FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 06:51:43 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
b0f3ab1f-1f3b-11e2-8fe9-0022156e8794	Exim -- remote code execution This vulnerability affects Exim instances built with DKIM enabled (this is the default for FreeBSD Exim port) and running verification of DKIM signatures on the incoming mail messages. Phil Penncock reports: This is a SECURITY release, addressing a CRITICAL remote code execution flaw in versions of Exim between 4.70 and 4.80 inclusive, when built with DKIM support (the default). This security vulnerability can be exploited by anyone who can send email from a domain for which they control the DNS. You are not vulnerable if you built Exim with DISABLE_DKIM or if you put this at the start of an ACL plumbed into acl_smtp_connect or acl_smtp_rcpt: warn control = dkim_disable_verify Discovery 2012-10-25 Entry 2012-10-26 exim ge 4.70 lt 4.80.1 CVE-2012-5671 https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html
7d09b9ee-e0ba-11e5-abc4-6fb07af136d2	exim -- local privillege escalation The Exim development team reports: All installations having Exim set-uid root and using 'perl_startup' are vulnerable to a local privilege escalation. Any user who can start an instance of Exim (and this is normally any user) can gain root privileges. If you do not use 'perl_startup' you should be safe. Discovery 2016-02-26 Entry 2016-03-02 exim < 4.86.2 < 4.85.2 < 4.84.2 CVE-2016-1531 https://lists.exim.org/lurker/message/20160302.191005.a72d8433.en.html
316b3c3e-0e98-11e8-8d41-97657151f8c2	exim -- a buffer overflow vulnerability, remote code execution Exim developers report: There is a buffer overflow in base64d(), if some pre-conditions are met. Using a handcrafted message, remote code execution seems to be possible. Discovery 2018-02-05 Entry 2018-02-10 exim < 4.90.1 https://exim.org/static/doc/security/CVE-2018-6789.txt
e7002b26-caaa-11e6-a76a-9f7324e5534e	exim -- DKIM private key leak The Exim project reports: Exim leaks the private DKIM signing key to the log files. Additionally, if the build option EXPERIMENTAL_DSN_INFO=yes is used, the key material is included in the bounce message. Discovery 2016-12-15 Entry 2016-12-25 exim gt 4.69 lt 4.87.1 https://exim.org/static/doc/CVE-2016-9963.txt CVE-2016-9963
7d09b9ee-e0ba-11e5-abc4-6fb07af136d2	exim -- local privillege escalation The Exim development team reports: All installations having Exim set-uid root and using 'perl_startup' are vulnerable to a local privilege escalation. Any user who can start an instance of Exim (and this is normally any user) can gain root privileges. If you do not use 'perl_startup' you should be safe. Discovery 2016-02-26 Entry 2016-03-02 exim < 4.86.2 < 4.85.2 < 4.84.2 CVE-2016-1531 https://lists.exim.org/lurker/message/20160302.191005.a72d8433.en.html
7d09b9ee-e0ba-11e5-abc4-6fb07af136d2	exim -- local privillege escalation The Exim development team reports: All installations having Exim set-uid root and using 'perl_startup' are vulnerable to a local privilege escalation. Any user who can start an instance of Exim (and this is normally any user) can gain root privileges. If you do not use 'perl_startup' you should be safe. Discovery 2016-02-26 Entry 2016-03-02 exim < 4.86.2 < 4.85.2 < 4.84.2 CVE-2016-1531 https://lists.exim.org/lurker/message/20160302.191005.a72d8433.en.html
61db9b88-d091-11e9-8d41-97657151f8c2	Exim -- RCE with root privileges in TLS SNI handler Exim developers report: If your Exim server accepts TLS connections, it is vulnerable. This does not depend on the TLS libray, so both, GnuTLS and OpenSSL are affected. The vulnerability is exploitable by sending a SNI ending in a backslash-null sequence during the initial TLS handshake. The exploit exists as a POC. For more details see the document qualys.mbx Discovery 2019-09-02 Entry 2019-09-06 exim < 4.92.2 https://git.exim.org/exim.git/blob_plain/2600301ba6dbac5c9d640c87007a07ee6dcea1f4:/doc/doc-txt/cve-2019-15846/cve.txt
8c1a271d-56cf-11e7-b9fe-c13eb7bcbf4f	exim -- Privilege escalation via multiple memory leaks Qualsys reports: Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time. Discovery 2017-06-19 Entry 2017-06-21 exim < 4.89_1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000369