FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-10-17 18:01:51 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
92268205-1947-11d9-bc4a-000c41e2cdad	cyrus-sasl -- dynamic library loading and set-user-ID applications The Cyrus SASL library, libsasl, contains functions which may load dynamic libraries. These libraries may be loaded from the path specified by the environmental variable SASL_PATH, which in some situations may be fully controlled by a local attacker. Thus, if a set-user-ID application (such as chsh) utilizes libsasl, it may be possible for a local attacker to gain superuser privileges. Discovery 2004-09-22 Entry 2004-10-08 cyrus-sasl <= 1.5.28_3 >= 2.* le 2.1.19 CVE-2004-0884 https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/lib/common.c#rev1.104
14ab174c-40ef-11de-9fd5-001bd3385381	cyrus-sasl -- buffer overflow vulnerability US-CERT reports: The sasl_encode64() function converts a string into base64. The Cyrus SASL library contains buffer overflows that occur because of unsafe use of the sasl_encode64() function. Discovery 2009-04-08 Entry 2009-05-15 cyrus-sasl < 2.1.23 CVE-2009-0688 http://www.kb.cert.org/vuls/id/238019

VuXML ID

Description

92268205-1947-11d9-bc4a-000c41e2cdad

cyrus-sasl -- dynamic library loading and set-user-ID applications

The Cyrus SASL library, libsasl, contains functions which may load dynamic libraries. These libraries may be loaded from the path specified by the environmental variable SASL_PATH, which in some situations may be fully controlled by a local attacker. Thus, if a set-user-ID application (such as chsh) utilizes libsasl, it may be possible for a local attacker to gain superuser privileges.

Discovery 2004-09-22
Entry 2004-10-08
cyrus-sasl

<= 1.5.28_3

>= 2.* le 2.1.19

CVE-2004-0884
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/lib/common.c#rev1.104

14ab174c-40ef-11de-9fd5-001bd3385381

cyrus-sasl -- buffer overflow vulnerability

US-CERT reports:

The sasl_encode64() function converts a string into base64. The Cyrus SASL library contains buffer overflows that occur because of unsafe use of the sasl_encode64() function.

Discovery 2009-04-08
Entry 2009-05-15
cyrus-sasl

< 2.1.23

CVE-2009-0688
http://www.kb.cert.org/vuls/id/238019