FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  363221
Date:      2014-07-28
Time:      18:38:13Z
Committer: cs

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
b3435b68-9ee8-11e1-997c-002354ed89bcsudo -- netmask vulnerability

Todd Miller reports:

Sudo supports granting access to commands on a per-host basis. The host specification may be in the form of a host name, a netgroup, an IP address, or an IP network (an IP address with an associated netmask).

When IPv6 support was added to sudo, a bug was introduced that caused the IPv6 network matching code to be called when an IPv4 network address does not match. Depending on the value of the uninitialized portion of the IPv6 address, it is possible for the IPv4 network number to match when it should not. This bug only affects IP network matching and does not affect simple IP address matching.

The reported configuration that exhibited the bug was an LDAP-based sudo installation where the sudoRole object contained multiple sudoHost entries, each containing a different IPv4 network. File-based sudoers should be affected as well as the same matching code is used.


Discovery 2012-05-16
Entry 2012-05-16
sudo
le 1.8.4_1

CVE-2012-2337
http://www.sudo.ws/sudo/alerts/netmask.html
b3435b68-9ee8-11e1-997c-002354ed89bcsudo -- netmask vulnerability

Todd Miller reports:

Sudo supports granting access to commands on a per-host basis. The host specification may be in the form of a host name, a netgroup, an IP address, or an IP network (an IP address with an associated netmask).

When IPv6 support was added to sudo, a bug was introduced that caused the IPv6 network matching code to be called when an IPv4 network address does not match. Depending on the value of the uninitialized portion of the IPv6 address, it is possible for the IPv4 network number to match when it should not. This bug only affects IP network matching and does not affect simple IP address matching.

The reported configuration that exhibited the bug was an LDAP-based sudo installation where the sudoRole object contained multiple sudoHost entries, each containing a different IPv4 network. File-based sudoers should be affected as well as the same matching code is used.


Discovery 2012-05-16
Entry 2012-05-16
sudo
le 1.8.4_1

CVE-2012-2337
http://www.sudo.ws/sudo/alerts/netmask.html
67b514c3-ba8f-11df-8f6e-000c29a67389sudo -- Flaw in Runas group matching

Todd Miller reports:

Beginning with sudo version 1.7.0 it has been possible to grant permission to run a command using a specified group via sudo -g option (run as group). A flaw exists in the logic that matches Runas groups in the sudoers file when the -u option is also specified (run as user). This flaw results in a positive match for the user specified via -u so long as the group specified via -g is allowed by the sudoers file.

Exploitation of the flaw requires that Sudo be configured with sudoers entries that contain a Runas group. Entries that do not contain a Runas group, or only contain a Runas user are not affected.


Discovery 2010-09-07
Entry 2010-09-07
sudo
ge 1.7.0 lt 1.7.4.4

CVE-2010-2956
http://www.sudo.ws/sudo/alerts/runas_group.html
908f4cf2-1e8b-11e0-a587-001b77d09812sudo -- local privilege escalation

Todd Miller reports:

Beginning with sudo version 1.7.0 it has been possible to grant permission to run a command using a specified group via sudo's -g option (run as group), if allowed by the sudoers file. A flaw exists in sudo's password checking logic that allows a user to run a command with only the group changed without being prompted for a password.


Discovery 2011-01-11
Entry 2011-01-13
sudo
ge 1.7.0 lt 1.7.4.5

CVE-2011-0010
http://www.sudo.ws/sudo/alerts/runas_group_pw.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641
67b514c3-ba8f-11df-8f6e-000c29a67389sudo -- Flaw in Runas group matching

Todd Miller reports:

Beginning with sudo version 1.7.0 it has been possible to grant permission to run a command using a specified group via sudo -g option (run as group). A flaw exists in the logic that matches Runas groups in the sudoers file when the -u option is also specified (run as user). This flaw results in a positive match for the user specified via -u so long as the group specified via -g is allowed by the sudoers file.

Exploitation of the flaw requires that Sudo be configured with sudoers entries that contain a Runas group. Entries that do not contain a Runas group, or only contain a Runas user are not affected.


Discovery 2010-09-07
Entry 2010-09-07
sudo
ge 1.7.0 lt 1.7.4.4

CVE-2010-2956
http://www.sudo.ws/sudo/alerts/runas_group.html
908f4cf2-1e8b-11e0-a587-001b77d09812sudo -- local privilege escalation

Todd Miller reports:

Beginning with sudo version 1.7.0 it has been possible to grant permission to run a command using a specified group via sudo's -g option (run as group), if allowed by the sudoers file. A flaw exists in sudo's password checking logic that allows a user to run a command with only the group changed without being prompted for a password.


Discovery 2011-01-11
Entry 2011-01-13
sudo
ge 1.7.0 lt 1.7.4.5

CVE-2011-0010
http://www.sudo.ws/sudo/alerts/runas_group_pw.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641