FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-23 14:57:51 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0c6f3fde-9c51-11d8-9366-0020ed76ef5aMidnight Commander buffer overflows, format string bugs, and insecure temporary file handling

Jakub Jelinek reports several security related bugs in Midnight Commander, including:

  • Multiple buffer overflows (CVE-2004-0226)
  • Insecure temporary file handling (CVE-2004-0231)
  • Format string bug (CVE-2004-0232)

Discovery 2004-04-29
Entry 2004-05-02
Modified 2004-06-14
mc
< 4.6.0_10

CVE-2004-0226
CVE-2004-0231
CVE-2004-0232
2b2b333b-6bd3-11d9-95f8-000a95bc6faemc -- multiple vulnerabilities

Andrew V. Samoilov reported several vulnerabilities that were corrected in MidnightCommand 4.6.0:

  • Format string issues (CVE-2004-1004)
  • Buffer overflows (CVE-2004-1005)
  • Denial-of-service, infinite loop (CVE-2004-1009)
  • Denial-of-service, corrupted section header (CVE-2004-1090)
  • Denial-of-service, null pointer dereference (CVE-2004-1091)
  • Freeing unallocated memory (CVE-2004-1092)
  • Using already freed memory (CVE-2004-1093)

Discovery 2004-12-01
Entry 2005-01-21
mc
< 4.6.0

CVE-2004-1004
CVE-2004-1005
CVE-2004-1009
CVE-2004-1090
CVE-2004-1091
CVE-2004-1092
CVE-2004-1093
322d4ff6-85c3-11d8-a41f-0020ed76ef5aMidnight Commander buffer overflow during symlink resolution

Midnight Commander uses a fixed sized stack buffer while resolving symbolic links within file archives (tar or cpio). If an attacker can cause a user to process a specially crafted file archive with Midnight Commander, the attacker may be able to obtain the privileges of the target user.


Discovery 2003-09-19
Entry 2004-04-03
Modified 2004-04-13
mc
< 4.6.0_9

CVE-2003-1023
http://marc.theaimsgroup.com/?l=bugtraq&m=106399528518704
8658
7884d56f-f7a1-11d8-9837-000c41e2cdadgnomevfs -- unsafe URI handling

Alexander Larsson reports that some versions of gnome-vfs and MidnightCommander contain a number of `extfs' scripts that do not properly validate user input. If an attacker can cause her victim to process a specially-crafted URI, arbitrary commands can be executed with the privileges of the victim.


Discovery 2004-08-04
Entry 2004-08-26
gnomevfs2
< 2.6.2_1

gnomevfs
< 1.0.5_6

mc
le 4.6.0_12

CVE-2004-0494
10864
http://www.ciac.org/ciac/bulletins/o-194.shtml
http://xforce.iss.net/xforce/xfdb/16897
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127263