aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authornectar <nectar@FreeBSD.org>2004-09-01 04:52:16 +0800
committernectar <nectar@FreeBSD.org>2004-09-01 04:52:16 +0800
commit4f886f72d33b539749f7b36ca8e75ed0359c9915 (patch)
treee65de93be8d19f7d1321fdf93e4a89f745924ac4 /security
parenta1cd9c1f1274ed5127322d8c95306aaecdca4151 (diff)
downloadfreebsd-ports-gnome-4f886f72d33b539749f7b36ca8e75ed0359c9915.tar.gz
freebsd-ports-gnome-4f886f72d33b539749f7b36ca8e75ed0359c9915.tar.zst
freebsd-ports-gnome-4f886f72d33b539749f7b36ca8e75ed0359c9915.zip
Note recent MIT Kerberos 5 vulnerabilities.
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml74
1 files changed, 74 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 91f2c57e96fb..dc13b6affe24 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -32,6 +32,80 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="86a98b57-fb8e-11d8-9343-000a95bc6fae">
+ <topic>krb5 -- double-free vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>krb5</name>
+ <range><le>1.3.4</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>An advisory published by the MIT Kerberos team says:</p>
+ <blockquote cite="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-002-dblfree.txt">
+ <p>The MIT Kerberos 5 implementation's Key Distribution Center
+ (KDC) program contains a double-free vulnerability that
+ potentially allows a remote attacker to execute arbitrary code.
+ Compromise of a KDC host compromises the security of the entire
+ authentication realm served by the KDC. Additionally, double-free
+ vulnerabilities exist in MIT Kerberos 5 library code, making
+ client programs and application servers vulnerable.</p>
+ </blockquote>
+ <p>Double-free vulnerabilities of this type are not believed to be
+ exploitable for code execution on FreeBSD systems. However,
+ the potential for other ill effects may exist.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CAN-2004-0642</cvename>
+ <cvename>CAN-2004-0643</cvename>
+ <cvename>CAN-2004-0772</cvename>
+ <certvu>795632</certvu>
+ <certvu>866472</certvu>
+ <certvu>350792</certvu>
+ <url>http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-002-dblfree.txt</url>
+ </references>
+ <dates>
+ <discovery>2004-08-31</discovery>
+ <entry>2004-08-31</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="bd60922b-fb8d-11d8-a13e-000a95bc6fae">
+ <topic>krb5 -- ASN.1 decoder denial-of-service vulnerability</topic>
+ <affects>
+ <package>
+ <name>krb5</name>
+ <range><ge>1.2.2</ge><le>1.3.4</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>An advisory published by the MIT Kerberos team says:</p>
+ <blockquote cite="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-003-asn1.txt">
+ <p>The ASN.1 decoder library in the MIT Kerberos 5 distribution
+ is vulnerable to a denial-of-service attack causing an infinite
+ loop in the decoder. The KDC is vulnerable to this attack.</p>
+ <p>An unauthenticated remote attacker can cause a KDC or application
+ server to hang inside an infinite loop.</p>
+ <p>An attacker impersonating a legitimate KDC or application
+ server may cause a client program to hang inside an infinite
+ loop.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CAN-2004-0644</cvename>
+ <certvu>550464</certvu>
+ <url>http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-003-asn1.txt</url>
+ </references>
+ <dates>
+ <discovery>2004-08-31</discovery>
+ <entry>2004-08-31</entry>
+ </dates>
+ </vuln>
+
<vuln vid="ba005226-fb5b-11d8-9837-000c41e2cdad">
<topic>imlib2 -- BMP decoder buffer overflow</topic>
<affects>