FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The last vuln.xml file processed by FreshPorts is:
Revision: 321198
Date: 2013-06-18
Time: 15:50:05Z
Committer: delphij
List all Vulnerabilities, by package
List all Vulnerabilities, by date
These are the vulnerabilities relating to the commit you have selected:
| VuXML ID | Description |
|---|
| 96df5fd0-8900-11d9-aa18-0001020eed82 | curl -- authentication buffer overflow vulnerability
Two iDEFENSE Security Advisories reports:
An exploitable stack-based buffer overflow condition
exists when using NT Lan Manager (NTLM)
authentication. The problem specifically exists within
Curl_input_ntlm() defined in
lib/http_ntlm.c.
Successful exploitation allows remote attackers to
execute arbitrary code under the privileges of the target
user. Exploitation requires that an attacker either coerce
or force a target to connect to a malicious server using
NTLM authentication.
An exploitable stack-based buffer overflow condition
exists when using Kerberos authentication. The problem
specifically exists within the functions
Curl_krb_kauth() and krb4_auth()
defined in lib/krb4.c.
Successful exploitation allows remote attackers to
execute arbitrary code under the privileges of the target
user. Exploitation requires that an attacker either coerce
or force a target to connect to a malicious server using
Kerberos authentication.
Discovery 2004-12-21
Entry 2005-02-27
curl
lt 7.13.1
12615
12616
CVE-2005-0490
http://marc.theaimsgroup.com/?l=bugtraq&m=110902850731457
http://marc.theaimsgroup.com/?l=bugtraq&m=110902601221592
|
| 5d433534-f41c-402e-ade5-e0a2259a7cb6 | curl -- cURL/libcURL Location: Redirect URLs Security Bypass
Secunia reports:
The security issue is caused due to cURL following HTTP Location:
redirects to e.g. scp:// or file:// URLs which can be exploited
by a malicious HTTP server to overwrite or disclose the content of
arbitrary local files and potentially execute arbitrary commands via
specially crafted redirect URLs.
Discovery 2009-03-03
Entry 2009-03-04
curl
ge 5.11 lt 7.19.4
CVE-2009-0037
http://secunia.com/advisories/34138/
|
| 5d433534-f41c-402e-ade5-e0a2259a7cb6 | curl -- cURL/libcURL Location: Redirect URLs Security Bypass
Secunia reports:
The security issue is caused due to cURL following HTTP Location:
redirects to e.g. scp:// or file:// URLs which can be exploited
by a malicious HTTP server to overwrite or disclose the content of
arbitrary local files and potentially execute arbitrary commands via
specially crafted redirect URLs.
Discovery 2009-03-03
Entry 2009-03-04
curl
ge 5.11 lt 7.19.4
CVE-2009-0037
http://secunia.com/advisories/34138/
|
| 96df5fd0-8900-11d9-aa18-0001020eed82 | curl -- authentication buffer overflow vulnerability
Two iDEFENSE Security Advisories reports:
An exploitable stack-based buffer overflow condition
exists when using NT Lan Manager (NTLM)
authentication. The problem specifically exists within
Curl_input_ntlm() defined in
lib/http_ntlm.c.
Successful exploitation allows remote attackers to
execute arbitrary code under the privileges of the target
user. Exploitation requires that an attacker either coerce
or force a target to connect to a malicious server using
NTLM authentication.
An exploitable stack-based buffer overflow condition
exists when using Kerberos authentication. The problem
specifically exists within the functions
Curl_krb_kauth() and krb4_auth()
defined in lib/krb4.c.
Successful exploitation allows remote attackers to
execute arbitrary code under the privileges of the target
user. Exploitation requires that an attacker either coerce
or force a target to connect to a malicious server using
Kerberos authentication.
Discovery 2004-12-21
Entry 2005-02-27
curl
lt 7.13.1
12615
12616
CVE-2005-0490
http://marc.theaimsgroup.com/?l=bugtraq&m=110902850731457
http://marc.theaimsgroup.com/?l=bugtraq&m=110902601221592
|