FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
2c2d4e83-2370-11e0-a91b-00e0815b8da8	tarsnap -- cryptographic nonce reuse Colin Percival reports: In versions 1.0.22 through 1.0.27 of Tarsnap, the CTR nonce value is not incremented after each chunk is encrypted. (The CTR counter is correctly incremented after each 16 bytes of data was processed, but this counter is reset to zero for each new chunk.) Note that since the Tarsnap client-server protocol is encrypted, being able to intercept Tarsnap client-server traffic does not provide an attacker with access to the data. Discovery 2011-01-18 Entry 2011-01-19 tarsnap ge 1.0.22 le 1.0.27 http://www.daemonology.net/blog/2011-01-18-tarsnap-critical-security-bug.html
2fe40238-480f-11e5-adde-14dae9d210b8	tarsnap -- buffer overflow and local DoS Colin Percival reports: 1. SECURITY FIX: When constructing paths of objects being archived, a buffer could overflow by one byte upon encountering 1024, 2048, 4096, etc. byte paths. Theoretically this could be exploited by an unprivileged user whose files are being archived; I do not believe it is exploitable in practice, but I am offering a $1000 bounty for the first person who can prove me wrong: http://www.daemonology.net/blog/2015-08-21-tarsnap-1000-exploit-bounty.html 2. SECURITY FIX: An attacker with a machine's write keys, or with read keys and control of the tarsnap service, could make tarsnap allocate a large amount of memory upon listing archives or reading an archive the attacker created; on 32-bit machines, tarsnap can be caused to crash under the aforementioned conditions. Discovery 2015-08-21 Entry 2015-08-21 tarsnap < 1.0.36 http://mail.tarsnap.com/tarsnap-announce/msg00032.html http://www.daemonology.net/blog/2015-08-21-tarsnap-1000-exploit-bounty.html

VuXML ID

Description

2c2d4e83-2370-11e0-a91b-00e0815b8da8

tarsnap -- cryptographic nonce reuse

Colin Percival reports:

In versions 1.0.22 through 1.0.27 of Tarsnap, the CTR nonce value is not incremented after each chunk is encrypted. (The CTR counter is correctly incremented after each 16 bytes of data was processed, but this counter is reset to zero for each new chunk.)

Note that since the Tarsnap client-server protocol is encrypted, being able to intercept Tarsnap client-server traffic does not provide an attacker with access to the data.

Discovery 2011-01-18
Entry 2011-01-19
tarsnap

ge 1.0.22 le 1.0.27

http://www.daemonology.net/blog/2011-01-18-tarsnap-critical-security-bug.html

2fe40238-480f-11e5-adde-14dae9d210b8

tarsnap -- buffer overflow and local DoS

Colin Percival reports:

1. SECURITY FIX: When constructing paths of objects being archived, a buffer could overflow by one byte upon encountering 1024, 2048, 4096, etc. byte paths. Theoretically this could be exploited by an unprivileged user whose files are being archived; I do not believe it is exploitable in practice, but I am offering a $1000 bounty for the first person who can prove me wrong: http://www.daemonology.net/blog/2015-08-21-tarsnap-1000-exploit-bounty.html

2. SECURITY FIX: An attacker with a machine's write keys, or with read keys and control of the tarsnap service, could make tarsnap allocate a large amount of memory upon listing archives or reading an archive the attacker created; on 32-bit machines, tarsnap can be caused to crash under the aforementioned conditions.

Discovery 2015-08-21
Entry 2015-08-21
tarsnap

< 1.0.36

http://mail.tarsnap.com/tarsnap-announce/msg00032.html
http://www.daemonology.net/blog/2015-08-21-tarsnap-1000-exploit-bounty.html