FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-25 08:52:18 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
2e129846-8fbb-11d8-8b29-0020ed76ef5a	MySQL insecure temporary file creation (mysqlbug) Shaun Colley reports that the script `mysqlbug' included with MySQL sometimes creates temporary files in an unsafe manner. As a result, an attacker may create a symlink in /tmp so that if another user invokes `mysqlbug' and quits without making any* changes*, an arbitrary file may be overwritten with the bug report template. Discovery 2004-03-25 Entry 2004-04-16 Modified 2004-05-21 mysql-client >= 4.0 lt 4.0.20 >= 4.1 lt 4.1.1_2 >= 5.0 lt 5.0.0_2 http://marc.theaimsgroup.com/?l=bugtraq&m=108023246916294&w=2 http://bugs.mysql.com/bug.php?id=3284 9976 CVE-2004-0381
835256b8-46ed-11d9-8ce0-00065be4b5b6	mysql -- mysql_real_connect buffer overflow vulnerability The mysql_real_connect function doesn't properly handle DNS replies by copying the IP address into a buffer without any length checking. A specially crafted DNS reply may therefore be used to cause a buffer overflow on affected systems. Note that whether this issue can be exploitable depends on the system library responsible for the gethostbyname function. The bug finder, Lukasz Wojtow, explaines this with the following words: In glibc there is a limitation for an IP address to have only 4 bytes (obviously), but generally speaking the length of the address comes with a response for dns query (i know it sounds funny but read rfc1035 if you don't believe). This bug can occur on libraries where gethostbyname function takes length from dns's response Discovery 2004-06-04 Entry 2004-12-16 Modified 2005-03-15 mysql-server <= 3.23.58_3 >= 4.* lt 4.0.21 mysql-client <= 3.23.58_3 >= 4.* lt 4.0.21 CVE-2004-0836 10981 http://bugs.mysql.com/bug.php?id=4017 http://lists.mysql.com/internals/14726 http://rhn.redhat.com/errata/RHSA-2004-611.html http://www.osvdb.org/displayvuln.php?osvdb_id=10658

VuXML ID

Description

2e129846-8fbb-11d8-8b29-0020ed76ef5a

MySQL insecure temporary file creation (mysqlbug)

Shaun Colley reports that the script `mysqlbug' included with MySQL sometimes creates temporary files in an unsafe manner. As a result, an attacker may create a symlink in /tmp so that if another user invokes `mysqlbug' and quits without making any changes, an arbitrary file may be overwritten with the bug report template.

Discovery 2004-03-25
Entry 2004-04-16
Modified 2004-05-21
mysql-client

>= 4.0 lt 4.0.20

>= 4.1 lt 4.1.1_2

>= 5.0 lt 5.0.0_2

http://marc.theaimsgroup.com/?l=bugtraq&m=108023246916294&w=2
http://bugs.mysql.com/bug.php?id=3284
9976
CVE-2004-0381

835256b8-46ed-11d9-8ce0-00065be4b5b6

mysql -- mysql_real_connect buffer overflow vulnerability

The mysql_real_connect function doesn't properly handle DNS replies by copying the IP address into a buffer without any length checking. A specially crafted DNS reply may therefore be used to cause a buffer overflow on affected systems.

Note that whether this issue can be exploitable depends on the system library responsible for the gethostbyname function. The bug finder, Lukasz Wojtow, explaines this with the following words:

In glibc there is a limitation for an IP address to have only 4 bytes (obviously), but generally speaking the length of the address comes with a response for dns query (i know it sounds funny but read rfc1035 if you don't believe). This bug can occur on libraries where gethostbyname function takes length from dns's response

Discovery 2004-06-04
Entry 2004-12-16
Modified 2005-03-15
mysql-server

<= 3.23.58_3

>= 4.* lt 4.0.21

mysql-client

<= 3.23.58_3

>= 4.* lt 4.0.21

CVE-2004-0836
10981
http://bugs.mysql.com/bug.php?id=4017
http://lists.mysql.com/internals/14726
http://rhn.redhat.com/errata/RHSA-2004-611.html
http://www.osvdb.org/displayvuln.php?osvdb_id=10658