FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
5f0dd349-40a2-11ea-8d8c-005056a311d1samba -- multiple vulnerabilities

The Samba Team reports:

CVE-2019-14902

The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers.

CVE-2019-14907

When processing untrusted string input Samba can read past the end of the allocated buffer when printing a "Conversion error" message to the logs.

CVE-2019-19344

During DNS zone scavenging (of expired dynamic entries) there is a read of memory after it has been freed.


Discovery 2020-01-14
Entry 2020-01-27
samba410
lt 4.10.12

samba411
lt 4.11.4

https://www.samba.org/samba/history/samba-4.10.12.html
CVE-2019-14902
CVE-2019-14907
CVE-2019-19344
ae599263-bca2-11ea-b78f-b42e99a1b9c3samba -- Multiple Vulnerabilities

The Samba Team reports:

Four vulnerabilities were fixed in samba:

  • CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results
  • CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume excessive CPU in the AD DC (only)
  • CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with paged_results and VLV
  • CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd

Discovery 2020-07-02
Entry 2020-07-02
samba410
lt 4.10.17

samba411
lt 4.11.11

samba412
lt 4.12.4

https://www.samba.org/samba/security/CVE-2020-10730.html
https://www.samba.org/samba/security/CVE-2020-10745.html
https://www.samba.org/samba/security/CVE-2020-10760.html
https://www.samba.org/samba/security/CVE-2020-14303.html
CVE-2020-10730
CVE-2020-10745
CVE-2020-10760
CVE-2020-14303
1edae47e-1cdd-11ea-8c2a-08002743b791samba -- multiple vulnerabilities

The Samba Team reports:

CVE-2019-14861:

An authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name.

CVE-2019-14870:

The DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC.


Discovery 2019-12-10
Entry 2019-12-12
samba48
ge 4.8.0

samba410
lt 4.10.11

samba411
lt 4.11.3

https://www.samba.org/samba/history/samba-4.10.11.html
CVE-2019-14861
CVE-2019-14870
3c7911c9-8a29-11ea-8d8c-005056a311d1samba -- multiple vulnerabilities

The Samba Team reports:

CVE-2020-10700

A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a use-after-free in Samba's AD DC LDAP server.

CVE-2020-10704

A deeply nested filter in an un-authenticated LDAP search can exhaust the LDAP server's stack memory causing a SIGSEGV.


Discovery 2020-04-29
Entry 2020-04-29
samba410
lt 4.10.15

samba411
lt 4.11.8

samba412
lt 4.12.2

https://www.samba.org/samba/history/samba-4.12.2.html
CVE-2020-10700
CVE-2020-10704
24ace516-fad7-11ea-8d8c-005056a311d1samba -- Unauthenticated domain takeover via netlogon

The Samba Team reports:

An unauthenticated attacker on the network can gain administrator access by exploiting a netlogon protocol flaw.


Discovery 2020-01-01
Entry 2020-09-20
samba410
lt 4.10.18

samba411
lt 4.11.13

samba412
lt 4.12.7

https://www.samba.org/samba/security/CVE-2020-1472.html
CVE-2020-1472
9ca85b7c-1b31-11eb-8762-005056a311d1samba -- Multiple Vulnerabilities

The Samba Team reports:

  • CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify
  • CVE-2020-14323: Unprivileged user can crash winbind
  • CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records

Discovery 2020-10-29
Entry 2020-10-30
samba410
le 4.10.18

samba411
lt 4.11.15

samba412
lt 4.12.9

samba413
lt 4.13.1

https://www.samba.org/samba/security/CVE-2020-14318.html
https://www.samba.org/samba/security/CVE-2020-14323.html
https://www.samba.org/samba/security/CVE-2020-14383.html
CVE-2020-14318
CVE-2020-14323
CVE-2020-14383