FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
e917caba-e291-11e9-89f1-152fed202bb7Exim -- heap-based buffer overflow in string_vformat leading to RCE

Exim developers team report:

There is a heap overflow in string_vformat().Using a EHLO message, remote code execution seems to be possible.


Discovery 2019-09-28
Entry 2019-09-29
exim
ge 4.92 lt 4.92.3

https://www.openwall.com/lists/oss-security/2019/09/28/1
3e0da406-aece-11e9-8d41-97657151f8c2Exim -- RCE in ${sort} expansion

Exim team report:

A local or remote attacker can execute programs with root privileges - if you've an unusual configuration.

If your configuration uses the ${sort } expansion for items that can be controlled by an attacker (e.g. $local_part, $domain). The default config, as shipped by the Exim developers, does not contain ${sort }.

The vulnerability is exploitable either remotely or locally and could be used to execute other programs with root privilege. The ${sort } expansion re-evaluates its items.

Exim 4.92.1 is not vulnerable.


Discovery 2019-07-18
Entry 2019-07-25
Modified 2019-07-26
exim
ge 4.85 lt 4.92.1

CVE-2019-13917
https://www.exim.org/static/doc/security/CVE-2019-13917.txt
61db9b88-d091-11e9-8d41-97657151f8c2Exim -- RCE with root privileges in TLS SNI handler

Exim developers report:

If your Exim server accepts TLS connections, it is vulnerable. This does not depend on the TLS libray, so both, GnuTLS and OpenSSL are affected.

The vulnerability is exploitable by sending a SNI ending in a backslash-null sequence during the initial TLS handshake. The exploit exists as a POC. For more details see the document qualys.mbx


Discovery 2019-09-02
Entry 2019-09-06
exim
< 4.92.2

https://git.exim.org/exim.git/blob_plain/2600301ba6dbac5c9d640c87007a07ee6dcea1f4:/doc/doc-txt/cve-2019-15846/cve.txt