FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-20 02:15:38 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
613e45d1-6154-11e3-9b62-000c292e4fd8samba -- multiple vulnerabilities

The Samba project reports:

These are security releases in order to address CVE-2013-4408 (DCE-RPC fragment length field is incorrectly checked) and CVE-2012-6150 (pam_winbind login without require_membership_of restrictions).


Discovery 2012-06-12
Entry 2013-12-11
samba34
gt 0

samba35
gt 0

samba36
gt 3.6.* lt 3.6.22

samba4
gt 4.0.* lt 4.0.13

samba41
gt 4.1.* lt 4.1.3

CVE-2012-6150
CVE-2013-4408
http://www.samba.org/samba/security/CVE-2012-6150
http://www.samba.org/samba/security/CVE-2013-4408
e21c7c7a-0116-11e3-9e83-3c970e169bc2samba -- denial of service vulnerability

The Samba project reports:

All current released versions of Samba are vulnerable to a denial of service on an authenticated or guest connection. A malformed packet can cause the smbd server to loop the CPU performing memory allocations and preventing any further service.

A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated if guest connections are allowed.


Discovery 2013-08-05
Entry 2013-08-09
Modified 2013-08-09
samba34
gt 0

samba35
gt 0

samba36
gt 3.6.* lt 3.6.17

samba4
gt 4.0.* lt 4.0.8

CVE-2013-4124
http://www.samba.org/samba/security/CVE-2013-4124
479efd57-516e-11e3-9b62-000c292e4fd8samba -- Private key in key.pem world readable

The Samba project reports:

Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller.


Discovery 2013-06-12
Entry 2013-11-19
samba4
gt 4.0.* lt 4.0.11

samba41
gt 4.1.* lt 4.1.1

CVE-2013-4476
http://www.samba.org/samba/security/CVE-2013-4476
03e48bf5-a96d-11e3-a556-3c970e169bc2samba -- multiple vulnerabilities

Samba project reports:

In Samba's SAMR server we neglect to ensure that attempted password changes will update the bad password count, nor set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly.

This is available without any other authentication.

smbcacls can remove a file or directory ACL by mistake.


Discovery 2014-03-11
Entry 2014-03-11
samba34
gt 0

samba35
gt 0

samba36
gt 3.6.* lt 3.6.23

samba4
gt 4.0.* lt 4.0.16

samba41
gt 4.1.* lt 4.1.6

CVE-2013-4496
CVE-2013-6442
http://www.samba.org/samba/security/CVE-2013-4496
http://www.samba.org/samba/security/CVE-2013-6442
6ad309d9-fb03-11e3-bebd-000c2980a9f3samba -- multiple vulnerabilities

The samba project reports:

A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS name service.

Valid unicode path names stored on disk can cause smbd to crash if an authenticated client attempts to read them using a non-unicode request.


Discovery 2014-06-23
Entry 2014-06-23
samba36
< 3.6.24

samba4
< 4.0.19

samba41
< 4.1.9

CVE-2014-0244
CVE-2014-3493
https://www.samba.org/samba/security/CVE-2014-0244
https://www.samba.org/samba/security/CVE-2014-3493
a4f08579-516c-11e3-9b62-000c292e4fd8samba -- ACLs are not checked on opening an alternate data stream on a file or directory

The Samba project reports:

Samba versions 3.2.0 and above (all versions of 3.2.x, 3.3.x, 3.4.x, 3.5.x, 3.6.x, 4.0.x and 4.1.x) do not check the underlying file or directory ACL when opening an alternate data stream.

According to the SMB1 and SMB2+ protocols the ACL on an underlying file or directory should control what access is allowed to alternate data streams that are associated with the file or directory.


Discovery 2013-06-12
Entry 2013-11-19
samba34
gt 0

samba35
gt 0

samba36
gt 3.6.* lt 3.6.20

samba4
gt 4.0.* lt 4.0.11

samba41
gt 4.1.* lt 4.1.1

CVE-2013-4475
http://www.samba.org/samba/security/CVE-2013-4475