diff options
author | nectar <nectar@FreeBSD.org> | 2004-08-27 06:10:50 +0800 |
---|---|---|
committer | nectar <nectar@FreeBSD.org> | 2004-08-27 06:10:50 +0800 |
commit | 8328a8d218738b8a0fafdc1d96e0140181de32c9 (patch) | |
tree | 671807387e22d7a9c4832283eb0bcc0020c7deb5 /security | |
parent | 6ac7723173e103911aea1b03fcdfb7c6772692dc (diff) | |
download | freebsd-ports-gnome-8328a8d218738b8a0fafdc1d96e0140181de32c9.tar.gz freebsd-ports-gnome-8328a8d218738b8a0fafdc1d96e0140181de32c9.tar.zst freebsd-ports-gnome-8328a8d218738b8a0fafdc1d96e0140181de32c9.zip |
Note sanitize_path bug in rsync (already referenced in portaudit.txt).
Diffstat (limited to 'security')
-rw-r--r-- | security/portaudit-db/database/portaudit.txt | 1 | ||||
-rw-r--r-- | security/vuxml/vuln.xml | 32 |
2 files changed, 32 insertions, 1 deletions
diff --git a/security/portaudit-db/database/portaudit.txt b/security/portaudit-db/database/portaudit.txt index 4d7f3d8520c0..e22cf32f1fff 100644 --- a/security/portaudit-db/database/portaudit.txt +++ b/security/portaudit-db/database/portaudit.txt @@ -60,7 +60,6 @@ ripmime<1.3.2.3|http://www.osvdb.org/8287 http://secunia.com/advisories/12201 ht {linux-,}opera<7.54|http://www.opera.com/freebsd/changelogs/754/ http://www.greymagic.com/security/advisories/gm008-op/ http://secunia.com/advisories/12233 http://www.osvdb.org/8331|Opera "location" object write access vulnerability|0deed2ce-e6f5-11d8-9a79-000347dd607f putty<0.55|http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html http://www.coresecurity.com/common/showdoc.php?idx=417&idxseccion=10 http://www.osvdb.org/8299 http://secunia.com/advisories/12212|modified server can execute commands on the client|4424f4db-e697-11d8-bf04-000c763e9a47 cfengine2<2.1.8|http://www.coresecurity.com/common/showdoc.php?idx=387&idxseccion=10 http://secunia.com/advisories/12251|cfengine authentication heap corruption|f2a1dc8b-ea66-11d8-9440-000347a4fa7d -rsync<2.6.2_2|http://lists.samba.org/archive/rsync-announce/2004/000017.html http://secunia.com/advisories/12294 |security hole in non-chroot rsync daemon|2689f4cb-ec4c-11d8-9440-000347a4fa7d sympa<4.1.2|http://secunia.com/advisories/12286 http://www.sympa.org/release.html http://xforce.iss.net/xforce/xfdb/16984 http://www.securityfocus.com/bid/10941|Sympa unauthorized list creation|4a160c54-ed46-11d8-81b0-000347a4fa7d phpgedview<2.65.5|http://sourceforge.net/forum/forum.php?forum_id=344342 http://secunia.com/advisories/10602 http://www.osvdb.org/3473 http://www.osvdb.org/3474 http://www.osvdb.org/3475 http://www.osvdb.org/3476 http://www.osvdb.org/3477 http://www.osvdb.org/3478 http://www.osvdb.org/3479 http://www.osvdb.org/3480 http://www.osvdb.org/3481 http://www.osvdb.org/3482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0067 http://www.securityfocus.com/archive/1/349698|phpGedView: muliple vulnerabilities|c35d4cae-eed0-11d8-81b0-000347a4fa7d {ja-,}phpgroupware<0.9.14.007|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0016 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0017 http://www.securityfocus.com/bid/9386 http://www.securityfocus.com/bid/9387 http://xforce.iss.net/xforce/xfdb/13489 http://xforce.iss.net/xforce/xfdb/14846 http://www.osvdb.org/2691 http://www.osvdb.org/6857 http://secunia.com/advisories/10046|phpGroupWare calendar and infolog SQL injection, calendar server side script execution|96fc0f03-ef13-11d8-81b0-000347a4fa7d diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 291dfa6678d1..db76fedbe535 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,38 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="2689f4cb-ec4c-11d8-9440-000347a4fa7d"> + <topic>rsync -- path sanitizing vulnerability</topic> + <affects> + <package> + <name>rsync</name> + <range><lt>2.6.2_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>An rsync security advisory reports:</p> + <blockquote cite="http://samba.org/rsync/#security_aug04"> + <p>There is a path-sanitizing bug that affects daemon mode in + all recent rsync versions (including 2.6.2) but only if + chroot is disabled.</p> + </blockquote> + <p>The bug may allow a remote user to access files outside + of an rsync module's configured path with the privileges + configured for that module.</p> + </body> + </description> + <references> + <cvename>CAN-2004-0792</cvename> + <url>http://samba.org/rsync/#security_aug04</url> + <mlist>http://lists.samba.org/archive/rsync-announce/2004/000017.html</mlist> + </references> + <dates> + <discovery>2004-08-12</discovery> + <entry>2004-08-26</entry> + </dates> + </vuln> + <vuln vid="7884d56f-f7a1-11d8-9837-000c41e2cdad"> <topic>gnomevfs --- unsafe URI handling</topic> <affects> |