This page displays vulnerability information about FreeBSD Ports.
The last vuln.xml file processed by FreshPorts is:
nothing found there
List all Vulnerabilities, by package
List all Vulnerabilities, by date
These are the vulnerabilities relating to the commit you have selected:
|2328adef-157c-11d9-8402-000d93664d5c||racoon -- improper certificate handling|
Thomas Walpuski noted when OpenSSL would detect an error condition for a peer certificate, racoon mistakenly ignored the error. This could allow five invalid certificate states to properly be used for authentication.
|40fcf20f-8891-11d8-90d1-0020ed76ef5a||racoon remote denial of service vulnerability (IKE Generic Payload Header)|
When racoon receives an IKE message with an incorrectly constructed Generic Payload Header, it may behave erratically, going into a tight loop and dropping connections.
|d8769838-8814-11d8-90d1-0020ed76ef5a||racoon fails to verify signature during Phase 1|
Ralf Spenneberg discovered a serious flaw in racoon. When using Phase 1 main or aggressive mode, racoon does not verify the client's RSA signature. Any installations using X.509 authentication are strongly urged to upgrade.
Installations using pre-shared keys are believed to be unaffected.
|ccd698df-8e20-11d8-90d1-0020ed76ef5a||racoon remote denial of service vulnerability (ISAKMP header length field)|
When racoon receives an ISAKMP header, it will attempt to allocate sufficient memory for the entire ISAKMP message according to the header's length field. If an attacker crafts an ISAKMP header with a ridiculously large value in the length field, racoon may exceed operating system resource limits and be terminated, resulting in a denial of service.
|3b260179-e464-460d-bf9f-d5cda6204020||racoon -- remote denial-of-service|
Sebastian Krahmer discovered that the racoon ISAKMP daemon could be crashed with a maliciously crafted UDP packet. No authentication is required in order to perform the attack.
|f8551668-de09-4d7b-9720-f1360929df07||tcpdump ISAKMP payload handling remote denial-of-service|
Chad Loder has discovered vulnerabilities in tcpdump's ISAKMP protocol handler. During an audit to repair these issues, Bill Fenner discovered some related problems.
These vulnerabilities may be used by an attacker to crash a running `tcpdump' process. They can only be triggered if the `-v' command line option is being used.
NOTE: the racoon ISAKMP/IKE daemon incorporates the ISAKMP protocol handler from tcpdump, and so is also affected by this issue.
|739bb51d-7e82-11d8-9645-0020ed76ef5a||racoon security association deletion vulnerability|
A remote attacker may use specially crafted IKE/ISAKMP messages to cause racoon to delete security associations. This could result in denial-of-service or possibly cause sensitive traffic to be transmitted in plaintext, depending upon configuration.