FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-01-29 21:10:00 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
21f43976-1887-11ed-9911-40b034429ecf	rsync -- client-side arbitrary file write vulnerability Openwall oss-security reports: We have discovered a critical arbitrary file write vulnerability in the rsync utility that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. Due to the insufficient controls inside the do_server_recv function a malicious rysnc server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories. Discovery 2022-08-02 Entry 2022-08-10 rsync < 3.2.5 CVE-2022-29154 https://www.openwall.com/lists/oss-security/2022/08/02/1
163edccf-d2ba-11ef-b10e-589cfc10a551	rsync -- Multiple security fixes rsync reports: This update includes multiple security fixes: CVE-2024-12084: Heap Buffer Overflow in Checksum Parsing CVE-2024-12085: Info Leak via uninitialized Stack contents defeats ASLR CVE-2024-12086: Server leaks arbitrary client files CVE-2024-12087: Server can make client write files outside of destination directory using symbolic links CVE-2024-12088: --safe-links Bypass CVE-2024-12747: symlink race condition Discovery 2025-01-14 Entry 2025-01-14 rsync < 3.4.0 CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747

VuXML ID

Description

21f43976-1887-11ed-9911-40b034429ecf

rsync -- client-side arbitrary file write vulnerability

Openwall oss-security reports:

We have discovered a critical arbitrary file write vulnerability in the rsync utility that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. Due to the insufficient controls inside the do_server_recv function a malicious rysnc server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories.

Discovery 2022-08-02
Entry 2022-08-10
rsync

< 3.2.5

CVE-2022-29154
https://www.openwall.com/lists/oss-security/2022/08/02/1

163edccf-d2ba-11ef-b10e-589cfc10a551

rsync -- Multiple security fixes

rsync reports:

This update includes multiple security fixes:

CVE-2024-12084: Heap Buffer Overflow in Checksum Parsing

CVE-2024-12085: Info Leak via uninitialized Stack contents defeats ASLR

CVE-2024-12086: Server leaks arbitrary client files

CVE-2024-12087: Server can make client write files outside of destination directory using symbolic links

CVE-2024-12088: --safe-links Bypass

CVE-2024-12747: symlink race condition

Discovery 2025-01-14
Entry 2025-01-14
rsync

< 3.4.0

CVE-2024-12084
CVE-2024-12085
CVE-2024-12086
CVE-2024-12087
CVE-2024-12088
CVE-2024-12747