FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-17 07:51:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
085399ab-dfd7-11ea-96e4-80ee73bc7b66	net/rsync -- multiple zlib issues rsync developers reports: Various zlib fixes, including security fixes for CVE-2016-9843, CVE-2016-9842, CVE-2016-9841, and CVE-2016-9840 Discovery 2020-06-19 Entry 2020-08-16 rsync < 3.2.0 https://download.samba.org/pub/rsync/NEWS#3.2.0 CVE-2016-9843 CVE-2016-9842 CVE-2016-9841 CVE-2016-9840
af8e3a0c-5009-11dc-8a43-003048705d5a	rsync -- off by one stack overflow BugTraq reports: The rsync utility is prone to an off-by-one buffer-overflow vulnerability. This issue is due to a failure of the application to properly bounds-check user-supplied input. Successfully exploiting this issue may allow arbitrary code-execution in the context of the affected utility. Discovery 2007-08-15 Entry 2007-08-21 Modified 2007-08-23 rsync < 2.6.9_1 25336 CVE-2007-4091
21f43976-1887-11ed-9911-40b034429ecf	rsync -- client-side arbitrary file write vulnerability Openwall oss-security reports: We have discovered a critical arbitrary file write vulnerability in the rsync utility that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. Due to the insufficient controls inside the do_server_recv function a malicious rysnc server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories. Discovery 2022-08-02 Entry 2022-08-10 rsync < 3.2.5 CVE-2022-29154 https://www.openwall.com/lists/oss-security/2022/08/02/1

VuXML ID

Description

085399ab-dfd7-11ea-96e4-80ee73bc7b66

net/rsync -- multiple zlib issues

rsync developers reports:

Various zlib fixes, including security fixes for CVE-2016-9843, CVE-2016-9842, CVE-2016-9841, and CVE-2016-9840

Discovery 2020-06-19
Entry 2020-08-16
rsync

< 3.2.0

https://download.samba.org/pub/rsync/NEWS#3.2.0
CVE-2016-9843
CVE-2016-9842
CVE-2016-9841
CVE-2016-9840

af8e3a0c-5009-11dc-8a43-003048705d5a

rsync -- off by one stack overflow

BugTraq reports:

The rsync utility is prone to an off-by-one buffer-overflow vulnerability. This issue is due to a failure of the application to properly bounds-check user-supplied input.

Successfully exploiting this issue may allow arbitrary code-execution in the context of the affected utility.

Discovery 2007-08-15
Entry 2007-08-21
Modified 2007-08-23
rsync

< 2.6.9_1

25336
CVE-2007-4091

21f43976-1887-11ed-9911-40b034429ecf

rsync -- client-side arbitrary file write vulnerability

Openwall oss-security reports:

We have discovered a critical arbitrary file write vulnerability in the rsync utility that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. Due to the insufficient controls inside the do_server_recv function a malicious rysnc server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories.

Discovery 2022-08-02
Entry 2022-08-10
rsync

< 3.2.5

CVE-2022-29154
https://www.openwall.com/lists/oss-security/2022/08/02/1