aboutsummaryrefslogtreecommitdiff
path: root/security/vuxml/vuln.xml
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2004-02-12 14:23:48 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2004-02-12 14:23:48 +0000
commitb73c2468c353bc8fc01082f2e8eacdcfb7b14197 (patch)
tree0155da473b7f2d35cf6b2e271b68525c7e2ec664 /security/vuxml/vuln.xml
parent017e891a43b4010d1c3029a50c0d07681ecf93c4 (diff)
downloadports-b73c2468c353bc8fc01082f2e8eacdcfb7b14197.tar.gz
ports-b73c2468c353bc8fc01082f2e8eacdcfb7b14197.zip
Notes
Diffstat (limited to 'security/vuxml/vuln.xml')
-rw-r--r--security/vuxml/vuln.xml481
1 files changed, 481 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
new file mode 100644
index 000000000000..67041da3e9ac
--- /dev/null
+++ b/security/vuxml/vuln.xml
@@ -0,0 +1,481 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!--
+Copyright 2003, 2004 Jacques Vidrine and contributors
+
+Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
+HTML, PDF, PostScript, RTF and so forth) with or without modification,
+are permitted provided that the following conditions are met:
+1. Redistributions of source code (VuXML) must retain the above
+ copyright notice, this list of conditions and the following
+ disclaimer as the first lines of this file unmodified.
+2. Redistributions in compiled form (transformed to other DTDs,
+ published online in any format, converted to PDF, PostScript,
+ RTF and other formats) must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer
+ in the documentation and/or other materials provided with the
+ distribution.
+
+THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+-->
+<!DOCTYPE vuxml PUBLIC "-//vuxml.org//DTD VuXML 1.0//EN"
+ "http://www.vuxml.org/dtd/vuxml-1/vuxml-10.dtd">
+<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+
+ <vuln vid="67c05283-5d62-11d8-80e3-0020ed76ef5a">
+ <topic>Buffer overflow in Mutt 1.4</topic>
+ <affects>
+ <package>
+ <name>mutt</name>
+ <name>ja-mutt</name>
+ <range><ge>1.4</ge><lt>1.4.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mutt 1.4 contains a buffer overflow that could be exploited
+ with a specially formed message, causing Mutt to crash or
+ possibly execute arbitrary code.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CAN-2004-0078</cvename>
+ <url>http://www.mutt.org/news.html</url>
+ </references>
+ <dates>
+ <discovery>2004/02/11</discovery>
+ <entry>2004/02/12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7557a2b1-5d63-11d8-80e3-0020ed76ef5a">
+ <topic>Apache-SSL optional client certificate vulnerability</topic>
+ <affects>
+ <package>
+ <name>apache+ssl</name>
+ <range><lt>1.3.29.1.53</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>From the Apache-SSL security advisory:</p>
+ <blockquote>
+ If configured with SSLVerifyClient set to 1 or 3 (client
+ certificates optional) and SSLFakeBasicAuth, Apache-SSL
+ 1.3.28+1.52 and all earlier versions would permit a
+ client to use real basic authentication to forge a client
+ certificate.
+
+ All the attacker needed is the "one-line DN" of a valid
+ user, as used by faked basic auth in Apache-SSL, and the
+ fixed password ("password" by default).
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.apache-ssl.org/advisory-20040206.txt</url>
+ </references>
+ <dates>
+ <discovery>2004/02/06</discovery>
+ <entry>2004/02/10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="96ba2dae-4ab0-11d8-96f2-0020ed76ef5a">
+ <topic>L2TP, ISAKMP, and RADIUS parsing vulnerabilities in
+ tcpdump</topic>
+ <affects>
+ <package>
+ <name>tcpdump</name>
+ <range><lt>3.8.1_351</lt></range>
+ </package>
+ <system>
+ <name>FreeBSD</name>
+ <range><lt>5.2.1</lt></range>
+ </system>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jonathan Heusser discovered vulnerabilities in tcpdump's
+ L2TP, ISAKMP, and RADIUS protocol handlers. These
+ vulnerabilities may be used by an attacker to crash a running
+ `tcpdump' process.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CAN-2003-0989</cvename>
+ <cvename>CAN-2003-1029</cvename>
+ <cvename>CAN-2004-0057</cvename>
+ <url>http://marc.theaimsgroup.com/?l=tcpdump-workers&amp;m=107228187124962&amp;w=2</url>
+ <url>http://marc.theaimsgroup.com/?l=tcpdump-workers&amp;m=107325073018070&amp;w=2</url>
+ </references>
+ <dates>
+ <discovery>2003-12-24</discovery>
+ <entry>2004-01-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="20be2982-4aae-11d8-96f2-0020ed76ef5a">
+ <topic>fsp buffer overflow and directory traversal vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>fspd</name>
+ <range><gt>0</gt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The <a href="http://www.debian.org/security">Debian
+ security team</a> reported a pair of vulnerabilities in
+ fsp:</p>
+ <blockquote cite="http://www.debian.org/security/2004/dsa-416">
+ <p>A vulnerability was discovered in fsp, client utilities
+ for File Service Protocol (FSP), whereby a remote user could
+ both escape from the FSP root directory (CAN-2003-1022), and
+ also overflow a fixed-length buffer to execute arbitrary
+ code (CAN-2004-0011).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CAN-2003-1022</cvename>
+ <cvename>CAN-2004-0011</cvename>
+ <url>http://www.debian.org/security/2004/dsa-416</url>
+ </references>
+ <dates>
+ <discovery>2004-01-06</discovery>
+ <entry>2004-01-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="fd376b8b-41e1-11d8-b096-0020ed76ef5a">
+ <topic>Buffer overflow in INN control message handling</topic>
+ <affects>
+ <package>
+ <name>inn</name>
+ <range><lt>2.4.1</lt></range>
+ </package>
+ <package>
+ <name>inn-stable</name>
+ <range><lt>20031022_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>A small, fixed-size stack buffer is used to construct a
+ filename based on a received control message. This could
+ result in a stack buffer overflow.</p>
+ </body>
+ </description>
+ <references>
+ <url>http://lists.litech.org/pipermail/inn-workers/2004q1/002763.html</url>
+ </references>
+ <dates>
+ <discovery>2004-01-07</discovery>
+ <entry>2004-01-08</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="cf0fb426-3f96-11d8-b096-0020ed76ef5a">
+ <topic>ProFTPD ASCII translation bug resulting in remote root
+ compromise</topic>
+ <affects>
+ <package>
+ <name>proftpd</name>
+ <range><lt>1.2.8_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>A buffer overflow exists in the ProFTPD code that handles
+ translation of newline characters during ASCII-mode file
+ uploads. An attacker may exploit this buffer overflow by
+ uploading a specially crafted file, resulting in code
+ execution and ultimately a remote root compromise.</p>
+ </body>
+ </description>
+ <references>
+ <url>http://xforce.iss.net/xforce/alerts/id/154</url>
+ <cvename>CAN-2003-0831</cvename>
+ </references>
+ <dates>
+ <discovery>2003-09-23</discovery>
+ <entry>2004-01-05</entry>
+ </dates>
+ </vuln>
+ <vuln vid="f04cc5cb-2d0b-11d8-beaf-000a95c4d922">
+ <topic>bind8 negative cache poison attack</topic>
+ <affects>
+ <package>
+ <name>bind</name>
+ <range><ge>8.3</ge><lt>8.3.7</lt></range>
+ <range><ge>8.4</ge><lt>8.4.3</lt></range>
+ </package>
+ <system>
+ <name>FreeBSD</name>
+ <range><ge>5.1</ge><lt>5.1p11</lt></range>
+ <range><ge>5.0</ge><lt>5.0p19</lt></range>
+ <range><ge>4.9</ge><lt>4.9p1</lt></range>
+ <range><ge>4.8</ge><lt>4.8p14</lt></range>
+ <range><ge>4.7</ge><lt>4.7p24</lt></range>
+ <range><ge>4.6</ge><lt>4.6.2p27</lt></range>
+ <range><ge>4.5</ge><lt>4.5p37</lt></range>
+ <range><lt>4.4p47</lt></range>
+ </system>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>A programming error in BIND 8 named can result in a DNS
+ message being incorrectly cached as a negative response. As
+ a result, an attacker may arrange for malicious DNS messages
+ to be delivered to a target name server, and cause that name
+ server to cache a negative response for some target domain
+ name. The name server would thereafter respond negatively
+ to legitimate queries for that domain name, resulting in a
+ denial-of-service for applications that require DNS.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CAN-2003-0914</cvename>
+ <freebsdsa>SA-03:19</freebsdsa>
+ <certvu>734644</certvu>
+ </references>
+ <dates>
+ <discovery>2003-11-28</discovery>
+ <entry>2003-12-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="81313647-2d03-11d8-9355-0020ed76ef5a">
+ <topic>ElGamal sign+encrypt keys created by GnuPG can be
+ compromised</topic>
+ <affects>
+ <package>
+ <name>gnupg</name>
+ <range><ge>1.0.2</ge><lt>1.2.3_4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Any ElGamal sign+encrypt keys created by GnuPG contain a
+ cryptographic weakness that may allow someone to obtain
+ the private key. <strong>These keys should be considered
+ unusable and should be revoked.</strong></p>
+ <p>The following summary was written by Werner Koch, GnuPG
+ author:</p>
+ <blockquote cite="http://lists.gnupg.org/pipermail/gnupg-devel/2003-November/020570.html">
+ <p>Phong Nguyen identified a severe bug in the way GnuPG
+ creates and uses ElGamal keys for signing. This is
+ a significant security failure which can lead to a
+ compromise of almost all ElGamal keys used for signing.
+ Note that this is a real world vulnerability which will
+ reveal your private key within a few seconds.</p>
+ <p>...</p>
+ <p>Please <em>take immediate action and revoke your ElGamal
+ signing keys</em>. Furthermore you should take whatever
+ measures necessary to limit the damage done for signed or
+ encrypted documents using that key.</p>
+ <p>Note that the standard keys as generated by GnuPG (DSA
+ and ElGamal encryption) as well as RSA keys are NOT
+ vulnerable. Note also that ElGamal signing keys cannot
+ be generated without the use of a special flag to enable
+ hidden options and even then overriding a warning message
+ about this key type. See below for details on how to
+ identify vulnerable keys.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CAN-2003-0971</cvename>
+ <url>http://lists.gnupg.org/pipermail/gnupg-devel/2003-November/020570.html</url>
+ </references>
+ <dates>
+ <discovery>2003-11-27</discovery>
+ <entry>2003-12-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="96fdbf5b-2cfd-11d8-9355-0020ed76ef5a">
+ <topic>Mathopd buffer overflow</topic>
+ <affects>
+ <package>
+ <name>mathopd</name>
+ <range><lt>1.4p2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mathopd contains a buffer overflow in the prepare_reply()
+ function that may be remotely exploitable.</p>
+ </body>
+ </description>
+ <references>
+ <url>http://www.mail-archive.com/mathopd%40mathopd.org/msg00136.html</url>
+ </references>
+ <dates>
+ <discovery>2003-12-04</discovery>
+ <entry>2003-12-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="d7af61c8-2cc0-11d8-9355-0020ed76ef5a">
+ <topic>lftp HTML parsing vulnerability</topic>
+ <affects>
+ <package>
+ <name>lftp</name>
+ <range><le>2.6.10</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>A buffer overflow exists in lftp which may be triggered when
+ requesting a directory listing from a malicious server over
+ HTTP.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CAN-2003-0963</cvename>
+ <url>http://lftp.yar.ru/news.html#2.6.10</url>
+ </references>
+ <dates>
+ <discovery>2003-12-11</discovery>
+ <entry>2003-12-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="af0296be-2455-11d8-82e5-0020ed76ef5a">
+ <topic>Fetchmail address parsing vulnerability</topic>
+ <affects>
+ <package>
+ <name>fetchmail</name>
+ <range><le>6.2.0</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Fetchmail can be crashed by a malicious email message.</p>
+ </body>
+ </description>
+ <references>
+ <url>http://security.e-matters.de/advisories/052002.html</url>
+ </references>
+ <dates>
+ <discovery>2003-10-25</discovery>
+ <entry>2003-10-25</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="2bcd2d24-24ca-11d8-82e5-0020ed76ef5a">
+ <topic>Buffer overflow in pam_smb password handling</topic>
+ <affects>
+ <package>
+ <name>pam_smb</name>
+ <range><lt>1.9.9_3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Applications utilizing pam_smb can be compromised by
+ any user who can enter a password. In many cases,
+ this is a remote root compromise.</p>
+ </body>
+ </description>
+ <references>
+ <url>http://www.skynet.ie/~airlied/pam_smb/</url>
+ <cvename>CAN-2003-0686</cvename>
+ </references>
+ <dates>
+ <discovery>2003-10-25</discovery>
+ <entry>2003-10-25</entry>
+ <modified>2003-10-25</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="c4b7badf-24ca-11d8-82e5-0020ed76ef5a">
+ <topic>Buffer overflows in libmcrypt</topic>
+ <affects>
+ <package>
+ <name>libmcrypt</name>
+ <range><lt>2.5.6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>libmcrypt does incomplete input validation, leading to
+ several buffer overflow vuxml. Additionally,
+ a memory leak is present. Both of these problems may be
+ exploited in a denial-of-service attack.</p>
+ </body>
+ </description>
+ <references>
+ <url>http://seclists.org/lists/bugtraq/2003/Jan/0022.html</url>
+ <cvename>CAN-2003-0031</cvename>
+ <cvename>CAN-2003-0032</cvename>
+ </references>
+ <dates>
+ <discovery>2003-10-25</discovery>
+ <entry>2003-10-25</entry>
+ <modified>2003-10-25</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="ebdf65c7-2ca6-11d8-9355-0020ed76ef5a">
+ <topic>qpopper format string vulnerability</topic>
+ <affects>
+ <package>
+ <name>qpopper</name>
+ <range><lt>2.53_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>An authenticated user may trigger a format string
+ vulnerability present in qpopper's UIDL code, resulting
+ in arbitrary code execution with group ID `mail'
+ privileges.</p>
+ </body>
+ </description>
+ <references>
+ <bid>1241</bid>
+ <cvename>CVE-2000-0442</cvename>
+ <url>http://www.netsys.com/suse-linux-security/2000-May/att-0137/01-b0f5-Qpopper.txt</url>
+ </references>
+ <dates>
+ <discovery>2000-05-23</discovery>
+ <entry>2003-12-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="42c50e16-5ce8-11d8-80e3-0020ed76ef5a">
+ <topic>Vulnerable test port</topic>
+ <affects>
+ <package>
+ <name>vulnerability-test-port</name>
+ <range><lt>2004.02.12</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>This is a test entry.</p>
+ </body>
+ </description>
+ <references>
+ <url>http://cvsweb.freebsd.org/ports/security/vulnerability-test-port/</url>
+ </references>
+ <dates>
+ <discovery>2004-02-12</discovery>
+ <entry>2004-02-12</entry>
+ </dates>
+ </vuln>
+
+</vuxml>