FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  351364
Date:      2014-04-15
Time:      20:21:44Z
Committer: swills

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2e129846-8fbb-11d8-8b29-0020ed76ef5aMySQL insecure temporary file creation (mysqlbug)

Shaun Colley reports that the script `mysqlbug' included with MySQL sometimes creates temporary files in an unsafe manner. As a result, an attacker may create a symlink in /tmp so that if another user invokes `mysqlbug' and quits without making any changes, an arbitrary file may be overwritten with the bug report template.


Discovery 2004-03-25
Entry 2004-04-16
Modified 2004-05-21
mysql-client
ge 4.0 lt 4.0.20

ge 4.1 lt 4.1.1_2

ge 5.0 lt 5.0.0_2

http://marc.theaimsgroup.com/?l=bugtraq&m=108023246916294&w=2
http://bugs.mysql.com/bug.php?id=3284
9976
CVE-2004-0381
835256b8-46ed-11d9-8ce0-00065be4b5b6mysql -- mysql_real_connect buffer overflow vulnerability

The mysql_real_connect function doesn't properly handle DNS replies by copying the IP address into a buffer without any length checking. A specially crafted DNS reply may therefore be used to cause a buffer overflow on affected systems.

Note that whether this issue can be exploitable depends on the system library responsible for the gethostbyname function. The bug finder, Lukasz Wojtow, explaines this with the following words:

In glibc there is a limitation for an IP address to have only 4 bytes (obviously), but generally speaking the length of the address comes with a response for dns query (i know it sounds funny but read rfc1035 if you don't believe). This bug can occur on libraries where gethostbyname function takes length from dns's response


Discovery 2004-06-04
Entry 2004-12-16
Modified 2005-03-15
mysql-server
le 3.23.58_3

ge 4.* lt 4.0.21

mysql-client
le 3.23.58_3

ge 4.* lt 4.0.21

CVE-2004-0836
10981
http://bugs.mysql.com/bug.php?id=4017
http://lists.mysql.com/internals/14726
http://rhn.redhat.com/errata/RHSA-2004-611.html
http://www.osvdb.org/displayvuln.php?osvdb_id=10658
835256b8-46ed-11d9-8ce0-00065be4b5b6mysql -- mysql_real_connect buffer overflow vulnerability

The mysql_real_connect function doesn't properly handle DNS replies by copying the IP address into a buffer without any length checking. A specially crafted DNS reply may therefore be used to cause a buffer overflow on affected systems.

Note that whether this issue can be exploitable depends on the system library responsible for the gethostbyname function. The bug finder, Lukasz Wojtow, explaines this with the following words:

In glibc there is a limitation for an IP address to have only 4 bytes (obviously), but generally speaking the length of the address comes with a response for dns query (i know it sounds funny but read rfc1035 if you don't believe). This bug can occur on libraries where gethostbyname function takes length from dns's response


Discovery 2004-06-04
Entry 2004-12-16
Modified 2005-03-15
mysql-server
le 3.23.58_3

ge 4.* lt 4.0.21

mysql-client
le 3.23.58_3

ge 4.* lt 4.0.21

CVE-2004-0836
10981
http://bugs.mysql.com/bug.php?id=4017
http://lists.mysql.com/internals/14726
http://rhn.redhat.com/errata/RHSA-2004-611.html
http://www.osvdb.org/displayvuln.php?osvdb_id=10658
2e129846-8fbb-11d8-8b29-0020ed76ef5aMySQL insecure temporary file creation (mysqlbug)

Shaun Colley reports that the script `mysqlbug' included with MySQL sometimes creates temporary files in an unsafe manner. As a result, an attacker may create a symlink in /tmp so that if another user invokes `mysqlbug' and quits without making any changes, an arbitrary file may be overwritten with the bug report template.


Discovery 2004-03-25
Entry 2004-04-16
Modified 2004-05-21
mysql-client
ge 4.0 lt 4.0.20

ge 4.1 lt 4.1.1_2

ge 5.0 lt 5.0.0_2

http://marc.theaimsgroup.com/?l=bugtraq&m=108023246916294&w=2
http://bugs.mysql.com/bug.php?id=3284
9976
CVE-2004-0381