FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-20 14:15:46 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
2e25d38b-54d1-11d9-b612-000c6e8f12ef	jabberd -- denial-of-service vulnerability JosÃ© Antonio Calvo discovered a bug in the Jabber 1.x server. According to Matthias Wimmer: Without this patch, it is possible to remotly crash jabberd14, if there is access to one of the following types of network sockets: Socket accepting client connections Socket accepting connections from other servers Socket connecting to an other Jabber server Socket accepting connections from server components Socket connecting to server components This is any socket on which the jabberd server parses XML! The problem existed in the included expat XML parser code. This patch removes the included expat code from jabberd14 and links jabberd against an installed version of expat. Discovery 2004-09-19 Entry 2004-12-26 Modified 2005-01-19 jabber < 1.4.3.1 CVE-2004-1378 http://devel.amessage.info/jabberd14/README.html http://mail.jabber.org/pipermail/jabberd/2004-September/002004.html
4c005a5e-2541-4d95-80a0-00c76919aa66	fd_set -- bitmap index overflow in multiple applications 3APA3A reports: If programmer fails to check socket number before using select() or fd_set macros, it's possible to overwrite memory behind fd_set structure. Very few select() based application actually check FD_SETSIZE value. [...] Depending on vulnerable application it's possible to overwrite portions of memory. Impact is close to off-by-one overflows, code execution doesn't seems exploitable. Discovery 2004-12-12 Entry 2005-06-17 Modified 2006-09-03 gatekeeper < 2.2.1 citadel < 6.29 3proxy < 0.5.b jabber < 1.4.3.1_1,1 = 1.4.4 bnc < 2.9.3 rinetd < 0.62_1 dante < 1.1.15 bld < 0.3.3 http://www.gotbnc.com/changes.html#2.9.3 http://www.security.nnov.ru/advisories/sockets.asp http://marc.theaimsgroup.com/?l=bugtraq&m=110660879328901

VuXML ID

Description

2e25d38b-54d1-11d9-b612-000c6e8f12ef

jabberd -- denial-of-service vulnerability

JosÃ© Antonio Calvo discovered a bug in the Jabber 1.x server. According to Matthias Wimmer:

Without this patch, it is possible to remotly crash jabberd14, if there is access to one of the following types of network sockets:

Socket accepting client connections

Socket accepting connections from other servers

Socket connecting to an other Jabber server

Socket accepting connections from server components

Socket connecting to server components

This is any socket on which the jabberd server parses XML!

The problem existed in the included expat XML parser code. This patch removes the included expat code from jabberd14 and links jabberd against an installed version of expat.

Discovery 2004-09-19
Entry 2004-12-26
Modified 2005-01-19
jabber

< 1.4.3.1

CVE-2004-1378
http://devel.amessage.info/jabberd14/README.html
http://mail.jabber.org/pipermail/jabberd/2004-September/002004.html

4c005a5e-2541-4d95-80a0-00c76919aa66

fd_set -- bitmap index overflow in multiple applications

3APA3A reports:

If programmer fails to check socket number before using select() or fd_set macros, it's possible to overwrite memory behind fd_set structure. Very few select() based application actually check FD_SETSIZE value. [...]

Depending on vulnerable application it's possible to overwrite portions of memory. Impact is close to off-by-one overflows, code execution doesn't seems exploitable.

Discovery 2004-12-12
Entry 2005-06-17
Modified 2006-09-03
gatekeeper

< 2.2.1

citadel

< 6.29

3proxy

< 0.5.b

jabber

< 1.4.3.1_1,1

= 1.4.4

bnc

< 2.9.3

rinetd

< 0.62_1

dante

< 1.1.15

bld

< 0.3.3

http://www.gotbnc.com/changes.html#2.9.3
http://www.security.nnov.ru/advisories/sockets.asp
http://marc.theaimsgroup.com/?l=bugtraq&m=110660879328901