> + </vuln> + + <vuln vid="39bd57e6-5d83-11d8-80e3-0020ed76ef5a"> + <topic>pine remotely exploitable vulnerabilities</topic> + <affects> + <package> + <name>pine</name> + <name>zh-pine</name> + <name>iw-pine</name> + <range><lt>4.58</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Pine versions prior to 4.58 are affected by two + vulnerabilities discovered by iDEFENSE, a buffer overflow + in mailview.c and an integer overflow in strings.c. Both + vulnerabilities can result in arbitrary code execution + when processing a malicious message.</p> + </body> + </description> + <references> + <cvename>CAN-2003-0720</cvename> + <cvename>CAN-2003-0721</cvename> + <url>http://www.idefense.com/application/poi/display?id=5</url> + </references> + <dates> + <discovery>2003/09/10</discovery> + <entry>2004/02/12</entry> + </dates> + </vuln> + <vuln vid="5729b8ed-5d75-11d8-80e3-0020ed76ef5a"> <topic>rsync buffer overflow in server mode</topic> <affects> |