From f6c704ac0d141b2153842d0636996f3d50cd17c6 Mon Sep 17 00:00:00 2001 From: wxs Date: Mon, 30 Jan 2012 03:03:39 +0000 Subject: Document missing FreeBSD Security Advisories: - SA-11:01.mountd - SA-11:04.compress - SA-11:09.pam_ssh - SA-11:10.pam Modify existing entries to document (add/adjust modified tag for all): - SA-11:06.bind - Add FreeBSD package and freebsdsa - SA-11:07.chroot - Add FreeBSD package - SA-11:08.telnetd - Add FreeBSD package, freebsdsa and a relevant URL --- security/vuxml/vuln.xml | 197 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 195 insertions(+), 2 deletions(-) (limited to 'security/vuxml') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index d514186870b2..681dde48db8f 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -47,6 +47,173 @@ Note: Please add new entries to the beginning of this file. --> + + FreeBSD -- pam_ssh() does not validate service names + + + FreeBSD + 7.37.3_9 + 7.47.4_5 + 8.18.1_7 + 8.28.2_5 + + + + +

+
Problem Description:
+
Some third-party applications, including KDE's kcheckpass command, + allow the user to specify the name of the policy on the command line. + Since OpenPAM treats the policy name as a path relative to /etc/pam.d + or /usr/local/etc/pam.d, users who are permitted to run such an + application can craft their own policies and cause the application + to load and execute their own modules.
+

+ + + + SA-11:10.pam + CVE-2011-4122 + + + 2011-12-23 + 2012-01-29 + + + + + FreeBSD -- pam_ssh improperly grants access when user account has unencrypted SSH private keys + + + FreeBSD + 7.37.3_9 + 7.47.4_5 + 8.18.1_7 + 8.28.2_5 + + + + +

+
Problem Description:
+
The OpenSSL library call used to decrypt private keys ignores the + passphrase argument if the key is not encrypted. Because the pam_ssh + module only checks whether the passphrase provided by the user is + null, users with unencrypted SSH private keys may successfully + authenticate themselves by providing a dummy passphrase.
+

+ + + + SA-11:09.pam_ssh + + + 2012-12-23 + 2012-01-29 + + + + + FreeBSD -- Buffer overflow in handling of UNIX socket addresses + + + FreeBSD + 7.37.3_8 + 7.47.4_4 + 8.18.1_6 + 8.28.2_4 + + + + +

+
Problem Description:
+
When a UNIX-domain socket is attached to a location using the + bind(2) system call, the length of the provided path is not + validated. Later, when this address was returned via other system + calls, it is copied into a fixed-length buffer.
+
Linux uses a larger socket address structure for UNIX-domain sockets + than FreeBSD, and the FreeBSD's linux emulation code did not translate + UNIX-domain socket addresses into the correct size of structure.
+

+ + + + SA-11:05.unix + + + 2011-09-28 + 2012-01-29 + + + + + FreeBSD -- Errors handling corrupt compress file in compress(1) and gzip(1) + + + FreeBSD + 7.37.3_7 + 7.47.4_3 + 8.18.1_5 + 8.28.2_3 + + + + +

+
Problem Description:
+
The code used to decompress a file created by compress(1) does not + do sufficient boundary checks on compressed code words, allowing + reference beyond the decompression table, which may result in a stack + overflow or an infinite loop when the decompressor encounters a + corrupted file.
+

+ + + + SA-11:04.compress + CVE-2011-2895 + + + 2011-09-28 + 2012-01-29 + + + + + FreeBSD -- Network ACL mishandling in mountd(8) + + + FreeBSD + 7.37.3_5 + 7.47.4_1 + 8.18.1_3 + 8.28.2_1 + + + + +

+
Problem Description:
+
While parsing the exports(5) table, a network mask in the form of + "-network=netname/prefixlength" results in an incorrect network mask + being computed if the prefix length is not a multiple of 8.
+
For example, specifying the ACL for an export as "-network + 192.0.2.0/23" would result in a netmask of 255.255.127.0 being used + instead of the correct netmask of 255.255.254.0.
+

+ + + + SA-11:01.mountd + CVE-2011-1739 + + + 2011-04-20 + 2012-01-29 + + + postfixadmin -- Multiple Vulnerabilities @@ -965,6 +1132,13 @@ Note: Please add new entries to the beginning of this file. krb5-appl -- telnetd code execution vulnerability + + FreeBSD + 7.37.3_9 + 7.47.4_5 + 8.18.1_7 + 8.28.2_5 + krb5-appl 1.0.2_1 @@ -981,18 +1155,28 @@ Note: Please add new entries to the beginning of this file. + SA-11:08.telnetd CVE-2011-4862 http://security.FreeBSD.org/advisories/FreeBSD-SA-11:08.telnetd.asc + http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-008.txt 2011-12-23 2011-12-26 + 2012-01-29 proftpd -- arbitrary code execution vulnerability with chroot + + FreeBSD + 7.37.3_9 + 7.47.4_5 + 8.18.1_6 + 8.28.2_5 + proftpd proftpd-mysql @@ -1021,6 +1205,7 @@ Note: Please add new entries to the beginning of this file. 2011-11-30 2011-12-23 + 2012-01-29 @@ -1497,7 +1682,14 @@ Note: Please add new entries to the beginning of this file. BIND -- Remote DOS - + + FreeBSD + 7.37.3_9 + 7.47.4_5 + 8.18.1_7 + 8.28.2_5 + + bind96 9.6.3.1.ESV.R5.1 @@ -1529,6 +1721,7 @@ Note: Please add new entries to the beginning of this file. + SA-11:06.bind CVE-2011-4313 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313 https://www.isc.org/software/bind/advisories/cve-2011-4313 @@ -1536,7 +1729,7 @@ Note: Please add new entries to the beginning of this file. 2011-11-16 2011-11-16 - 2011-11-18 + 2012-01-29 -- cgit