FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  374986
Date:      2014-12-20
Time:      00:21:30Z
Committer: delphij

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
8091fcea-f35e-11d8-81b0-000347a4fa7da2ps -- insecure command line argument handling

Rudolf Polzer reports:

a2ps builds a command line for file() containing an unescaped version of the file name, thus might call external programs described by the file name. Running a cronjob over a public writable directory a2ps-ing all files in it - or simply typing "a2ps *.txt" in /tmp - is therefore dangerous.


Discovery 2004-08-18
Entry 2004-10-20
Modified 2004-12-30
a2ps-a4
lt 4.13b_2

a2ps-letter
lt 4.13b_2

a2ps-letterdj
lt 4.13b_2

CVE-2004-1170
ports/70618
11025
http://www.osvdb.org/9176
http://marc.theaimsgroup.com/?l=full-disclosure&m=109334851517137
9168253c-5a6d-11d9-a9e7-0001020eed82a2ps -- insecure temporary file creation

A Secunia Security Advisory reports that Javier Fernández-Sanguino Peña has found temporary file creation vulnerabilities in the fixps and psmandup scripts which are part of a2ps. These vulnerabilities could lead to an attacker overwriting arbitrary files with the credentials of the user running the vulnerable scripts.


Discovery 2004-12-27
Entry 2004-12-30
Modified 2005-01-19
a2ps-a4
a2ps-letter
a2ps-letterdj
lt 4.13b_3

CVE-2004-1377
12108
12109
http://secunia.com/advisories/13641/
8091fcea-f35e-11d8-81b0-000347a4fa7da2ps -- insecure command line argument handling

Rudolf Polzer reports:

a2ps builds a command line for file() containing an unescaped version of the file name, thus might call external programs described by the file name. Running a cronjob over a public writable directory a2ps-ing all files in it - or simply typing "a2ps *.txt" in /tmp - is therefore dangerous.


Discovery 2004-08-18
Entry 2004-10-20
Modified 2004-12-30
a2ps-a4
lt 4.13b_2

a2ps-letter
lt 4.13b_2

a2ps-letterdj
lt 4.13b_2

CVE-2004-1170
ports/70618
11025
http://www.osvdb.org/9176
http://marc.theaimsgroup.com/?l=full-disclosure&m=109334851517137
9168253c-5a6d-11d9-a9e7-0001020eed82a2ps -- insecure temporary file creation

A Secunia Security Advisory reports that Javier Fernández-Sanguino Peña has found temporary file creation vulnerabilities in the fixps and psmandup scripts which are part of a2ps. These vulnerabilities could lead to an attacker overwriting arbitrary files with the credentials of the user running the vulnerable scripts.


Discovery 2004-12-27
Entry 2004-12-30
Modified 2005-01-19
a2ps-a4
a2ps-letter
a2ps-letterdj
lt 4.13b_3

CVE-2004-1377
12108
12109
http://secunia.com/advisories/13641/