FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  318877
Date:      2013-05-23
Time:      15:30:07Z
Committer: flo

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2689f4cb-ec4c-11d8-9440-000347a4fa7drsync -- path sanitizing vulnerability

An rsync security advisory reports:

There is a path-sanitizing bug that affects daemon mode in all recent rsync versions (including 2.6.2) but only if chroot is disabled.

The bug may allow a remote user to access files outside of an rsync module's configured path with the privileges configured for that module.


Discovery 2004-08-12
Entry 2004-08-26
rsync
lt 2.6.2_2

CVE-2004-0792
http://samba.org/rsync/#security_aug04
http://lists.samba.org/archive/rsync-announce/2004/000017.html
http://secunia.com/advisories/12294
http://www.osvdb.org/8829
73ea0706-9c57-11d8-9366-0020ed76ef5arsync path traversal issue

When running rsync in daemon mode, no checks were made to prevent clients from writing outside of a module's `path' setting.


Discovery 2004-04-26
Entry 2004-05-02
rsync
lt 2.6.1

CVE-2004-0426
http://rsync.samba.org/#security_apr04
2689f4cb-ec4c-11d8-9440-000347a4fa7drsync -- path sanitizing vulnerability

An rsync security advisory reports:

There is a path-sanitizing bug that affects daemon mode in all recent rsync versions (including 2.6.2) but only if chroot is disabled.

The bug may allow a remote user to access files outside of an rsync module's configured path with the privileges configured for that module.


Discovery 2004-08-12
Entry 2004-08-26
rsync
lt 2.6.2_2

CVE-2004-0792
http://samba.org/rsync/#security_aug04
http://lists.samba.org/archive/rsync-announce/2004/000017.html
http://secunia.com/advisories/12294
http://www.osvdb.org/8829
af8e3a0c-5009-11dc-8a43-003048705d5arsync -- off by one stack overflow

BugTraq reports:

The rsync utility is prone to an off-by-one buffer-overflow vulnerability. This issue is due to a failure of the application to properly bounds-check user-supplied input.

Successfully exploiting this issue may allow arbitrary code-execution in the context of the affected utility.


Discovery 2007-08-15
Entry 2007-08-21
Modified 2007-08-23
rsync
lt 2.6.9_1

25336
CVE-2007-4091
73ea0706-9c57-11d8-9366-0020ed76ef5arsync path traversal issue

When running rsync in daemon mode, no checks were made to prevent clients from writing outside of a module's `path' setting.


Discovery 2004-04-26
Entry 2004-05-02
rsync
lt 2.6.1

CVE-2004-0426
http://rsync.samba.org/#security_apr04
af8e3a0c-5009-11dc-8a43-003048705d5arsync -- off by one stack overflow

BugTraq reports:

The rsync utility is prone to an off-by-one buffer-overflow vulnerability. This issue is due to a failure of the application to properly bounds-check user-supplied input.

Successfully exploiting this issue may allow arbitrary code-execution in the context of the affected utility.


Discovery 2007-08-15
Entry 2007-08-21
Modified 2007-08-23
rsync
lt 2.6.9_1

25336
CVE-2007-4091