FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  368515
Date:      2014-09-18
Time:      19:53:09Z
Committer: madpilot

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
be4ccb7b-c48b-11da-ae12-0002b3b60e4copenvpn -- LD_PRELOAD code execution on client through malicious or compromised server

Hendrik Weimer reports:

OpenVPN clients are a bit too generous when accepting configuration options from a server. It is possible to transmit environment variables to client-side shell scripts. There are some filters in place to prevent obvious nonsense, however they don't catch the good old LD_PRELOAD trick. All we need is to put a file onto the client under a known location (e.g. by returning a specially crafted document upon web access) and we have a remote root exploit. But since the attack may only come from authenticated servers, this threat is greatly reduced.


Discovery 2006-04-03
Entry 2006-04-05
Modified 2006-04-06
openvpn
ge 2.0 lt 2.0.6

CVE-2006-1629
http://www.osreviews.net/reviews/security/openvpn-print
http://openvpn.net/changelog.html
http://sourceforge.net/mailarchive/message.php?msg_id=15298074
3de49331-0dec-422c-93e5-e4719e9869c5openvpn -- potential denial-of-service on servers in TCP mode

James Yonan reports:

If the TCP server accept() call returns an error status, the resulting exception handler may attempt to indirect through a NULL pointer, causing a segfault. Affects all OpenVPN 2.0 versions.


Discovery 2005-11-01
Entry 2005-11-01
Modified 2005-11-04
openvpn
ge 2.0 lt 2.0.4

CVE-2005-3409
http://openvpn.net/changelog.html
6129fdc7-6462-456d-a3ef-8fc3fbf44d16openvpn -- arbitrary code execution on client through malicious or compromised server

James Yonan reports:

A format string vulnerability in the foreign_option function in options.c could potentially allow a malicious or compromised server to execute arbitrary code on the client. Only non-Windows clients are affected. The vulnerability only exists if (a) the client's TLS negotiation with the server succeeds, (b) the server is malicious or has been compromised such that it is configured to push a maliciously crafted options string to the client, and (c) the client indicates its willingness to accept pushed options from the server by having "pull" or "client" in its configuration file (Credit: Vade79).


Discovery 2005-10-31
Entry 2005-11-01
Modified 2005-11-04
openvpn
ge 2.0 lt 2.0.4

CVE-2005-3393
http://www.securityfocus.com/archive/1/415293/30/0/threaded
http://openvpn.net/changelog.html
be4ccb7b-c48b-11da-ae12-0002b3b60e4copenvpn -- LD_PRELOAD code execution on client through malicious or compromised server

Hendrik Weimer reports:

OpenVPN clients are a bit too generous when accepting configuration options from a server. It is possible to transmit environment variables to client-side shell scripts. There are some filters in place to prevent obvious nonsense, however they don't catch the good old LD_PRELOAD trick. All we need is to put a file onto the client under a known location (e.g. by returning a specially crafted document upon web access) and we have a remote root exploit. But since the attack may only come from authenticated servers, this threat is greatly reduced.


Discovery 2006-04-03
Entry 2006-04-05
Modified 2006-04-06
openvpn
ge 2.0 lt 2.0.6

CVE-2006-1629
http://www.osreviews.net/reviews/security/openvpn-print
http://openvpn.net/changelog.html
http://sourceforge.net/mailarchive/message.php?msg_id=15298074
6129fdc7-6462-456d-a3ef-8fc3fbf44d16openvpn -- arbitrary code execution on client through malicious or compromised server

James Yonan reports:

A format string vulnerability in the foreign_option function in options.c could potentially allow a malicious or compromised server to execute arbitrary code on the client. Only non-Windows clients are affected. The vulnerability only exists if (a) the client's TLS negotiation with the server succeeds, (b) the server is malicious or has been compromised such that it is configured to push a maliciously crafted options string to the client, and (c) the client indicates its willingness to accept pushed options from the server by having "pull" or "client" in its configuration file (Credit: Vade79).


Discovery 2005-10-31
Entry 2005-11-01
Modified 2005-11-04
openvpn
ge 2.0 lt 2.0.4

CVE-2005-3393
http://www.securityfocus.com/archive/1/415293/30/0/threaded
http://openvpn.net/changelog.html
3de49331-0dec-422c-93e5-e4719e9869c5openvpn -- potential denial-of-service on servers in TCP mode

James Yonan reports:

If the TCP server accept() call returns an error status, the resulting exception handler may attempt to indirect through a NULL pointer, causing a segfault. Affects all OpenVPN 2.0 versions.


Discovery 2005-11-01
Entry 2005-11-01
Modified 2005-11-04
openvpn
ge 2.0 lt 2.0.4

CVE-2005-3409
http://openvpn.net/changelog.html