FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  318524
Date:      2013-05-19
Time:      14:06:36Z
Committer: rakuco

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
82cfd919-8213-11e2-9273-902b343deec9	sudo -- Potential bypass of tty_tickets constraints Todd Miller reports: A (potentially malicious) program run by a user with sudo access may be able to bypass the "tty_ticket" constraints. In order for this to succeed there must exist on the machine a terminal device that the user has previously authenticated themselves on via sudo within the last time stamp timeout (5 minutes by default). Discovery 2013-02-27 Entry 2013-03-01 sudo lt 1.8.6.p7 CVE-2013-1776 http://www.sudo.ws/sudo/alerts/tty_tickets.html
764344fb-8214-11e2-9273-902b343deec9	sudo -- Authentication bypass when clock is reset Todd Miller reports: The flaw may allow someone with physical access to a machine that is not password-protected to run sudo commands without knowing the logged in user's password. On systems where sudo is the principal way of running commands as root, such as on Ubuntu and Mac OS X, there is a greater chance that the logged in user has run sudo before and thus that an attack would succeed. Discovery 2013-02-27 Entry 2013-03-01 sudo lt 1.8.6.p7 CVE-2013-1775 http://www.sudo.ws/sudo/alerts/epoch_ticket.html

VuXML ID

Description

82cfd919-8213-11e2-9273-902b343deec9

sudo -- Potential bypass of tty_tickets constraints

Todd Miller reports:

A (potentially malicious) program run by a user with sudo access may be able to bypass the "tty_ticket" constraints. In order for this to succeed there must exist on the machine a terminal device that the user has previously authenticated themselves on via sudo within the last time stamp timeout (5 minutes by default).

Discovery 2013-02-27
Entry 2013-03-01
sudo

lt 1.8.6.p7

CVE-2013-1776
http://www.sudo.ws/sudo/alerts/tty_tickets.html

764344fb-8214-11e2-9273-902b343deec9

sudo -- Authentication bypass when clock is reset

Todd Miller reports:

The flaw may allow someone with physical access to a machine that is not password-protected to run sudo commands without knowing the logged in user's password. On systems where sudo is the principal way of running commands as root, such as on Ubuntu and Mac OS X, there is a greater chance that the logged in user has run sudo before and thus that an attack would succeed.

Discovery 2013-02-27
Entry 2013-03-01
sudo

lt 1.8.6.p7

CVE-2013-1775
http://www.sudo.ws/sudo/alerts/epoch_ticket.html