FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  402743
Date:      2015-12-01
Time:      14:28:46Z
Committer: ume

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
c0c31b27-bff3-11e3-9d09-000c2980a9f3openafs -- Denial of Service

The OpenAFS development team reports:

An attacker with the ability to connect to an OpenAFS fileserver can trigger a buffer overflow, crashing the server.

The buffer overflow can be triggered by sending an unauthenticated request for file server statistical information.

Clients are not affected.

Discovery 2014-04-09
Entry 2014-04-09
ge 1.4.8 lt 1.6.7

0bf376b7-cc6b-11e2-a424-14dae938ec40net/openafs -- buffer overflow

Nickolai Zeldovich reports:

An attacker with the ability to manipulate AFS directory ACLs may crash the fileserver hosting that volume. In addition, once a corrupt ACL is placed on a fileserver, its existence may crash client utilities manipulating ACLs on that server.

Discovery 2013-02-27
Entry 2013-06-03
lt 1.6.2.*
c4d412c8-f4d1-11e2-b86c-000c295229d5openafs -- single-DES cell-wide key brute force vulnerability

OpenAFS Project reports:

The small size of the DES key space permits an attacker to brute force a cell's service key and then forge traffic from any user within the cell. The key space search can be performed in under 1 day at a cost of around $100 using publicly available services.

Discovery 2013-07-24
Entry 2013-07-25
lt 1.6.5