FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
4729c849-4897-11e6-b704-000c292e4fd8samba -- client side SMB2/3 required signing can be downgraded

Samba team reports:

A man in the middle attack can disable client signing over SMB2/3, even if enforced by configuration parameters.


Discovery 2016-07-07
Entry 2016-07-13
samba4
ge 4.0.0 le 4.0.26

samba41
ge 4.1.0 le 4.1.23

samba42
ge 4.2.0 lt 4.2.14

samba43
ge 4.3.0 lt 4.3.11

samba44
ge 4.4.0 lt 4.4.5

CVE-2016-2119
https://www.samba.org/samba/security/CVE-2016-2119.html
e4bc323f-cc73-11e6-b704-000c292e4fd8samba -- multiple vulnerabilities

Samba team reports:

[CVE-2016-2123] Authenticated users can supply malicious dnsRecord attributes on DNS objects and trigger a controlled memory corruption.

[CVE-2016-2125] Samba client code always requests a forwardable ticket when using Kerberos authentication. This means the target server, which must be in the current or trusted domain/realm, is given a valid general purpose Kerberos "Ticket Granting Ticket" (TGT), which can be used to fully impersonate the authenticated user or service.

[CVE-2016-2126] A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket due to incorrect handling of the PAC checksum. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.


Discovery 2016-12-19
Entry 2016-12-26
Modified 2016-12-26
samba36
ge 3.6.0 le 3.6.25_4

samba4
ge 4.0.0 le 4.0.26

samba41
ge 4.1.0 le 4.1.23

samba42
ge 4.2.0 le 4.2.14

samba43
ge 4.3.0 lt 4.3.13

samba44
ge 4.4.0 lt 4.4.8

samba45
ge 4.5.0 lt 4.5.3

CVE-2016-2123
https://www.samba.org/samba/security/CVE-2016-2123.html
CVE-2016-2125
https://www.samba.org/samba/security/CVE-2016-2125.html
CVE-2016-2126
https://www.samba.org/samba/security/CVE-2016-2126.html
2826317b-10ec-11e7-944e-000c292e4fd8samba -- symlink race allows access outside share definition

Samba team reports:

A time-of-check, time-of-use race condition can allow clients to access non-exported parts of the file system via symlinks.


Discovery 2017-03-23
Entry 2017-03-24
samba36
ge 3.6.0 le 3.6.25_4

samba4
ge 4.0.0 le 4.0.26

samba41
ge 4.1.0 le 4.1.23

samba42
ge 4.2.0 le 4.2.14

samba43
ge 4.3.0 le 4.3.13

samba44
ge 4.4.0 lt 4.4.12

samba45
ge 4.5.0 lt 4.5.7

samba46
ge 4.6.0 lt 4.6.1

https://www.samba.org/samba/security/CVE-2017-2619.html
CVE-2017-2619
6f4d96c0-4062-11e7-b291-b499baebfeafsamba -- remote code execution vulnerability

The samba project reports:

Remote code execution from a writable share.

All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.


Discovery 2017-05-24
Entry 2017-05-24
samba42
lt 4.2.15

samba43
lt 4.3.14

samba44
lt 4.4.14

samba45
lt 4.5.10

samba46
lt 4.6.4

https://www.samba.org/samba/security/CVE-2017-7494.html
CVE-2017-7494
85851e4f-67d9-11e7-bc37-00505689d4aesamba -- Orpheus Lyre mutual authentication validation bypass

The samba project reports:

A MITM attacker may impersonate a trusted server and thus gain elevated access to the domain by returning malicious replication or authorization data.


Discovery 2017-07-12
Entry 2017-07-12
samba42
lt 4.2.15

samba43
lt 4.3.14

samba44
lt 4.4.15

samba45
lt 4.5.12

samba46
lt 4.6.6

https://www.samba.org/samba/security/CVE-2017-11103.html
CVE-2017-11103