diff options
author | Tom Rhodes <trhodes@FreeBSD.org> | 2005-07-21 08:43:12 +0000 |
---|---|---|
committer | Tom Rhodes <trhodes@FreeBSD.org> | 2005-07-21 08:43:12 +0000 |
commit | 8eb060fe5c17bef80bade026d615aecd26302f9b (patch) | |
tree | 6f8b5501b3e114ff5c6169cb4aea8741c54806d8 /security | |
parent | 27e12cf5ece5c7dbeb7b37d7d4f9e91129dc226e (diff) | |
download | ports-8eb060fe5c17bef80bade026d615aecd26302f9b.tar.gz ports-8eb060fe5c17bef80bade026d615aecd26302f9b.zip |
Notes
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index d76724f02bc1..c2bc5841d54d 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,36 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="43a7b0a7-f9bc-11d9-b473-00061bc2ad93"> + <topic>PowerDNS -- LDAP backend fails to escape all queries</topic> + <affects> + <package> + <name>powerdns</name> + <range><lt>2.9.18</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The LDAP backend in PowerDNS has issues with escaping + queries which could cause connection errors. This would + make it possible for a malicious user to temporarily blank + domains.</p> + <blockquote cite="http://doc.powerdns.com/security-policy.html"> + <p>This is known to affect all releases prior to 2.9.18.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CAN-2005-2302</cvename> + <url>http://doc.powerdns.com/security-policy.html</url> + <url>http://marc.theaimsgroup.com/?l=bugtraq&m=112155941310297&w=2</url> + </references> + <dates> + <discovery>2005-07-16</discovery> + <entry>2005-07-21</entry> + </dates> + </vuln> + <vuln vid="3497d7be-2fef-45f4-8162-9063751b573a"> <topic>fetchmail -- remote root/code injection from malicious POP3 server</topic> <affects> |