FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-23 14:57:51 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
017a493f-7db6-11e5-a762-14dae9d210b8	openafs -- information disclosure The OpenAFS development team reports: When constructing an Rx acknowledgment (ACK) packet, Andrew-derived Rx implementations do not initialize three octets of data that are padding in the C language structure and were inadvertently included in the wire protocol (CVE-2015-7762). Additionally, OpenAFS Rx in versions 1.5.75 through 1.5.78, 1.6.0 through 1.6.14, and 1.7.0 through 1.7.32 include a variable-length padding at the end of the ACK packet, in an attempt to detect the path MTU, but only four octets of the additional padding are initialized (CVE-2015-7763). Discovery 2015-10-28 Entry 2015-10-28 openafs < 1.6.15 http://openafs.org/pages/security/OPENAFS-SA-2015-007.txt CVE-2015-7762 CVE-2015-7763
0bf376b7-cc6b-11e2-a424-14dae938ec40	net/openafs -- buffer overflow Nickolai Zeldovich reports: An attacker with the ability to manipulate AFS directory ACLs may crash the fileserver hosting that volume. In addition, once a corrupt ACL is placed on a fileserver, its existence may crash client utilities manipulating ACLs on that server. Discovery 2013-02-27 Entry 2013-06-03 openafs < 1.6.2.* http://www.openafs.org/pages/security/OPENAFS-SA-2013-001.txt CVE-2013-1794
2e8fe57e-2b46-11e6-ae88-002590263bf5	openafs -- local DoS vulnerability The OpenAFS development team reports: Avoid a potential denial of service issue, by fixing a bug in pioctl logic that allowed a local user to overrun a kernel buffer with a single NUL byte. Discovery 2016-03-16 Entry 2016-06-05 openafs < 1.6.16 CVE-2015-8312 https://www.openafs.org/dl/1.6.16/RELNOTES-1.6.16
bcbd3fe0-2b46-11e6-ae88-002590263bf5	openafs -- multiple vulnerabilities The OpenAFS development team reports: Foreign users can bypass access controls to create groups as system:administrators, including in the user namespace and the system: namespace. The contents of uninitialized memory are sent on the wire when clients perform certain RPCs. Depending on the RPC, the information leaked may come from kernel memory or userspace. Discovery 2016-03-16 Entry 2016-06-05 openafs < 1.6.17 CVE-2016-2860 CVE-2016-4536 ports/209534 http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt http://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt
c0c31b27-bff3-11e3-9d09-000c2980a9f3	openafs -- Denial of Service The OpenAFS development team reports: An attacker with the ability to connect to an OpenAFS fileserver can trigger a buffer overflow, crashing the server. The buffer overflow can be triggered by sending an unauthenticated request for file server statistical information. Clients are not affected. Discovery 2014-04-09 Entry 2014-04-09 openafs ge 1.4.8 lt 1.6.7 CVE-2014-0159 http://openafs.org/security/OPENAFS-SA-2014-001.txt
c4d412c8-f4d1-11e2-b86c-000c295229d5	openafs -- single-DES cell-wide key brute force vulnerability OpenAFS Project reports: The small size of the DES key space permits an attacker to brute force a cell's service key and then forge traffic from any user within the cell. The key space search can be performed in under 1 day at a cost of around $100 using publicly available services. Discovery 2013-07-24 Entry 2013-07-25 openafs < 1.6.5 CVE-2013-4134 http://openafs.org/pages/security/OPENAFS-SA-2013-003.txt http://openafs.org/pages/security/how-to-rekey.txt http://openafs.org/pages/security/install-rxkad-k5-1.6.txt