diff options
| author | Jacques Vidrine <nectar@FreeBSD.org> | 2004-02-12 14:23:48 +0000 |
|---|---|---|
| committer | Jacques Vidrine <nectar@FreeBSD.org> | 2004-02-12 14:23:48 +0000 |
| commit | b73c2468c353bc8fc01082f2e8eacdcfb7b14197 (patch) | |
| tree | 0155da473b7f2d35cf6b2e271b68525c7e2ec664 /security/vuxml/vuln.xml | |
| parent | 017e891a43b4010d1c3029a50c0d07681ecf93c4 (diff) | |
| download | ports-b73c2468c353bc8fc01082f2e8eacdcfb7b14197.tar.gz ports-b73c2468c353bc8fc01082f2e8eacdcfb7b14197.zip | |
Notes
Diffstat (limited to 'security/vuxml/vuln.xml')
| -rw-r--r-- | security/vuxml/vuln.xml | 481 |
1 files changed, 481 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml new file mode 100644 index 000000000000..67041da3e9ac --- /dev/null +++ b/security/vuxml/vuln.xml @@ -0,0 +1,481 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!-- +Copyright 2003, 2004 Jacques Vidrine and contributors + +Redistribution and use in source (VuXML) and 'compiled' forms (SGML, +HTML, PDF, PostScript, RTF and so forth) with or without modification, +are permitted provided that the following conditions are met: +1. Redistributions of source code (VuXML) must retain the above + copyright notice, this list of conditions and the following + disclaimer as the first lines of this file unmodified. +2. Redistributions in compiled form (transformed to other DTDs, + published online in any format, converted to PDF, PostScript, + RTF and other formats) must reproduce the above copyright + notice, this list of conditions and the following disclaimer + in the documentation and/or other materials provided with the + distribution. + +THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS +BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, +OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT +OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, +EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +--> +<!DOCTYPE vuxml PUBLIC "-//vuxml.org//DTD VuXML 1.0//EN" + "http://www.vuxml.org/dtd/vuxml-1/vuxml-10.dtd"> +<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + + <vuln vid="67c05283-5d62-11d8-80e3-0020ed76ef5a"> + <topic>Buffer overflow in Mutt 1.4</topic> + <affects> + <package> + <name>mutt</name> + <name>ja-mutt</name> + <range><ge>1.4</ge><lt>1.4.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mutt 1.4 contains a buffer overflow that could be exploited + with a specially formed message, causing Mutt to crash or + possibly execute arbitrary code.</p> + </body> + </description> + <references> + <cvename>CAN-2004-0078</cvename> + <url>http://www.mutt.org/news.html</url> + </references> + <dates> + <discovery>2004/02/11</discovery> + <entry>2004/02/12</entry> + </dates> + </vuln> + + <vuln vid="7557a2b1-5d63-11d8-80e3-0020ed76ef5a"> + <topic>Apache-SSL optional client certificate vulnerability</topic> + <affects> + <package> + <name>apache+ssl</name> + <range><lt>1.3.29.1.53</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>From the Apache-SSL security advisory:</p> + <blockquote> + If configured with SSLVerifyClient set to 1 or 3 (client + certificates optional) and SSLFakeBasicAuth, Apache-SSL + 1.3.28+1.52 and all earlier versions would permit a + client to use real basic authentication to forge a client + certificate. + + All the attacker needed is the "one-line DN" of a valid + user, as used by faked basic auth in Apache-SSL, and the + fixed password ("password" by default). + </blockquote> + </body> + </description> + <references> + <url>http://www.apache-ssl.org/advisory-20040206.txt</url> + </references> + <dates> + <discovery>2004/02/06</discovery> + <entry>2004/02/10</entry> + </dates> + </vuln> + + <vuln vid="96ba2dae-4ab0-11d8-96f2-0020ed76ef5a"> + <topic>L2TP, ISAKMP, and RADIUS parsing vulnerabilities in + tcpdump</topic> + <affects> + <package> + <name>tcpdump</name> + <range><lt>3.8.1_351</lt></range> + </package> + <system> + <name>FreeBSD</name> + <range><lt>5.2.1</lt></range> + </system> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Jonathan Heusser discovered vulnerabilities in tcpdump's + L2TP, ISAKMP, and RADIUS protocol handlers. These + vulnerabilities may be used by an attacker to crash a running + `tcpdump' process.</p> + </body> + </description> + <references> + <cvename>CAN-2003-0989</cvename> + <cvename>CAN-2003-1029</cvename> + <cvename>CAN-2004-0057</cvename> + <url>http://marc.theaimsgroup.com/?l=tcpdump-workers&m=107228187124962&w=2</url> + <url>http://marc.theaimsgroup.com/?l=tcpdump-workers&m=107325073018070&w=2</url> + </references> + <dates> + <discovery>2003-12-24</discovery> + <entry>2004-01-19</entry> + </dates> + </vuln> + + <vuln vid="20be2982-4aae-11d8-96f2-0020ed76ef5a"> + <topic>fsp buffer overflow and directory traversal vulnerabilities</topic> + <affects> + <package> + <name>fspd</name> + <range><gt>0</gt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The <a href="http://www.debian.org/security">Debian + security team</a> reported a pair of vulnerabilities in + fsp:</p> + <blockquote cite="http://www.debian.org/security/2004/dsa-416"> + <p>A vulnerability was discovered in fsp, client utilities + for File Service Protocol (FSP), whereby a remote user could + both escape from the FSP root directory (CAN-2003-1022), and + also overflow a fixed-length buffer to execute arbitrary + code (CAN-2004-0011).</p> + </blockquote> + </body> + </description> + <references> + <cvename>CAN-2003-1022</cvename> + <cvename>CAN-2004-0011</cvename> + <url>http://www.debian.org/security/2004/dsa-416</url> + </references> + <dates> + <discovery>2004-01-06</discovery> + <entry>2004-01-19</entry> + </dates> + </vuln> + + <vuln vid="fd376b8b-41e1-11d8-b096-0020ed76ef5a"> + <topic>Buffer overflow in INN control message handling</topic> + <affects> + <package> + <name>inn</name> + <range><lt>2.4.1</lt></range> + </package> + <package> + <name>inn-stable</name> + <range><lt>20031022_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A small, fixed-size stack buffer is used to construct a + filename based on a received control message. This could + result in a stack buffer overflow.</p> + </body> + </description> + <references> + <url>http://lists.litech.org/pipermail/inn-workers/2004q1/002763.html</url> + </references> + <dates> + <discovery>2004-01-07</discovery> + <entry>2004-01-08</entry> + </dates> + </vuln> + + <vuln vid="cf0fb426-3f96-11d8-b096-0020ed76ef5a"> + <topic>ProFTPD ASCII translation bug resulting in remote root + compromise</topic> + <affects> + <package> + <name>proftpd</name> + <range><lt>1.2.8_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A buffer overflow exists in the ProFTPD code that handles + translation of newline characters during ASCII-mode file + uploads. An attacker may exploit this buffer overflow by + uploading a specially crafted file, resulting in code + execution and ultimately a remote root compromise.</p> + </body> + </description> + <references> + <url>http://xforce.iss.net/xforce/alerts/id/154</url> + <cvename>CAN-2003-0831</cvename> + </references> + <dates> + <discovery>2003-09-23</discovery> + <entry>2004-01-05</entry> + </dates> + </vuln> + <vuln vid="f04cc5cb-2d0b-11d8-beaf-000a95c4d922"> + <topic>bind8 negative cache poison attack</topic> + <affects> + <package> + <name>bind</name> + <range><ge>8.3</ge><lt>8.3.7</lt></range> + <range><ge>8.4</ge><lt>8.4.3</lt></range> + </package> + <system> + <name>FreeBSD</name> + <range><ge>5.1</ge><lt>5.1p11</lt></range> + <range><ge>5.0</ge><lt>5.0p19</lt></range> + <range><ge>4.9</ge><lt>4.9p1</lt></range> + <range><ge>4.8</ge><lt>4.8p14</lt></range> + <range><ge>4.7</ge><lt>4.7p24</lt></range> + <range><ge>4.6</ge><lt>4.6.2p27</lt></range> + <range><ge>4.5</ge><lt>4.5p37</lt></range> + <range><lt>4.4p47</lt></range> + </system> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A programming error in BIND 8 named can result in a DNS + message being incorrectly cached as a negative response. As + a result, an attacker may arrange for malicious DNS messages + to be delivered to a target name server, and cause that name + server to cache a negative response for some target domain + name. The name server would thereafter respond negatively + to legitimate queries for that domain name, resulting in a + denial-of-service for applications that require DNS.</p> + </body> + </description> + <references> + <cvename>CAN-2003-0914</cvename> + <freebsdsa>SA-03:19</freebsdsa> + <certvu>734644</certvu> + </references> + <dates> + <discovery>2003-11-28</discovery> + <entry>2003-12-12</entry> + </dates> + </vuln> + + <vuln vid="81313647-2d03-11d8-9355-0020ed76ef5a"> + <topic>ElGamal sign+encrypt keys created by GnuPG can be + compromised</topic> + <affects> + <package> + <name>gnupg</name> + <range><ge>1.0.2</ge><lt>1.2.3_4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Any ElGamal sign+encrypt keys created by GnuPG contain a + cryptographic weakness that may allow someone to obtain + the private key. <strong>These keys should be considered + unusable and should be revoked.</strong></p> + <p>The following summary was written by Werner Koch, GnuPG + author:</p> + <blockquote cite="http://lists.gnupg.org/pipermail/gnupg-devel/2003-November/020570.html"> + <p>Phong Nguyen identified a severe bug in the way GnuPG + creates and uses ElGamal keys for signing. This is + a significant security failure which can lead to a + compromise of almost all ElGamal keys used for signing. + Note that this is a real world vulnerability which will + reveal your private key within a few seconds.</p> + <p>...</p> + <p>Please <em>take immediate action and revoke your ElGamal + signing keys</em>. Furthermore you should take whatever + measures necessary to limit the damage done for signed or + encrypted documents using that key.</p> + <p>Note that the standard keys as generated by GnuPG (DSA + and ElGamal encryption) as well as RSA keys are NOT + vulnerable. Note also that ElGamal signing keys cannot + be generated without the use of a special flag to enable + hidden options and even then overriding a warning message + about this key type. See below for details on how to + identify vulnerable keys.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CAN-2003-0971</cvename> + <url>http://lists.gnupg.org/pipermail/gnupg-devel/2003-November/020570.html</url> + </references> + <dates> + <discovery>2003-11-27</discovery> + <entry>2003-12-12</entry> + </dates> + </vuln> + + <vuln vid="96fdbf5b-2cfd-11d8-9355-0020ed76ef5a"> + <topic>Mathopd buffer overflow</topic> + <affects> + <package> + <name>mathopd</name> + <range><lt>1.4p2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mathopd contains a buffer overflow in the prepare_reply() + function that may be remotely exploitable.</p> + </body> + </description> + <references> + <url>http://www.mail-archive.com/mathopd%40mathopd.org/msg00136.html</url> + </references> + <dates> + <discovery>2003-12-04</discovery> + <entry>2003-12-12</entry> + </dates> + </vuln> + + <vuln vid="d7af61c8-2cc0-11d8-9355-0020ed76ef5a"> + <topic>lftp HTML parsing vulnerability</topic> + <affects> + <package> + <name>lftp</name> + <range><le>2.6.10</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A buffer overflow exists in lftp which may be triggered when + requesting a directory listing from a malicious server over + HTTP.</p> + </body> + </description> + <references> + <cvename>CAN-2003-0963</cvename> + <url>http://lftp.yar.ru/news.html#2.6.10</url> + </references> + <dates> + <discovery>2003-12-11</discovery> + <entry>2003-12-12</entry> + </dates> + </vuln> + + <vuln vid="af0296be-2455-11d8-82e5-0020ed76ef5a"> + <topic>Fetchmail address parsing vulnerability</topic> + <affects> + <package> + <name>fetchmail</name> + <range><le>6.2.0</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Fetchmail can be crashed by a malicious email message.</p> + </body> + </description> + <references> + <url>http://security.e-matters.de/advisories/052002.html</url> + </references> + <dates> + <discovery>2003-10-25</discovery> + <entry>2003-10-25</entry> + </dates> + </vuln> + + <vuln vid="2bcd2d24-24ca-11d8-82e5-0020ed76ef5a"> + <topic>Buffer overflow in pam_smb password handling</topic> + <affects> + <package> + <name>pam_smb</name> + <range><lt>1.9.9_3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Applications utilizing pam_smb can be compromised by + any user who can enter a password. In many cases, + this is a remote root compromise.</p> + </body> + </description> + <references> + <url>http://www.skynet.ie/~airlied/pam_smb/</url> + <cvename>CAN-2003-0686</cvename> + </references> + <dates> + <discovery>2003-10-25</discovery> + <entry>2003-10-25</entry> + <modified>2003-10-25</modified> + </dates> + </vuln> + + <vuln vid="c4b7badf-24ca-11d8-82e5-0020ed76ef5a"> + <topic>Buffer overflows in libmcrypt</topic> + <affects> + <package> + <name>libmcrypt</name> + <range><lt>2.5.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>libmcrypt does incomplete input validation, leading to + several buffer overflow vuxml. Additionally, + a memory leak is present. Both of these problems may be + exploited in a denial-of-service attack.</p> + </body> + </description> + <references> + <url>http://seclists.org/lists/bugtraq/2003/Jan/0022.html</url> + <cvename>CAN-2003-0031</cvename> + <cvename>CAN-2003-0032</cvename> + </references> + <dates> + <discovery>2003-10-25</discovery> + <entry>2003-10-25</entry> + <modified>2003-10-25</modified> + </dates> + </vuln> + + <vuln vid="ebdf65c7-2ca6-11d8-9355-0020ed76ef5a"> + <topic>qpopper format string vulnerability</topic> + <affects> + <package> + <name>qpopper</name> + <range><lt>2.53_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>An authenticated user may trigger a format string + vulnerability present in qpopper's UIDL code, resulting + in arbitrary code execution with group ID `mail' + privileges.</p> + </body> + </description> + <references> + <bid>1241</bid> + <cvename>CVE-2000-0442</cvename> + <url>http://www.netsys.com/suse-linux-security/2000-May/att-0137/01-b0f5-Qpopper.txt</url> + </references> + <dates> + <discovery>2000-05-23</discovery> + <entry>2003-12-12</entry> + </dates> + </vuln> + + <vuln vid="42c50e16-5ce8-11d8-80e3-0020ed76ef5a"> + <topic>Vulnerable test port</topic> + <affects> + <package> + <name>vulnerability-test-port</name> + <range><lt>2004.02.12</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>This is a test entry.</p> + </body> + </description> + <references> + <url>http://cvsweb.freebsd.org/ports/security/vulnerability-test-port/</url> + </references> + <dates> + <discovery>2004-02-12</discovery> + <entry>2004-02-12</entry> + </dates> + </vuln> + +</vuxml> |