FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  351364
Date:      2014-04-15
Time:      20:21:44Z
Committer: swills

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a59afa47-c930-11dc-810c-0016179b2dd5claws-mail -- insecure temporary file creation

Nico Golde reports:

A local attacker could exploit this vulnerability to conduct symlink attacks to overwrite files with the privileges of the user running Claws Mail.


Discovery 2007-12-03
Entry 2008-01-22
Modified 2008-02-12
claws-mail
lt 3.1.0

26676
CVE-2007-6208
http://www.gentoo.org/security/en/glsa/glsa-200801-03.xml
http://security.gentoo.org/glsa/glsa-200801-03.xml
http://secunia.com/advisories/27897
d9867f50-54d0-11dc-b80b-0016179b2dd5claws-mail -- POP3 Format String Vulnerability

A Secunia Advisory reports:

A format string error in the "inc_put_error()" function in src/inc.c when displaying a POP3 server's error response can be exploited via specially crafted POP3 server replies containing format specifiers.

Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into connecting to a malicious POP3 server.


Discovery 2007-08-24
Entry 2007-08-27
Modified 2010-05-12
claws-mail
sylpheed-claws
lt 2.10.0_3

sylpheed2
lt 2.4.4_1

CVE-2007-2958
http://secunia.com/advisories/26550/
http://secunia.com/secunia_research/2007-70/advisory/
a59afa47-c930-11dc-810c-0016179b2dd5claws-mail -- insecure temporary file creation

Nico Golde reports:

A local attacker could exploit this vulnerability to conduct symlink attacks to overwrite files with the privileges of the user running Claws Mail.


Discovery 2007-12-03
Entry 2008-01-22
Modified 2008-02-12
claws-mail
lt 3.1.0

26676
CVE-2007-6208
http://www.gentoo.org/security/en/glsa/glsa-200801-03.xml
http://security.gentoo.org/glsa/glsa-200801-03.xml
http://secunia.com/advisories/27897
d9867f50-54d0-11dc-b80b-0016179b2dd5claws-mail -- POP3 Format String Vulnerability

A Secunia Advisory reports:

A format string error in the "inc_put_error()" function in src/inc.c when displaying a POP3 server's error response can be exploited via specially crafted POP3 server replies containing format specifiers.

Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into connecting to a malicious POP3 server.


Discovery 2007-08-24
Entry 2007-08-27
Modified 2010-05-12
claws-mail
sylpheed-claws
lt 2.10.0_3

sylpheed2
lt 2.4.4_1

CVE-2007-2958
http://secunia.com/advisories/26550/
http://secunia.com/secunia_research/2007-70/advisory/
c389d06d-ee57-11db-bd51-0016179b2dd5claws-mail -- APOP vulnerability

CVE reports:

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions.


Discovery 2007-04-02
Entry 2007-04-19
claws-mail
lt 2.9.0

CVE-2007-1558
http://www.claws-mail.org/news.php
c389d06d-ee57-11db-bd51-0016179b2dd5claws-mail -- APOP vulnerability

CVE reports:

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions.


Discovery 2007-04-02
Entry 2007-04-19
claws-mail
lt 2.9.0

CVE-2007-1558
http://www.claws-mail.org/news.php