svn commit: r441568 - head/security/vuxml
Bernard Spil
brnrd at FreeBSD.org
Wed May 24 09:31:54 UTC 2017
Author: brnrd
Date: Wed May 24 09:31:52 2017
New Revision: 441568
URL: https://svnweb.freebsd.org/changeset/ports/441568
Log:
security/vuxml: Document samba RCE vulnerability
- Add entry for samba
- Fix tabs/space previous entry
Security: CVE-2017-7494
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed May 24 09:00:37 2017 (r441567)
+++ head/security/vuxml/vuln.xml Wed May 24 09:31:52 2017 (r441568)
@@ -58,6 +58,52 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="6f4d96c0-4062-11e7-b291-b499baebfeaf">
+ <topic>samba -- remote code execution vulnerability</topic>
+ <affects>
+ <package>
+ <name>samba42</name>
+ <range><lt>4.2.15</lt></range>
+ </package>
+ <package>
+ <name>samba43</name>
+ <range><lt>4.3.14</lt></range>
+ </package>
+ <package>
+ <name>samba44</name>
+ <range><lt>4.4.14</lt></range>
+ </package>
+ <package>
+ <name>samba45</name>
+ <range><lt>4.5.10</lt></range>
+ </package>
+ <package>
+ <name>samba46</name>
+ <range><lt>4.6.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The samba project reports:</p>
+ <blockquote cite="https://www.samba.org/samba/security/CVE-2017-7494.html">
+ <p>Remote code execution from a writable share.</p>
+ <p>All versions of Samba from 3.5.0 onwards are vulnerable to a remote
+ code execution vulnerability, allowing a malicious client to upload
+ a shared library to a writable share, and then cause the server to
+ load and execute it.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.samba.org/samba/security/CVE-2017-7494.html</url>
+ <cvename>CVE-2017-7494</cvename>
+ </references>
+ <dates>
+ <discovery>2017-05-24</discovery>
+ <entry>2017-05-24</entry>
+ </dates>
+ </vuln>
+
<vuln vid="f52e3a8d-3f7e-11e7-97a9-a0d3c19bfa21">
<topic>NVIDIA UNIX driver -- multiple vulnerabilities in the kernel mode layer handler</topic>
<affects>
@@ -103,11 +149,11 @@ Notes:
<p>Tintinweb reports:</p>
<blockquote cite="https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-8798">
<p>An integer signedness error was found in miniupnp's miniwget
- allowing an unauthenticated remote entity typically located on the
- local network segment to trigger a heap corruption or an access
- violation in miniupnp's http response parser when processing a
- specially crafted chunked-encoded response to a request for the
- xml root description url.</p>
+ allowing an unauthenticated remote entity typically located on the
+ local network segment to trigger a heap corruption or an access
+ violation in miniupnp's http response parser when processing a
+ specially crafted chunked-encoded response to a request for the
+ xml root description url.</p>
</blockquote>
</body>
</description>
More information about the svn-ports-head
mailing list