FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
bd579366-5290-11d9-ac20-00065be4b5b6greed -- insecure GRX file processing

A buffer overflow vulnerability has been detected in the greed URL handling code. This bug can especially be a problem when greed is used to process GRX (GetRight) files that originate from untrusted sources.

The bug finder, Manigandan Radhakrishnan, gave the following description:

Here are the bugs. First, in main.c, DownloadLoop() uses strcat() to copy an input filename to the end of a 128-byte COMMAND array. Second, DownloadLoop() passes the input filename to system() without checking for special characters such as semicolons.


Discovery 2004-12-15
Entry 2005-01-03
Modified 2005-01-13
greed
le 0.81p

CVE-2004-1273
CVE-2004-1274
http://tigger.uic.edu/~jlongs2/holes/greed.txt
http://secunia.com/advisories/13534/
http://marc.theaimsgroup.com/?l=bugtraq&m=110321888413132