FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The last vuln.xml file processed by FreshPorts is:
nothing found there
List all Vulnerabilities, by package
List all Vulnerabilities, by date
These are the vulnerabilities relating to the commit you have selected:
|e4403051-a667-11eb-b9c9-6cc21735f730||sbibboleth-sp -- denial of service vulnerability|
Shibboleth project reports:
Session recovery feature contains a null pointer deference.
The cookie-based session recovery feature added in V3.0 contains a
flaw that is exploitable on systems *not* using the feature if a
specially crafted cookie is supplied.
This manifests as a crash in the shibd daemon/service process.
Because it is very simple to trigger this condition remotely, it
results in a potential denial of service condition exploitable by
a remote, unauthenticated attacker.
ge 3.0.0 lt 3.2.1_1
|4f8665d0-0465-11e9-b77a-6cc21735f730||shibboleth-sp -- crashes on malformed date/time content|
The Shibboleth Consortium reports:
SAML messages, assertions, and metadata all commonly contain
date/time information in a standard XML format.
Invalid formatted data in such fields cause an exception of a type
that was not handled properly in the V3 software and causes a crash
(usually to the shibd daemon process, but possibly to Apache in rare
cases). Note that the crash occurs prior to evaluation of a message's
authenticity, so can be exploited by an untrusted attacker.
The problem is believed to be specific to the V3 software and would
not cause a crash in the older, now unsupported, V2 software.
ge 3.0.0 lt 3.0.3