FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2e129846-8fbb-11d8-8b29-0020ed76ef5aMySQL insecure temporary file creation (mysqlbug)

Shaun Colley reports that the script `mysqlbug' included with MySQL sometimes creates temporary files in an unsafe manner. As a result, an attacker may create a symlink in /tmp so that if another user invokes `mysqlbug' and quits without making any changes, an arbitrary file may be overwritten with the bug report template.


Discovery 2004-03-25
Entry 2004-04-16
Modified 2004-05-21
mysql-client
ge 4.0 lt 4.0.20

ge 4.1 lt 4.1.1_2

ge 5.0 lt 5.0.0_2

http://marc.theaimsgroup.com/?l=bugtraq&m=108023246916294&w=2
http://bugs.mysql.com/bug.php?id=3284
9976
CVE-2004-0381
4775c807-8f30-11dd-821f-001cc0377035mysql -- command line client input validation vulnerability

Thomas Henlich reports:

The mysql command-line client does not quote HTML special characters like < in its output. This allows an attacker who is able to write data into a table to hide or modify records in the output, and to inject potentially dangerous code, e. g. Javascript to perform cross-site scripting or cross-site request forgery attacks.


Discovery 2007-04-17
Entry 2008-10-01
Modified 2008-10-10
mysql-client
gt 5.1 lt 5.1.28_1

gt 5.0 lt 5.0.67_1

31486
http://www.henlich.de/it-security/mysql-command-line-client-html-injection-vulnerability/
77420ebb-0cf4-11d9-8a8a-000c41e2cdadmysql -- heap buffer overflow with prepared statements

There is a buffer overflow in the prepared statements API (libmysqlclient) when a statement containing thousands of placeholders is executed.


Discovery 2004-09-08
Entry 2004-09-23
mysql-server
mysql-client
ge 4.1.0 le 4.1.4

http://bugs.mysql.com/bug.php?id=5194
http://dev.mysql.com/doc/mysql/en/News-4.1.5.html
http://mysql.bkbits.net:8080/mysql-4.1/cset@1.1932.152.4
835256b8-46ed-11d9-8ce0-00065be4b5b6mysql -- mysql_real_connect buffer overflow vulnerability

The mysql_real_connect function doesn't properly handle DNS replies by copying the IP address into a buffer without any length checking. A specially crafted DNS reply may therefore be used to cause a buffer overflow on affected systems.

Note that whether this issue can be exploitable depends on the system library responsible for the gethostbyname function. The bug finder, Lukasz Wojtow, explaines this with the following words:

In glibc there is a limitation for an IP address to have only 4 bytes (obviously), but generally speaking the length of the address comes with a response for dns query (i know it sounds funny but read rfc1035 if you don't believe). This bug can occur on libraries where gethostbyname function takes length from dns's response


Discovery 2004-06-04
Entry 2004-12-16
Modified 2005-03-15
mysql-server
le 3.23.58_3

ge 4.* lt 4.0.21

mysql-client
le 3.23.58_3

ge 4.* lt 4.0.21

CVE-2004-0836
10981
http://bugs.mysql.com/bug.php?id=4017
http://lists.mysql.com/internals/14726
http://rhn.redhat.com/errata/RHSA-2004-611.html
http://www.osvdb.org/displayvuln.php?osvdb_id=10658