FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  368339
Date:      2014-09-16
Time:      17:35:34Z
Committer: osa

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
14ab174c-40ef-11de-9fd5-001bd3385381cyrus-sasl -- buffer overflow vulnerability

US-CERT reports:

The sasl_encode64() function converts a string into base64. The Cyrus SASL library contains buffer overflows that occur because of unsafe use of the sasl_encode64() function.


Discovery 2009-04-08
Entry 2009-05-15
cyrus-sasl
lt 2.1.23

CVE-2009-0688
http://www.kb.cert.org/vuls/id/238019
92268205-1947-11d9-bc4a-000c41e2cdadcyrus-sasl -- dynamic library loading and set-user-ID applications

The Cyrus SASL library, libsasl, contains functions which may load dynamic libraries. These libraries may be loaded from the path specified by the environmental variable SASL_PATH, which in some situations may be fully controlled by a local attacker. Thus, if a set-user-ID application (such as chsh) utilizes libsasl, it may be possible for a local attacker to gain superuser privileges.


Discovery 2004-09-22
Entry 2004-10-08
cyrus-sasl
le 1.5.28_3

ge 2.* le 2.1.19

CVE-2004-0884
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/lib/common.c#rev1.104
92268205-1947-11d9-bc4a-000c41e2cdadcyrus-sasl -- dynamic library loading and set-user-ID applications

The Cyrus SASL library, libsasl, contains functions which may load dynamic libraries. These libraries may be loaded from the path specified by the environmental variable SASL_PATH, which in some situations may be fully controlled by a local attacker. Thus, if a set-user-ID application (such as chsh) utilizes libsasl, it may be possible for a local attacker to gain superuser privileges.


Discovery 2004-09-22
Entry 2004-10-08
cyrus-sasl
le 1.5.28_3

ge 2.* le 2.1.19

CVE-2004-0884
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/lib/common.c#rev1.104
14ab174c-40ef-11de-9fd5-001bd3385381cyrus-sasl -- buffer overflow vulnerability

US-CERT reports:

The sasl_encode64() function converts a string into base64. The Cyrus SASL library contains buffer overflows that occur because of unsafe use of the sasl_encode64() function.


Discovery 2009-04-08
Entry 2009-05-15
cyrus-sasl
lt 2.1.23

CVE-2009-0688
http://www.kb.cert.org/vuls/id/238019