FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
cd97c7ca-f079-11ea-9c31-001b216d295b	Multi-link PPP protocol daemon MPD5 remotely exploitable crash Version 5.9 contains security fix for L2TP clients and servers. Insufficient validation of incoming L2TP control packet specially crafted by unauthenticated user might lead to unexpected termination of the process. The problem affects mpd versions since 4.0 that brought in initial support for L2TP. Installations not using L2TP clients nor L2TP server configuration were not affected. Discovery 2020-09-04 Entry 2020-09-06 Modified 2020-09-07 mpd5 < 5.9 CVE-2020-7465 CVE-2020-7466 http://mpd.sourceforge.net/doc5/mpd4.html#4
3749ae9e-f132-11ea-97da-d05099c0ae8c	MPD -- multiple vulnerabilities Chen Nan of Chaitin Security Research Lab reports: Fix buffer overflow introduced in version 5.8: processing of template %aX in a RADIUS authentication response might lead to unexpected termination of the mpd5 process. Installations not using RADIUS or not using %aX templates in RADIUS attributes were not affected. Fix buffer overflow in parsing of L2TP control packets introduced in version 4.0 that initially brought in L2TP support: a specially crafted incoming L2TP control packet might lead to unexpected termination of the process. Installations with neither L2TP clients nor L2TP server configured are not affected. Discovery 2020-09-06 Entry 2020-09-07 mpd5 < 5.9 CVE-2020-7465 CVE-2020-7466 http://mpd.sourceforge.net/doc5/mpd4.html#4
f55921aa-10c9-11ec-8647-00e0670f2660	MPD5 PPPoE Server remotely exploitable crash Version 5.9_2 contains security fix for PPPoE servers. Insufficient validation of incoming PPPoE Discovery request specially crafted by unauthenticated user might lead to unexpected termination of the process. The problem affects mpd versions since 5.0. Installations not using PPPoE server configuration were not affected. Discovery 2021-09-04 Entry 2021-09-09 mpd5 ge 5.0 lt 5.9_2 http://mpd.sourceforge.net/doc5/mpd4.html#4

VuXML ID

Description

cd97c7ca-f079-11ea-9c31-001b216d295b

Multi-link PPP protocol daemon MPD5 remotely exploitable crash

Version 5.9 contains security fix for L2TP clients and servers. Insufficient validation of incoming L2TP control packet specially crafted by unauthenticated user might lead to unexpected termination of the process. The problem affects mpd versions since 4.0 that brought in initial support for L2TP. Installations not using L2TP clients nor L2TP server configuration were not affected.

Discovery 2020-09-04
Entry 2020-09-06
Modified 2020-09-07
mpd5

< 5.9

CVE-2020-7465
CVE-2020-7466
http://mpd.sourceforge.net/doc5/mpd4.html#4

3749ae9e-f132-11ea-97da-d05099c0ae8c

MPD -- multiple vulnerabilities

Chen Nan of Chaitin Security Research Lab reports:

Fix buffer overflow introduced in version 5.8: processing of template %aX in a RADIUS authentication response might lead to unexpected termination of the mpd5 process. Installations not using RADIUS or not using %aX templates in RADIUS attributes were not affected.

Fix buffer overflow in parsing of L2TP control packets introduced in version 4.0 that initially brought in L2TP support: a specially crafted incoming L2TP control packet might lead to unexpected termination of the process. Installations with neither L2TP clients nor L2TP server configured are not affected.

Discovery 2020-09-06
Entry 2020-09-07
mpd5

< 5.9

CVE-2020-7465
CVE-2020-7466
http://mpd.sourceforge.net/doc5/mpd4.html#4

f55921aa-10c9-11ec-8647-00e0670f2660

MPD5 PPPoE Server remotely exploitable crash

Version 5.9_2 contains security fix for PPPoE servers. Insufficient validation of incoming PPPoE Discovery request specially crafted by unauthenticated user might lead to unexpected termination of the process. The problem affects mpd versions since 5.0. Installations not using PPPoE server configuration were not affected.

Discovery 2021-09-04
Entry 2021-09-09
mpd5

ge 5.0 lt 5.9_2

http://mpd.sourceforge.net/doc5/mpd4.html#4