FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
2dd7e97e-d5e8-11e5-bcbd-bc5ff45d0f28	glibc -- getaddrinfo stack-based buffer overflow Fabio Olive Leite reports: A stack-based buffer overflow was found in libresolv when invoked from nss_dns, allowing specially crafted DNS responses to seize control of EIP in the DNS client. The buffer overflow occurs in the functions send_dg (send datagram) and send_vc (send TCP) for the NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC family, or in some cases AF_INET6 family. The use of AF_UNSPEC (or AF_INET6 in some cases) triggers the low-level resolver code to send out two parallel queries for A and AAAA. A mismanagement of the buffers used for those queries could result in the response of a query writing beyond the alloca allocated buffer created by __res_nquery. Discovery 2016-02-16 Entry 2016-02-18 linux_base-c6 linux_base-c6_64 < 6.7_1 linux_base-f10 >= 0 CVE-2015-7547 ports/207272 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7547 https://blog.des.no/2016/02/freebsd-and-cve-2015-7547/ https://googleonlinesecurity.blogspot.no/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
0765de84-a6c1-11e4-a0c1-c485083ca99c	glibc -- gethostbyname buffer overflow Robert KrÃ¡tkÃ½ reports: GHOST is a 'buffer overflow' bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application. The gethostbyname() function calls are used for DNS resolving, which is a very common event. To exploit this vulnerability, an attacker must trigger a buffer overflow by supplying an invalid hostname argument to an application that performs a DNS resolution. Discovery 2015-01-27 Entry 2015-01-28 Modified 2015-02-02 linux_base-c6 < 6.6_2 linux_base-f10 >= 0 linux-c6-devtools < 6.6_3 linux-f10-devtools >= 0 CVE-2015-0235 https://access.redhat.com/articles/1332213 http://www.openwall.com/lists/oss-security/2015/01/27/9

VuXML ID

Description

2dd7e97e-d5e8-11e5-bcbd-bc5ff45d0f28

glibc -- getaddrinfo stack-based buffer overflow

Fabio Olive Leite reports:

A stack-based buffer overflow was found in libresolv when invoked from nss_dns, allowing specially crafted DNS responses to seize control of EIP in the DNS client. The buffer overflow occurs in the functions send_dg (send datagram) and send_vc (send TCP) for the NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC family, or in some cases AF_INET6 family. The use of AF_UNSPEC (or AF_INET6 in some cases) triggers the low-level resolver code to send out two parallel queries for A and AAAA. A mismanagement of the buffers used for those queries could result in the response of a query writing beyond the alloca allocated buffer created by __res_nquery.

Discovery 2016-02-16
Entry 2016-02-18
linux_base-c6
linux_base-c6_64

< 6.7_1

linux_base-f10

>= 0

CVE-2015-7547
ports/207272
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7547
https://blog.des.no/2016/02/freebsd-and-cve-2015-7547/
https://googleonlinesecurity.blogspot.no/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html

0765de84-a6c1-11e4-a0c1-c485083ca99c

glibc -- gethostbyname buffer overflow

Robert KrÃ¡tkÃ½ reports:

GHOST is a 'buffer overflow' bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application. The gethostbyname() function calls are used for DNS resolving, which is a very common event. To exploit this vulnerability, an attacker must trigger a buffer overflow by supplying an invalid hostname argument to an application that performs a DNS resolution.

Discovery 2015-01-27
Entry 2015-01-28
Modified 2015-02-02
linux_base-c6

< 6.6_2

linux_base-f10

>= 0

linux-c6-devtools

< 6.6_3

linux-f10-devtools

>= 0

CVE-2015-0235
https://access.redhat.com/articles/1332213
http://www.openwall.com/lists/oss-security/2015/01/27/9