FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-22 18:21:47 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
88ff90f2-6e43-11d9-8c87-000a95bc6faemod_dosevasive -- insecure temporary file creation

An LSS Security Advisory reports:

When a denial of service attack is detected, mod_dosevasive will, among other things, create a temporary file which it will use to trace actions from the offensive IP address. This file is insecurely created in /tmp and it's name is easily predictable.

It is then easy for an attacker to create arbitrary files in any directory that the user under which apache runs has privileges to write.

[...] once the target file is opened, there is a race attack (although difficult to exploit) which can lead to mod_dosevasive overwriting any file that the user under which apache runs has privileges to write.


Discovery 2005-01-04
Entry 2005-01-24
Modified 2005-02-22
mod_dosevasive20
< 1.10

ports/77513
http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-01-01