FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  351364
Date:      2014-04-15
Time:      20:21:44Z
Committer: swills

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
96df5fd0-8900-11d9-aa18-0001020eed82curl -- authentication buffer overflow vulnerability

Two iDEFENSE Security Advisories reports:

An exploitable stack-based buffer overflow condition exists when using NT Lan Manager (NTLM) authentication. The problem specifically exists within Curl_input_ntlm() defined in lib/http_ntlm.c.

Successful exploitation allows remote attackers to execute arbitrary code under the privileges of the target user. Exploitation requires that an attacker either coerce or force a target to connect to a malicious server using NTLM authentication.

An exploitable stack-based buffer overflow condition exists when using Kerberos authentication. The problem specifically exists within the functions Curl_krb_kauth() and krb4_auth() defined in lib/krb4.c.

Successful exploitation allows remote attackers to execute arbitrary code under the privileges of the target user. Exploitation requires that an attacker either coerce or force a target to connect to a malicious server using Kerberos authentication.


Discovery 2004-12-21
Entry 2005-02-27
curl
lt 7.13.1

12615
12616
CVE-2005-0490
http://marc.theaimsgroup.com/?l=bugtraq&m=110902850731457
http://marc.theaimsgroup.com/?l=bugtraq&m=110902601221592
96df5fd0-8900-11d9-aa18-0001020eed82curl -- authentication buffer overflow vulnerability

Two iDEFENSE Security Advisories reports:

An exploitable stack-based buffer overflow condition exists when using NT Lan Manager (NTLM) authentication. The problem specifically exists within Curl_input_ntlm() defined in lib/http_ntlm.c.

Successful exploitation allows remote attackers to execute arbitrary code under the privileges of the target user. Exploitation requires that an attacker either coerce or force a target to connect to a malicious server using NTLM authentication.

An exploitable stack-based buffer overflow condition exists when using Kerberos authentication. The problem specifically exists within the functions Curl_krb_kauth() and krb4_auth() defined in lib/krb4.c.

Successful exploitation allows remote attackers to execute arbitrary code under the privileges of the target user. Exploitation requires that an attacker either coerce or force a target to connect to a malicious server using Kerberos authentication.


Discovery 2004-12-21
Entry 2005-02-27
curl
lt 7.13.1

12615
12616
CVE-2005-0490
http://marc.theaimsgroup.com/?l=bugtraq&m=110902850731457
http://marc.theaimsgroup.com/?l=bugtraq&m=110902601221592
01cf67b3-dc3b-11e2-a6cd-c48508086173cURL library -- heap corruption in curl_easy_unescape

cURL developers report:

libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption.

The function curl_easy_unescape() decodes URL-encoded strings to raw binary data. URL-encoded octets are represented with %HH combinations where HH is a two-digit hexadecimal number. The decoded string is written to an allocated memory area that the function returns to the caller.

The function takes a source string and a length parameter, and if the length provided is 0 the function will instead use strlen() to figure out how much data to parse.

The "%HH" parser wrongly only considered the case where a zero byte would terminate the input. If a length-limited buffer was passed in which ended with a '%' character which was followed by two hexadecimal digits outside of the buffer libcurl was allowed to parse alas without a terminating zero, libcurl would still parse that sequence as well. The counter for remaining data to handle would then be decreased too much and wrap to become a very large integer and the copying would go on too long and the destination buffer that is allocated on the heap would get overwritten.

We consider it unlikely that programs allow user-provided strings unfiltered into this function. Also, only the not zero-terminated input string use case is affected by this flaw. Exploiting this flaw for gain is probably possible for specific circumstances but we consider the general risk for this to be low.

The curl command line tool is not affected by this problem as it doesn't use this function.

There are no known exploits available at this time.


Discovery 2013-06-22
Entry 2013-06-23
Modified 2013-07-01
curl
ge 7.7 lt 7.24.0_4

CVE-2013-2174
http://curl.haxx.se/docs/adv_20130622.html
5d433534-f41c-402e-ade5-e0a2259a7cb6curl -- cURL/libcURL Location: Redirect URLs Security Bypass

Secunia reports:

The security issue is caused due to cURL following HTTP Location: redirects to e.g. scp:// or file:// URLs which can be exploited by a malicious HTTP server to overwrite or disclose the content of arbitrary local files and potentially execute arbitrary commands via specially crafted redirect URLs.


Discovery 2009-03-03
Entry 2009-03-04
curl
ge 5.11 lt 7.19.4

CVE-2009-0037
http://secunia.com/advisories/34138/
5d433534-f41c-402e-ade5-e0a2259a7cb6curl -- cURL/libcURL Location: Redirect URLs Security Bypass

Secunia reports:

The security issue is caused due to cURL following HTTP Location: redirects to e.g. scp:// or file:// URLs which can be exploited by a malicious HTTP server to overwrite or disclose the content of arbitrary local files and potentially execute arbitrary commands via specially crafted redirect URLs.


Discovery 2009-03-03
Entry 2009-03-04
curl
ge 5.11 lt 7.19.4

CVE-2009-0037
http://secunia.com/advisories/34138/