FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  365353
Date:      2014-08-18
Time:      21:11:32Z
Committer: flo

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
cacaffbc-5e64-11d8-80e3-0020ed76ef5aGNU libtool insecure temporary file handling

libtool attempts to create a temporary directory in which to write scratch files needed during processing. A malicious user may create a symlink and then manipulate the directory so as to write to files to which she normally has no permissions.

This has been reported as a ``symlink vulnerability'', although I do not think that is an accurate description.

This vulnerability could possibly be used on a multi-user system to gain elevated privileges, e.g. root builds some packages, and another user successfully exploits this vulnerability to write to a system file.


Discovery 2004-01-30
Entry 2004-02-13
libtool
ge 1.3 lt 1.3.5_2

ge 1.4 lt 1.4.3_3

ge 1.5 lt 1.5.2

http://www.geocrawler.com/mail/msg.php3?msg_id=3438808&list=405
http://www.securityfocus.com/archive/1/352333
77c14729-dc5e-11de-92ae-02e0184b8d35libtool -- Library Search Path Privilege Escalation Issue

Secunia.com

Do not attempt to load an unqualified module.la file from the current directory (by default) since doing so is insecure and is not compliant with the documentation.


Discovery 2009-11-25
Entry 2009-11-28
Modified 2010-05-02
libtool
lt 2.2.6b

CVE-2009-3736
http://secunia.com/advisories/37414/
http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html
77c14729-dc5e-11de-92ae-02e0184b8d35libtool -- Library Search Path Privilege Escalation Issue

Secunia.com

Do not attempt to load an unqualified module.la file from the current directory (by default) since doing so is insecure and is not compliant with the documentation.


Discovery 2009-11-25
Entry 2009-11-28
Modified 2010-05-02
libtool
lt 2.2.6b

CVE-2009-3736
http://secunia.com/advisories/37414/
http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html
cacaffbc-5e64-11d8-80e3-0020ed76ef5aGNU libtool insecure temporary file handling

libtool attempts to create a temporary directory in which to write scratch files needed during processing. A malicious user may create a symlink and then manipulate the directory so as to write to files to which she normally has no permissions.

This has been reported as a ``symlink vulnerability'', although I do not think that is an accurate description.

This vulnerability could possibly be used on a multi-user system to gain elevated privileges, e.g. root builds some packages, and another user successfully exploits this vulnerability to write to a system file.


Discovery 2004-01-30
Entry 2004-02-13
libtool
ge 1.3 lt 1.3.5_2

ge 1.4 lt 1.4.3_3

ge 1.5 lt 1.5.2

http://www.geocrawler.com/mail/msg.php3?msg_id=3438808&list=405
http://www.securityfocus.com/archive/1/352333