FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
8c1a271d-56cf-11e7-b9fe-c13eb7bcbf4fexim -- Privilege escalation via multiple memory leaks

Qualsys reports:

Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.


Discovery 2017-06-19
Entry 2017-06-21
exim
< 4.89_1

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000369
7d09b9ee-e0ba-11e5-abc4-6fb07af136d2exim -- local privillege escalation

The Exim development team reports:

All installations having Exim set-uid root and using 'perl_startup' are vulnerable to a local privilege escalation. Any user who can start an instance of Exim (and this is normally any user) can gain root privileges. If you do not use 'perl_startup' you should be safe.


Discovery 2016-02-26
Entry 2016-03-02
exim
< 4.86.2

< 4.85.2

< 4.84.2

CVE-2016-1531
https://lists.exim.org/lurker/message/20160302.191005.a72d8433.en.html
e7002b26-caaa-11e6-a76a-9f7324e5534eexim -- DKIM private key leak

The Exim project reports:

Exim leaks the private DKIM signing key to the log files. Additionally, if the build option EXPERIMENTAL_DSN_INFO=yes is used, the key material is included in the bounce message.


Discovery 2016-12-15
Entry 2016-12-25
exim
gt 4.69 lt 4.87.1

https://exim.org/static/doc/CVE-2016-9963.txt
CVE-2016-9963
61db9b88-d091-11e9-8d41-97657151f8c2Exim -- RCE with root privileges in TLS SNI handler

Exim developers report:

If your Exim server accepts TLS connections, it is vulnerable. This does not depend on the TLS libray, so both, GnuTLS and OpenSSL are affected.

The vulnerability is exploitable by sending a SNI ending in a backslash-null sequence during the initial TLS handshake. The exploit exists as a POC. For more details see the document qualys.mbx


Discovery 2019-09-02
Entry 2019-09-06
exim
< 4.92.2

https://git.exim.org/exim.git/blob_plain/2600301ba6dbac5c9d640c87007a07ee6dcea1f4:/doc/doc-txt/cve-2019-15846/cve.txt
316b3c3e-0e98-11e8-8d41-97657151f8c2exim -- a buffer overflow vulnerability, remote code execution

Exim developers report:

There is a buffer overflow in base64d(), if some pre-conditions are met. Using a handcrafted message, remote code execution seems to be possible.


Discovery 2018-02-05
Entry 2018-02-10
exim
< 4.90.1

https://exim.org/static/doc/security/CVE-2018-6789.txt
7d09b9ee-e0ba-11e5-abc4-6fb07af136d2exim -- local privillege escalation

The Exim development team reports:

All installations having Exim set-uid root and using 'perl_startup' are vulnerable to a local privilege escalation. Any user who can start an instance of Exim (and this is normally any user) can gain root privileges. If you do not use 'perl_startup' you should be safe.


Discovery 2016-02-26
Entry 2016-03-02
exim
< 4.86.2

< 4.85.2

< 4.84.2

CVE-2016-1531
https://lists.exim.org/lurker/message/20160302.191005.a72d8433.en.html
7d09b9ee-e0ba-11e5-abc4-6fb07af136d2exim -- local privillege escalation

The Exim development team reports:

All installations having Exim set-uid root and using 'perl_startup' are vulnerable to a local privilege escalation. Any user who can start an instance of Exim (and this is normally any user) can gain root privileges. If you do not use 'perl_startup' you should be safe.


Discovery 2016-02-26
Entry 2016-03-02
exim
< 4.86.2

< 4.85.2

< 4.84.2

CVE-2016-1531
https://lists.exim.org/lurker/message/20160302.191005.a72d8433.en.html