FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1edae47e-1cdd-11ea-8c2a-08002743b791samba -- multiple vulnerabilities

The Samba Team reports:

CVE-2019-14861:

An authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name.

CVE-2019-14870:

The DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC.


Discovery 2019-12-10
Entry 2019-12-12
samba48
ge 4.8.0

samba410
< 4.10.11

samba411
< 4.11.3

https://www.samba.org/samba/history/samba-4.10.11.html
CVE-2019-14861
CVE-2019-14870
793a0072-7822-11e9-81e2-005056a311d1samba -- multiple vulnerabilities

The samba project reports:

The checksum validation in the S4U2Self handler in the embedded Heimdal KDC did not first confirm that the checksum was keyed, allowing replacement of the requested target (client) principal

Authenticated users with write permission can trigger a symlink traversal to write or detect files outside the Samba share.


Discovery 2019-05-14
Entry 2019-05-14
samba46
le 4.6.16

samba47
le 4.7.12

samba48
< 4.8.12

samba49
< 4.9.8

samba410
< 4.10.3

https://www.samba.org/samba/security/CVE-2018-16860.html
CVE-2018-16860
https://www.samba.org/samba/security/CVE-2019-3880.html
CVE-2019-3880
54976998-f248-11e8-81e2-005056a311d1samba -- multiple vulnerabilities

The samba project reports:

All versions of Samba from 4.0.0 onwards are vulnerable to infinite query recursion caused by CNAME loops. Any dns record can be added via ldap by an unprivileged user using the ldbadd tool, so this is a security issue.

When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ.

During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process.

During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate

A user in a Samba AD domain can crash the KDC when Samba is built in the non-default MIT Kerberos configuration.

AD DC Configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all.


Discovery 2018-08-14
Entry 2018-08-14
samba46
le 4.6.16

samba47
< 4.7.12

samba48
< 4.8.7

samba49
< 4.9.3

https://www.samba.org/samba/security/CVE-2018-14629.html
CVE-2018-14629
https://www.samba.org/samba/security/CVE-2018-16841.html
CVE-2018-16841
https://www.samba.org/samba/security/CVE-2018-16851.html
CVE-2018-16851
https://www.samba.org/samba/security/CVE-2018-16852.html
CVE-2018-16852
https://www.samba.org/samba/security/CVE-2018-16853.html
CVE-2018-16853
https://www.samba.org/samba/security/CVE-2018-16857.html
CVE-2018-16857
50a1bbc9-fb80-11e9-9e70-005056a311d1samba -- multiple vulnerabilities

The samba project reports:

Malicious servers can cause Samba client code to return filenames containing path separators to calling code.

When the password contains multi-byte (non-ASCII) characters, the check password script does not receive the full password string.

Users with the "get changes" extended access right can crash the AD DC LDAP server by requesting an attribute using the range= syntax.


Discovery 2019-09-29
Entry 2019-10-29
samba48
le 4.8.12

samba410
< 4.10.10

samba411
< 4.11.2

https://www.samba.org/samba/security/CVE-2019-10218.html
CVE-2019-10218
https://www.samba.org/samba/security/CVE-2019-14833.html
CVE-2019-14833
https://www.samba.org/samba/security/CVE-2019-14847.html
CVE-2019-14847