FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
35f6093c-73c3-11d9-8a93-00065be4b5b6newsgrab -- directory traversal vulnerability

The newsgrab script creates files by using the names provided in the newsgroup messages in a perl open() call. This is done without performing any security checks to prevent a directory traversal. A specially crafted newsgroup message could cause newsgrab to drop an attachment anywhere on the file system using the permissions of the user running the script.


Discovery 2005-01-18
Entry 2005-02-01
newsgrab
<= 0.4.0

http://people.freebsd.org/~niels/issues/newsgrab-20050114.txt
http://sourceforge.net/project/shownotes.php?release_id=300562
CVE-2005-0153
cd7e260a-6bff-11d9-a5df-00065be4b5b6newsgrab -- insecure file and directory creation

The newsgrab script uses insecure permissions during the creation of the local output directory and downloaded files.

After a file is created, permissions on it are set using the mode value of the newsgroup posting. This can potentially be a problem when the mode is not restrictive enough. In addition, the output directory is created with world writable permissions allowing other users to drop symlinks or other files at that location.


Discovery 2005-01-18
Entry 2005-02-01
newsgrab
<= 0.4.0

http://people.freebsd.org/~niels/issues/newsgrab-20050114.txt
http://sourceforge.net/project/shownotes.php?release_id=300562
CVE-2005-0154