diff options
author | Chris Rees <crees@FreeBSD.org> | 2011-09-04 20:15:52 +0000 |
---|---|---|
committer | Chris Rees <crees@FreeBSD.org> | 2011-09-04 20:15:52 +0000 |
commit | 81583d75a7f1cd2a6c97dbf315277ee55685978c (patch) | |
tree | 0a9d15fe630288031162ef07d9facab7f7d911b2 /security/vuxml/vuln.xml | |
parent | 4c70e5fb98011c0bdc25b778ec865b3ec3c8eb23 (diff) | |
download | ports-81583d75a7f1cd2a6c97dbf315277ee55685978c.tar.gz ports-81583d75a7f1cd2a6c97dbf315277ee55685978c.zip |
Notes
Diffstat (limited to 'security/vuxml/vuln.xml')
-rw-r--r-- | security/vuxml/vuln.xml | 43 |
1 files changed, 35 insertions, 8 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 2602c44bb4cf..9f1faedfc2a7 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,37 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="e55f948f-d729-11e0-abd1-0017f22d6707"> + <topic>security/cfs -- buffer overflow</topic> + <affects> + <package> + <name>cfs</name> + <range><le>1.4.1_6</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Debian reports:</p> + <blockquote cite="http://www.debian.org/security/2002/dsa-116"> + <p>Zorgon found several buffer overflows in cfsd, a daemon that + pushes encryption services into the Unix(tm) file system. + We are not yet sure if these overflows can successfully be + exploited to gain root access to the machine running the CFS daemon. + However, since cfsd can easily be forced to die, a malicious user + can easily perform a denial of service attack to it.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2002-0351</cvename> + <url>http://www.debian.org/security/2002/dsa-116</url> + </references> + <dates> + <discovery>2002-03-02</discovery> + <entry>2011-09-04</entry> + </dates> + </vuln> + <vuln vid="1b27af46-d6f6-11e0-89a6-080027ef73ec"> <topic>ca_root_nss -- Extraction of unsafe certificates into trust bundle.</topic> <affects> @@ -82,8 +113,7 @@ Note: Please add new entries to the beginning of this file. <body xmlns="http://www.w3.org/1999/xhtml"> <p>Heather Adkins, Google's Information Security Manager, reported that Google received</p> - <blockquote - cite="http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html"> + <blockquote cite="http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html"> <p>[...] reports of attempted SSL man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were @@ -94,8 +124,7 @@ Note: Please add new entries to the beginning of this file. </blockquote> <p>VASCO Data Security International Inc., owner of DigiNotar, issued a press statement confirming this incident:</p> - <blockquote - cite="http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx"> + <blockquote cite="http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx"> <p>On July 19th 2011, DigiNotar detected an intrusion into its Certificate Authority (CA) infrastructure, which resulted in the fraudulent issuance of public key certificate requests for a @@ -106,8 +135,7 @@ Note: Please add new entries to the beginning of this file. </blockquote> <p>Mozilla, maintainer of the NSS package, from which FreeBSD derived ca_root_nss, stated that they</p> - <blockquote - cite="https://blog.mozilla.com/security/2011/09/02/diginotar-removal-follow-up/"> + <blockquote cite="https://blog.mozilla.com/security/2011/09/02/diginotar-removal-follow-up/"> <p>revoked our trust in the DigiNotar certificate authority from all Mozilla software. This is not a temporary suspension, it is a complete removal from our trusted root program. Complete revocation @@ -1578,8 +1606,7 @@ Note: Please add new entries to the beginning of this file. <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>Unbound developer reports:</p> - <blockquote - cite="http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt"> + <blockquote cite="http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt"> <p>NLnet Labs was notified of an error in Unbound's code-path for error replies which is triggered under special conditions. The error causes the program to abort.</p> |