FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  520069
Date:      2019-12-13
Time:      20:34:37Z
Committer: swills

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
40a8d798-4615-11e7-8080-a4badb2f4699heimdal -- bypass of capath policy

Viktor Dukhovni reports:

Commit f469fc6 (2010-10-02) inadvertently caused the previous hop realm to not be added to the transit path of issued tickets. This may, in some cases, enable bypass of capath policy in Heimdal versions 1.5 through 7.2. Note, this may break sites that rely on the bug. With the bug some incomplete [capaths] worked, that should not have. These may now break authentication in some cross-realm configurations. (CVE-2017-6594)

Discovery 2017-04-13
Entry 2017-05-31
lt 7.1.0_3

446dbecb-9edc-11d8-9366-0020ed76ef5aheimdal kadmind remote heap buffer overflow

An input validation error was discovered in the kadmind code that handles the framing of Kerberos 4 compatibility administration requests. The code assumed that the length given in the framing was always two or more bytes. Smaller lengths will cause kadmind to read an arbitrary amount of data into a minimally-sized buffer on the heap.

A remote attacker may send a specially formatted message to kadmind, causing it to crash or possibly resulting in arbitrary code execution.

The kadmind daemon is part of Kerberos 5 support. However, this bug will only be present if kadmind was built with additional Kerberos 4 support. Thus, only systems that have *both* Heimdal Kerberos 5 and Kerberos 4 installed might be affected.

NOTE: On FreeBSD 4 systems, `kadmind' may be installed as `k5admind'.

Discovery 2004-05-05
Entry 2004-05-05
lt 0.6.1_1

ge 4.9 lt 4.9_7

ge 4.0 lt 4.8_20

b62c80c2-b81a-11da-bec5-00123ffe8333heimdal -- Multiple vulnerabilities

A Project heimdal Security Advisory reports:

The telnet client program in Heimdal has buffer overflows in the functions slc_add_reply() and env_opt_add(), which may lead to remote code execution.

The telnetd server program in Heimdal has buffer overflows in the function getterminaltype, which may lead to remote code execution.

The rshd server in Heimdal has a privilege escalation bug when storing forwarded credentials. The code allowes a user to overwrite a file with its credential cache, and get ownership of the file.

Discovery 2006-02-06
Entry 2006-03-20
lt 0.6.6

bfb36941-84fa-11d8-a41f-0020ed76ef5aIncorrect cross-realm trust handling in Heimdal

Heimdal does not correctly validate the `transited' field of Kerberos tickets when computing the authentication path. This could allow a rogue KDC with which cross-realm relationships have been established to impersonate any KDC in the authentication path.

Discovery 2004-04-01
Entry 2004-04-02
Modified 2004-05-05
lt 0.6.1

ge 5.0 lt 5.2_6

ge 4.9 lt 4.9_6

ge 4.0 lt 4.8_19