FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
c4b025bb-f05d-11d8-9837-000c41e2cdad	tnftpd -- remotely exploitable vulnerability lukemftpd(8) is an enhanced BSD FTP server produced within the NetBSD project. The sources for lukemftpd are shipped with some versions of FreeBSD, however it is not built or installed by default. The build system option WANT_LUKEMFTPD must be set to build and install lukemftpd. [NOTE: An exception is FreeBSD 4.7-RELEASE, wherein lukemftpd was installed, but not enabled, by default.] Przemyslaw Frasunek discovered several vulnerabilities in lukemftpd arising from races in the out-of-band signal handling code used to implement the ABOR command. As a result of these races, the internal state of the FTP server may be manipulated in unexpected ways. A remote attacker may be able to cause FTP commands to be executed with the privileges of the running lukemftpd process. This may be a low-privilege `ftp' user if the `-r' command line option is specified, or it may be superuser privileges if `-r' is not specified. Discovery 2004-08-17 Entry 2004-08-17 Modified 2016-08-11 tnftpd < 20040810 lukemftpd >= 0 FreeBSD <= 4.7 CVE-2004-0794 10967 http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ftpd/ftpd.c#rev1.158 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-009.txt.asc http://lists.netsys.com/pipermail/full-disclosure/2004-August/025418.html
e969e6cb-8911-11db-9d01-0016179b2dd5	tnftpd -- Remote root Exploit The tnftpd port suffer from a remote stack overrun, which can lead to a root compromise. Discovery 2006-12-01 Entry 2006-12-11 Modified 2010-05-12 tnftpd < 20040810 CVE-2006-6652 http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051009.html

VuXML ID

Description

c4b025bb-f05d-11d8-9837-000c41e2cdad

tnftpd -- remotely exploitable vulnerability

lukemftpd(8) is an enhanced BSD FTP server produced within the NetBSD project. The sources for lukemftpd are shipped with some versions of FreeBSD, however it is not built or installed by default. The build system option WANT_LUKEMFTPD must be set to build and install lukemftpd. [NOTE: An exception is FreeBSD 4.7-RELEASE, wherein lukemftpd was installed, but not enabled, by default.]

Przemyslaw Frasunek discovered several vulnerabilities in lukemftpd arising from races in the out-of-band signal handling code used to implement the ABOR command. As a result of these races, the internal state of the FTP server may be manipulated in unexpected ways.

A remote attacker may be able to cause FTP commands to be executed with the privileges of the running lukemftpd process. This may be a low-privilege `ftp' user if the `-r' command line option is specified, or it may be superuser privileges if `-r' is *not* specified.

Discovery 2004-08-17
Entry 2004-08-17
Modified 2016-08-11
tnftpd

< 20040810

lukemftpd

>= 0

FreeBSD

<= 4.7

CVE-2004-0794
10967
http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ftpd/ftpd.c#rev1.158
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-009.txt.asc
http://lists.netsys.com/pipermail/full-disclosure/2004-August/025418.html

e969e6cb-8911-11db-9d01-0016179b2dd5

tnftpd -- Remote root Exploit

The tnftpd port suffer from a remote stack overrun, which can lead to a root compromise.

Discovery 2006-12-01
Entry 2006-12-11
Modified 2010-05-12
tnftpd

< 20040810

CVE-2006-6652
http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051009.html