FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
7d2336c2-4607-11e1-9f47-00e0815b8da8	spamdyke -- Buffer Overflow Vulnerabilities Secunia reports: Fixed a number of very serious errors in the usage of snprintf()/vsnprintf(). The return value was being used as the length of the string printed into the buffer, but the return value really indicates the length of the string that could be printed if the buffer were of infinite size. Because the returned value could be larger than the buffer's size, this meant remotely exploitable buffer overflows were possible, depending on spamdyke's configuration. Discovery 2012-01-15 Entry 2012-01-23 spamdyke < 4.3.0 CVE-2012-0802 https://secunia.com/advisories/47548/ http://www.spamdyke.org/documentation/Changelog.txt
a47af810-3a17-11e1-a1be-00e0815b8da8	spamdyke -- STARTTLS Plaintext Injection Vulnerability Secunia reports: The vulnerability is caused due to the TLS implementation not properly clearing transport layer buffers when upgrading from plaintext to ciphertext after receiving the "STARTTLS" command. This can be exploited to insert arbitrary plaintext data (e.g. SMTP commands) during the plaintext phase, which will then be executed after upgrading to the TLS ciphertext phase. Discovery 2012-01-04 Entry 2012-01-08 Modified 2012-01-23 spamdyke < 4.2.1 CVE-2012-0070 http://secunia.com/advisories/47435/ http://www.spamdyke.org/documentation/Changelog.txt

VuXML ID

Description

7d2336c2-4607-11e1-9f47-00e0815b8da8

spamdyke -- Buffer Overflow Vulnerabilities

Secunia reports:

Fixed a number of very serious errors in the usage of snprintf()/vsnprintf().

The return value was being used as the length of the string printed into the buffer, but the return value really indicates the length of the string that *could* be printed if the buffer were of infinite size. Because the returned value could be larger than the buffer's size, this meant remotely exploitable buffer overflows were possible, depending on spamdyke's configuration.

Discovery 2012-01-15
Entry 2012-01-23
spamdyke

< 4.3.0

CVE-2012-0802
https://secunia.com/advisories/47548/
http://www.spamdyke.org/documentation/Changelog.txt

a47af810-3a17-11e1-a1be-00e0815b8da8

spamdyke -- STARTTLS Plaintext Injection Vulnerability

Secunia reports:

The vulnerability is caused due to the TLS implementation not properly clearing transport layer buffers when upgrading from plaintext to ciphertext after receiving the "STARTTLS" command. This can be exploited to insert arbitrary plaintext data (e.g. SMTP commands) during the plaintext phase, which will then be executed after upgrading to the TLS ciphertext phase.

Discovery 2012-01-04
Entry 2012-01-08
Modified 2012-01-23
spamdyke

< 4.2.1

CVE-2012-0070
http://secunia.com/advisories/47435/
http://www.spamdyke.org/documentation/Changelog.txt