diff options
| author | Remko Lodder <remko@FreeBSD.org> | 2006-03-24 12:25:58 +0000 |
|---|---|---|
| committer | Remko Lodder <remko@FreeBSD.org> | 2006-03-24 12:25:58 +0000 |
| commit | f9cee5162f5586a7def5def84c80ab1b9b964ec7 (patch) | |
| tree | b1d872aed080c79dd6b01235ed3b69927e0227ab /security/vuxml/vuln.xml | |
| parent | 384ebc9da605742e18ff9f4d5b7fae99bc90ba21 (diff) | |
| download | ports-f9cee5162f5586a7def5def84c80ab1b9b964ec7.tar.gz ports-f9cee5162f5586a7def5def84c80ab1b9b964ec7.zip | |
Notes
Diffstat (limited to 'security/vuxml/vuln.xml')
| -rw-r--r-- | security/vuxml/vuln.xml | 127 |
1 files changed, 127 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 35453ccfc87f..600d9c3fbf86 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,133 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="08ac7b8b-bb30-11da-b2fb-000e0c2e438a"> + <topic>sendmail -- race condition vulnerability</topic> + <affects> + <system> + <name>FreeBSD</name> + <range><ge>6.0</ge><lt>6.0_6</lt></range> + <range><ge>5.4</ge><lt>5.4_13</lt></range> + <range><ge>5.3</ge><lt>5.3_28</lt></range> + <range><ge>4.11</ge><lt>4.11_16</lt></range> + <range><ge>4.10</ge><lt>4.10_22</lt></range> + </system> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description</h1> + <p>A race condition has been reported to exist in the handling + by sendmail of asynchronous signals.</p> + <h1>Impact</h1> + <p>A remote attacker may be able to execute arbitrary code with + the privileges of the user running sendmail, typically + root.</p> + <h1>Workaround</h1> + <p>There is no known workaround other than disabling + sendmail.</p> + </body> + </description> + <references> + <cvename>CVE-2006-0058</cvename> + <freebsdsa>SA-06:13</freebsdsa> + </references> + <dates> + <discovery>2006-03-22</discovery> + <entry>2006-03-24</entry> + </dates> + </vuln> + + <vuln vid="e93bc5b0-bb2e-11da-b2fb-000e0c2e438a"> + <topic>OPIE -- arbitrary password change</topic> + <affects> + <system> + <name>FreeBSD</name> + <range><ge>6.0</ge><lt>6.0_6</lt></range> + <range><ge>5.4</ge><lt>5.4_13</lt></range> + <range><ge>5.3</ge><lt>5.3_28</lt></range> + <range><ge>4.11</ge><lt>4.11_16</lt></range> + <range><ge>4.10</ge><lt>4.10_22</lt></range> + </system> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description</h1> + <p>The opiepasswd(1) program uses getlogin(2) to identify the + user calling opiepasswd(1). In some circumstances + getlogin(2) will return "root" even when running as an + unprivileged user. This causes opiepasswd(1) to allow an + unpriviled user to configure OPIE authentication for the root + user.</p> + <h1>Impact</h1> + <p>In certain cases an attacker able to run commands as a non + privileged users which have not explicitly logged in, for + example CGI scripts run by a web server, is able to configure + OPIE access for the root user. If the attacker is able to + authenticate as root using OPIE authentication, for example if + "PermitRootLogin" is set to "yes" in sshd_config or the + attacker has access to a local user in the "wheel" group, the + attacker can gain root privileges.</p> + <h1>Workaround</h1> + <p>Disable OPIE authentication in PAM:</p> + <pre># sed -i "" -e /opie/s/^/#/ /etc/pam.d/*</pre> + <p>or</p> + <p>Remove the setuid bit from opiepasswd:</p> + <pre># chflags noschg /usr/bin/opiepasswd</pre> + <pre># chmod 555 /usr/bin/opiepasswd</pre> + <pre># chflags schg /usr/bin/opiepasswd</pre> + </body> + </description> + <references> + <cvename>CVE-2006-1283</cvename> + <freebsdsa>SA-06:12</freebsdsa> + </references> + <dates> + <discovery>2006-03-22</discovery> + <entry>2006-03-24</entry> + </dates> + </vuln> + + <vuln vid="e50a7476-bb2d-11da-b2fb-000e0c2e438a"> + <topic>ipsec -- reply attack vulnerability</topic> + <affects> + <system> + <name>FreeBSD</name> + <range><ge>6.0</ge><lt>6.0_6</lt></range> + <range><ge>5.4</ge><lt>5.4_13</lt></range> + <range><ge>5.3</ge><lt>5.3_28</lt></range> + <range><ge>4.11</ge><lt>4.11_16</lt></range> + <range><ge>4.10</ge><lt>4.10_22</lt></range> + </system> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description</h1> + <p>IPsec provides an anti-replay service which when enabled + prevents an attacker from successfully executing a replay + attack. This is done through the verification of sequence + numbers. A programming error in the fast_ipsec(4) + implementation results in the sequence number associated with + a Security Association not being updated, allowing packets to + unconditionally pass sequence number verification checks.</p> + <h1>Impact</h1> + <p>An attacker able to to intercept IPSec packets can replay + them. If higher level protocols which do not provide any + protection against packet replays (e.g., UDP) are used, this + may have a variety of effects.</p> + <h1>Workaround</h1> + <p>No workaround is available.</p> + </body> + </description> + <references> + <cvename>CVE-2006-0905</cvename> + <freebsdsa>SA-06:11</freebsdsa> + </references> + <dates> + <discovery>2006-03-22</discovery> + <entry>2006-03-24</entry> + </dates> + </vuln> + <vuln vid="61534682-b8f4-11da-8e62-000e0c33c2dc"> <topic>xorg-server -- privilege escalation</topic> <affects> |