FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a47af810-3a17-11e1-a1be-00e0815b8da8spamdyke -- STARTTLS Plaintext Injection Vulnerability

Secunia reports:

The vulnerability is caused due to the TLS implementation not properly clearing transport layer buffers when upgrading from plaintext to ciphertext after receiving the "STARTTLS" command. This can be exploited to insert arbitrary plaintext data (e.g. SMTP commands) during the plaintext phase, which will then be executed after upgrading to the TLS ciphertext phase.


Discovery 2012-01-04
Entry 2012-01-08
Modified 2012-01-23
spamdyke
< 4.2.1

CVE-2012-0070
http://secunia.com/advisories/47435/
http://www.spamdyke.org/documentation/Changelog.txt
7d2336c2-4607-11e1-9f47-00e0815b8da8spamdyke -- Buffer Overflow Vulnerabilities

Secunia reports:

Fixed a number of very serious errors in the usage of snprintf()/vsnprintf().

The return value was being used as the length of the string printed into the buffer, but the return value really indicates the length of the string that *could* be printed if the buffer were of infinite size. Because the returned value could be larger than the buffer's size, this meant remotely exploitable buffer overflows were possible, depending on spamdyke's configuration.


Discovery 2012-01-15
Entry 2012-01-23
spamdyke
< 4.3.0

CVE-2012-0802
https://secunia.com/advisories/47548/
http://www.spamdyke.org/documentation/Changelog.txt