diff options
| author | Niels Heinen <niels@FreeBSD.org> | 2005-01-10 22:20:50 +0000 |
|---|---|---|
| committer | Niels Heinen <niels@FreeBSD.org> | 2005-01-10 22:20:50 +0000 |
| commit | 7f3b90f3b276cdcbf8d4f275f13750b45e0661bf (patch) | |
| tree | 3e3cbbec9af5e6a33f420a160fe60bb974fad048 | |
| parent | d1ef7555af5f0d5ce48f1a606ffba6ff17442088 (diff) | |
| download | ports-7f3b90f3b276cdcbf8d4f275f13750b45e0661bf.tar.gz ports-7f3b90f3b276cdcbf8d4f275f13750b45e0661bf.zip | |
Notes
| -rw-r--r-- | security/vuxml/vuln.xml | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 63ea6a7a215f..d3ad62f5611d 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,68 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="0cf3480d-5fdf-11d9-b721-00065be4b5b6"> + <topic>helvis -- arbitrary file deletion problem</topic> + <affects> + <package> + <name>ko-helvis</name> + <range><le>1.8h2_1</le></range> + </package> + <package> + <name>helvis</name> + <range><le>1.8h2_1</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The setuid root elvprsv utility, used to preserve + recovery helvis files, can be abused by local users to delete + with root privileges.</p> + <p>The problem is that elvprsv deletes files when it thinks they + have become corrupt. When elvprsv is pointed to a normal file then + it will almost always think the file is corrupt and deletes it. + This behavior may be exploited by local attackers to delete critical + files.</p> + </body> + </description> + <references> + <url>http://people.freebsd.org/~niels/ports/korean/helvis/issues.txt</url> + </references> + <dates> + <discovery>2004-11-24</discovery> + <entry>2005-01-10</entry> + </dates> + </vuln> + <vuln vid="bb99f803-5fde-11d9-b721-00065be4b5b6"> + <topic>helvis -- information leak vulnerabilities</topic> + <affects> + <package> + <name>ko-helvis</name> + <range><le>1.8h2_1</le></range> + </package> + <package> + <name>helvis</name> + <range><le>1.8h2_1</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Once a recovery file has been preserved by the setuid root elvprsv + utility it is placed in a worldreadable directory with worldreadable + permissions. This possibly allows sensitive information to leak.</p> + <p>In addition to this information leak, it is possible for users + to recover files that belong to other users by using elvrec, another + setuid root binary.</p> + </body> + </description> + <references> + <url>http://people.freebsd.org/~niels/ports/korean/helvis/issues.txt</url> + </references> + <dates> + <discovery>2004-11-24</discovery> + <entry>2005-01-10</entry> + </dates> + </vuln> <vuln vid="28ab7ddf-61ab-11d9-a9e7-0001020eed82"> <topic>dillo -- format string vulnerability</topic> <affects> |