FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  360546
Date:      2014-07-04
Time:      06:38:23Z
Committer: swills

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
479efd57-516e-11e3-9b62-000c292e4fd8samba -- Private key in key.pem world readable

The Samba project reports:

Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller.


Discovery 2013-06-12
Entry 2013-11-19
samba4
gt 4.0.* lt 4.0.11

samba41
gt 4.1.* lt 4.1.1

CVE-2013-4476
http://www.samba.org/samba/security/CVE-2013-4476
a4f08579-516c-11e3-9b62-000c292e4fd8samba -- ACLs are not checked on opening an alternate data stream on a file or directory

The Samba project reports:

Samba versions 3.2.0 and above (all versions of 3.2.x, 3.3.x, 3.4.x, 3.5.x, 3.6.x, 4.0.x and 4.1.x) do not check the underlying file or directory ACL when opening an alternate data stream.

According to the SMB1 and SMB2+ protocols the ACL on an underlying file or directory should control what access is allowed to alternate data streams that are associated with the file or directory.


Discovery 2013-06-12
Entry 2013-11-19
samba34
gt 0

samba35
gt 0

samba36
gt 3.6.* lt 3.6.20

samba4
gt 4.0.* lt 4.0.11

samba41
gt 4.1.* lt 4.1.1

CVE-2013-4475
http://www.samba.org/samba/security/CVE-2013-4475
613e45d1-6154-11e3-9b62-000c292e4fd8samba -- multiple vulnerabilities

The Samba project reports:

These are security releases in order to address CVE-2013-4408 (DCE-RPC fragment length field is incorrectly checked) and CVE-2012-6150 (pam_winbind login without require_membership_of restrictions).


Discovery 2012-06-12
Entry 2013-12-11
samba34
gt 0

samba35
gt 0

samba36
gt 3.6.* lt 3.6.22

samba4
gt 4.0.* lt 4.0.13

samba41
gt 4.1.* lt 4.1.3

CVE-2012-6150
CVE-2013-4408
http://www.samba.org/samba/security/CVE-2012-6150
http://www.samba.org/samba/security/CVE-2013-4408