FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  377958
Date:      2015-01-26
Time:      21:20:43Z
Committer: tijl

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
1959e847-d4f0-11e3-84b0-0018fe623f2b	OpenSSL -- NULL pointer dereference / DoS OpenBSD and David Ramos reports: Applications that use SSL_MODE_RELEASE_BUFFERS, such as nginx/apache, are prone to a race condition which may allow a remote attacker to crash the current service. Discovery 2014-05-02 Entry 2014-05-03 openssl ge 1.0.1 lt 1.0.1_12 http://www.openwall.com/lists/oss-security/2014/05/02/5 https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321 CVE-2014-0198
5ac53801-ec2e-11e3-9cf3-3c970e169bc2	OpenSSL -- multiple vulnerabilities The OpenSSL Project reports: An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. [CVE-2014-0224] By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. [CVE-2014-0221] A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. [CVE-2014-0195] OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack. [CVE-2014-3470] Discovery 2014-06-05 Entry 2014-06-05 openssl ge 1.0.1 lt 1.0.1_13 mingw32-openssl ge 1.0.1 lt 1.0.1h CVE-2014-0195 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 http://www.freebsd.org/security/advisories/FreeBSD-SA-14:14.openssl.asc http://www.openssl.org/news/secadv_20140605.txt
8aff07eb-1dbd-11e4-b6ba-3c970e169bc2	OpenSSL -- multiple vulnerabilities The OpenSSL Project reports: A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. [CVE-2014-3508] The issue affects OpenSSL clients and allows a malicious server to crash the client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. [CVE-2014-5139] If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory. [CVE-2014-3509] An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack. [CVE-2014-3505] An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack. [CVE-2014-3506] By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack. [CVE-2014-3507] OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages. [CVE-2014-3510] A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher protocol version, by modifying the client's TLS records. [CVE-2014-3511] A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected. [CVE-2014-3512] Discovery 2014-08-06 Entry 2014-08-06 openssl ge 1.0.1 lt 1.0.1_14 mingw32-openssl ge 1.0.1 lt 1.0.1i https://www.openssl.org/news/secadv_20140806.txt CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-5139

VuXML ID

Description

1959e847-d4f0-11e3-84b0-0018fe623f2b

OpenSSL -- NULL pointer dereference / DoS

OpenBSD and David Ramos reports:

Applications that use SSL_MODE_RELEASE_BUFFERS, such as nginx/apache, are prone to a race condition which may allow a remote attacker to crash the current service.

Discovery 2014-05-02
Entry 2014-05-03
openssl

ge 1.0.1 lt 1.0.1_12

http://www.openwall.com/lists/oss-security/2014/05/02/5
https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321
CVE-2014-0198

5ac53801-ec2e-11e3-9cf3-3c970e169bc2

OpenSSL -- multiple vulnerabilities

The OpenSSL Project reports:

An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. [CVE-2014-0224]

By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. [CVE-2014-0221]

A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. [CVE-2014-0195]

OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack. [CVE-2014-3470]

Discovery 2014-06-05
Entry 2014-06-05
openssl

ge 1.0.1 lt 1.0.1_13

mingw32-openssl

ge 1.0.1 lt 1.0.1h

CVE-2014-0195
CVE-2014-0221
CVE-2014-0224
CVE-2014-3470
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:14.openssl.asc
http://www.openssl.org/news/secadv_20140605.txt

8aff07eb-1dbd-11e4-b6ba-3c970e169bc2

OpenSSL -- multiple vulnerabilities

The OpenSSL Project reports:

A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. [CVE-2014-3508]

The issue affects OpenSSL clients and allows a malicious server to crash the client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. [CVE-2014-5139]

If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory. [CVE-2014-3509]

An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack. [CVE-2014-3505]

An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack. [CVE-2014-3506]

By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack. [CVE-2014-3507]

OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages. [CVE-2014-3510]

A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher protocol version, by modifying the client's TLS records. [CVE-2014-3511]

A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected. [CVE-2014-3512]

Discovery 2014-08-06
Entry 2014-08-06
openssl

ge 1.0.1 lt 1.0.1_14

mingw32-openssl

ge 1.0.1 lt 1.0.1i

https://www.openssl.org/news/secadv_20140806.txt
CVE-2014-3505
CVE-2014-3506
CVE-2014-3507
CVE-2014-3508
CVE-2014-3509
CVE-2014-3510
CVE-2014-3511
CVE-2014-3512
CVE-2014-5139