FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-19 12:13:07 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
342176a8-f464-11e1-8bd8-0022156e8794	GNU gatekeeper -- denial of service Jan Willamowius reports: GNU Gatekeeper before 3.1 does not limit the number of connections to the status port, which allows remote attackers to cause a denial of service (connection and thread consumption) via a large number of connections. Discovery 2012-08-15 Entry 2012-09-01 gatekeeper < 3.1 CVE-2012-3534 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3534 http://www.openwall.com/lists/oss-security/2012/08/25/4 http://www.gnugk.org/gnugk-3.1.html
4c005a5e-2541-4d95-80a0-00c76919aa66	fd_set -- bitmap index overflow in multiple applications 3APA3A reports: If programmer fails to check socket number before using select() or fd_set macros, it's possible to overwrite memory behind fd_set structure. Very few select() based application actually check FD_SETSIZE value. [...] Depending on vulnerable application it's possible to overwrite portions of memory. Impact is close to off-by-one overflows, code execution doesn't seems exploitable. Discovery 2004-12-12 Entry 2005-06-17 Modified 2006-09-03 gatekeeper < 2.2.1 citadel < 6.29 3proxy < 0.5.b jabber < 1.4.3.1_1,1 = 1.4.4 bnc < 2.9.3 rinetd < 0.62_1 dante < 1.1.15 bld < 0.3.3 http://www.gotbnc.com/changes.html#2.9.3 http://www.security.nnov.ru/advisories/sockets.asp http://marc.theaimsgroup.com/?l=bugtraq&m=110660879328901

VuXML ID

Description

342176a8-f464-11e1-8bd8-0022156e8794

GNU gatekeeper -- denial of service

Jan Willamowius reports:

GNU Gatekeeper before 3.1 does not limit the number of connections to the status port, which allows remote attackers to cause a denial of service (connection and thread consumption) via a large number of connections.

Discovery 2012-08-15
Entry 2012-09-01
gatekeeper

< 3.1

CVE-2012-3534
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3534
http://www.openwall.com/lists/oss-security/2012/08/25/4
http://www.gnugk.org/gnugk-3.1.html

4c005a5e-2541-4d95-80a0-00c76919aa66

fd_set -- bitmap index overflow in multiple applications

3APA3A reports:

If programmer fails to check socket number before using select() or fd_set macros, it's possible to overwrite memory behind fd_set structure. Very few select() based application actually check FD_SETSIZE value. [...]

Depending on vulnerable application it's possible to overwrite portions of memory. Impact is close to off-by-one overflows, code execution doesn't seems exploitable.

Discovery 2004-12-12
Entry 2005-06-17
Modified 2006-09-03
gatekeeper

< 2.2.1

citadel

< 6.29

3proxy

< 0.5.b

jabber

< 1.4.3.1_1,1

= 1.4.4

bnc

< 2.9.3

rinetd

< 0.62_1

dante

< 1.1.15

bld

< 0.3.3

http://www.gotbnc.com/changes.html#2.9.3
http://www.security.nnov.ru/advisories/sockets.asp
http://marc.theaimsgroup.com/?l=bugtraq&m=110660879328901