FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  369686
Date:      2014-10-01
Time:      03:40:03Z
Committer: bdrewery

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6ad309d9-fb03-11e3-bebd-000c2980a9f3samba -- multiple vulnerabilities

The samba project reports:

A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS name service.

Valid unicode path names stored on disk can cause smbd to crash if an authenticated client attempts to read them using a non-unicode request.


Discovery 2014-06-23
Entry 2014-06-23
samba36
lt 3.6.24

samba4
lt 4.0.19

samba41
lt 4.1.9

CVE-2014-0244
CVE-2014-3493
https://www.samba.org/samba/security/CVE-2014-0244
https://www.samba.org/samba/security/CVE-2014-3493
03e48bf5-a96d-11e3-a556-3c970e169bc2samba -- multiple vulnerabilities

Samba project reports:

In Samba's SAMR server we neglect to ensure that attempted password changes will update the bad password count, nor set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly.

This is available without any other authentication.

smbcacls can remove a file or directory ACL by mistake.


Discovery 2014-03-11
Entry 2014-03-11
samba34
gt 0

samba35
gt 0

samba36
gt 3.6.* lt 3.6.23

samba4
gt 4.0.* lt 4.0.16

samba41
gt 4.1.* lt 4.1.6

CVE-2013-4496
CVE-2013-6442
http://www.samba.org/samba/security/CVE-2013-4496
http://www.samba.org/samba/security/CVE-2013-6442
613e45d1-6154-11e3-9b62-000c292e4fd8samba -- multiple vulnerabilities

The Samba project reports:

These are security releases in order to address CVE-2013-4408 (DCE-RPC fragment length field is incorrectly checked) and CVE-2012-6150 (pam_winbind login without require_membership_of restrictions).


Discovery 2012-06-12
Entry 2013-12-11
samba34
gt 0

samba35
gt 0

samba36
gt 3.6.* lt 3.6.22

samba4
gt 4.0.* lt 4.0.13

samba41
gt 4.1.* lt 4.1.3

CVE-2012-6150
CVE-2013-4408
http://www.samba.org/samba/security/CVE-2012-6150
http://www.samba.org/samba/security/CVE-2013-4408