diff options
| author | Simon L. B. Nielsen <simon@FreeBSD.org> | 2005-10-18 17:42:13 +0000 |
|---|---|---|
| committer | Simon L. B. Nielsen <simon@FreeBSD.org> | 2005-10-18 17:42:13 +0000 |
| commit | e9dcf64a7673922a0e3ad1088441541dc1d596f7 (patch) | |
| tree | 1bfff95fd0c0dc243185810cefd77bdf40a6a072 /security | |
| parent | dc23a43b02be907c2beebaffd73642cf98b0b8e0 (diff) | |
| download | ports-e9dcf64a7673922a0e3ad1088441541dc1d596f7.tar.gz ports-e9dcf64a7673922a0e3ad1088441541dc1d596f7.zip | |
Notes
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 52 |
1 files changed, 50 insertions, 2 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index a024b1829850..60cf46a4a5fd 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,11 +34,58 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="97d45e95-3ffc-11da-a263-0001020eed82"> + <topic>snort -- Back Orifice preprocessor buffer overflow + vulnerability</topic> + <affects> + <package> + <name>snort</name> + <range><ge>2.4.0</ge><lt>2.4.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Jennifer Steffens reports:</p> + <blockquote cite="http://www.snort.org/pub-bin/snortnews.cgi#99"> + <p>The Back Orifice preprocessor contains a stack-based + buffer overflow. This vulnerability could be leveraged by + an attacker to execute code remotely on a Snort sensor + where the Back Orifice preprocessor is enabled. However, + there are a number of factors that make remote code + execution difficult to achieve across different builds of + Snort on different platforms, even on the same platform + with different compiler versions, and it is more likely + that an attacker could use the vulnerability as a denial + of service attack.</p> + <p>The Back Orifice preprocessor can be disabled by + commenting out the line "preprocessor bo" in + snort.conf. This can be done in any text editor using the + following procedure:</p> + <ol> + <li>Locate the line "preprocessor bo"</li> + <li>Comment out this line by preceding it with a hash + (#). The new line will look like "#preprocessor bo"</li> + <li>Save the file</li> + <li>Restart snort</li> + </ol> + </blockquote> + </body> + </description> + <references> + <url>http://www.snort.org/pub-bin/snortnews.cgi#99</url> + <certvu>175500</certvu> + </references> + <dates> + <discovery>2005-10-18</discovery> + <entry>2005-10-18</entry> + </dates> + </vuln> + <vuln vid="60f8fe7b-3cfb-11da-baa2-0004614cc33d"> - <topic>WebCalendar -- multiple reports of websites getting defeced</topic> + <topic>webcalendar -- multiple reports of websites getting defaced</topic> <affects> <package> - <name>webcalendar</name> + <name>WebCalendar</name> <range><lt>1.0.1</lt></range> </package> </affects> @@ -54,6 +101,7 @@ Note: Please add new entries to the beginning of this file. <dates> <discovery>2005-08-26</discovery> <entry>2005-10-15</entry> + <modified>2005-10-18</modified> </dates> </vuln> |