FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  368143
Date:      2014-09-13
Time:      21:18:56Z
Committer: matthew

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
7884d56f-f7a1-11d8-9837-000c41e2cdadgnomevfs -- unsafe URI handling

Alexander Larsson reports that some versions of gnome-vfs and MidnightCommander contain a number of `extfs' scripts that do not properly validate user input. If an attacker can cause her victim to process a specially-crafted URI, arbitrary commands can be executed with the privileges of the victim.


Discovery 2004-08-04
Entry 2004-08-26
gnomevfs2
lt 2.6.2_1

gnomevfs
lt 1.0.5_6

mc
le 4.6.0_12

CVE-2004-0494
10864
http://www.ciac.org/ciac/bulletins/o-194.shtml
http://xforce.iss.net/xforce/xfdb/16897
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127263
0c6f3fde-9c51-11d8-9366-0020ed76ef5aMidnight Commander buffer overflows, format string bugs, and insecure temporary file handling

Jakub Jelinek reports several security related bugs in Midnight Commander, including:

  • Multiple buffer overflows (CVE-2004-0226)
  • Insecure temporary file handling (CVE-2004-0231)
  • Format string bug (CVE-2004-0232)

Discovery 2004-04-29
Entry 2004-05-02
Modified 2004-06-14
mc
lt 4.6.0_10

CVE-2004-0226
CVE-2004-0231
CVE-2004-0232
322d4ff6-85c3-11d8-a41f-0020ed76ef5aMidnight Commander buffer overflow during symlink resolution

Midnight Commander uses a fixed sized stack buffer while resolving symbolic links within file archives (tar or cpio). If an attacker can cause a user to process a specially crafted file archive with Midnight Commander, the attacker may be able to obtain the privileges of the target user.


Discovery 2003-09-19
Entry 2004-04-03
Modified 2004-04-13
mc
lt 4.6.0_9

CVE-2003-1023
http://marc.theaimsgroup.com/?l=bugtraq&m=106399528518704
8658
7884d56f-f7a1-11d8-9837-000c41e2cdadgnomevfs -- unsafe URI handling

Alexander Larsson reports that some versions of gnome-vfs and MidnightCommander contain a number of `extfs' scripts that do not properly validate user input. If an attacker can cause her victim to process a specially-crafted URI, arbitrary commands can be executed with the privileges of the victim.


Discovery 2004-08-04
Entry 2004-08-26
gnomevfs2
lt 2.6.2_1

gnomevfs
lt 1.0.5_6

mc
le 4.6.0_12

CVE-2004-0494
10864
http://www.ciac.org/ciac/bulletins/o-194.shtml
http://xforce.iss.net/xforce/xfdb/16897
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127263
322d4ff6-85c3-11d8-a41f-0020ed76ef5aMidnight Commander buffer overflow during symlink resolution

Midnight Commander uses a fixed sized stack buffer while resolving symbolic links within file archives (tar or cpio). If an attacker can cause a user to process a specially crafted file archive with Midnight Commander, the attacker may be able to obtain the privileges of the target user.


Discovery 2003-09-19
Entry 2004-04-03
Modified 2004-04-13
mc
lt 4.6.0_9

CVE-2003-1023
http://marc.theaimsgroup.com/?l=bugtraq&m=106399528518704
8658
0c6f3fde-9c51-11d8-9366-0020ed76ef5aMidnight Commander buffer overflows, format string bugs, and insecure temporary file handling

Jakub Jelinek reports several security related bugs in Midnight Commander, including:

  • Multiple buffer overflows (CVE-2004-0226)
  • Insecure temporary file handling (CVE-2004-0231)
  • Format string bug (CVE-2004-0232)

Discovery 2004-04-29
Entry 2004-05-02
Modified 2004-06-14
mc
lt 4.6.0_10

CVE-2004-0226
CVE-2004-0231
CVE-2004-0232