From nobody Fri Sep 29 09:32:37 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RxlWB1Q6Cz4k1bd; Fri, 29 Sep 2023 09:32:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RxlWB0yDLz3Gsg; Fri, 29 Sep 2023 09:32:38 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1695979958; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=X5pgamYKmMHdUM6DSUN5ozME1K2H79BGfxYr72M16nI=; b=yE6ne8DcMizSLHPDS6aM7fEBhRzh67x8pN6SqC4HZTficIFcV9elY2TAhWoXiCjP+GwQn2 eF7LAneuoBi3k1zH6RPo5w7EtvVcGnsowlrRlGVlUxytudM1goezFEE49i9/Ohty6okkBb tnMUkd5CRR5G4q2Dly+59iN3frKRSidfVUcvC01O2fXAosWJWPNDHkIJxsCB0n/XEKe6sm Hghdsw47PQVhwA9ZPcw5tHXEwhq08+2Eit6jsGgXN7+QuxYdWKm6GsmXf3G6XtGLcT8gLv zV0qSbCj2kV2rD1U7xLSlMSsk3WqOafCPTzYVVnfSadvh1XdtSw4BR7iId+QFQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1695979958; a=rsa-sha256; cv=none; b=hOoQTJfXAir5o/8VNNi38kzt2ELJ3+k2rYmAdHPrS0h2TALc88MKYJU1ztV+ZGvE/tE+Xy 7oxhWy/ivPulYglMjsxtAVr7J90Nfqg/2mlWvZnjhMmW5Db7HkSHWXffF3oMmuQ3uYy692 0ImvUcQ0KEpyhU48KRKj84kofeGiQD/tqTt+LvzpNlshZ7rKFWHej4hLr4FbGDETqfuoq7 85P7YwM4xhcetlPIcrSx8pwJEHneiY8As4xFDarXV5RNes5zZyGLG2jD3L4lEDCB+nVYLf X9tBluJyadhKVunV2IEdnf+YWOuevH+IxXc8w1JboZqeIka0RUGhbr32iWl0iw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1695979958; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=X5pgamYKmMHdUM6DSUN5ozME1K2H79BGfxYr72M16nI=; b=ZRIr8b7yyfs8RWpej4oaSjL0vmwmSXD/9Hc/Fn7DLW8plCjsTiFxpxI2WudN15T8RRWguD wM+9aahwn4SQn5ggQmOHKojHkFh92SZkxERllkf5M8JOlN2ULc0cRQjwaU5c3ILcusDXST 8tg2baM3QGZbzlhlBIlp5ydkUDz7EKHVt8njM1A3AmM5psvvrO8dfR2p8Xr8gfpRIH5rOx Rlfy+HQJfP+9wZcBg0X0CkD1L+O7qm8tlRAn6hy6qIntK6f9P1ooMteGPLtGm0YGqkA7At 3v8DEaY4E7wcxJicKG2hDz0yoQcn2cUx61UFJyWk/gJEcgSrJOMnMvgPIlDtjA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RxlWB02JNz107g; Fri, 29 Sep 2023 09:32:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 38T9Wbnr084275; Fri, 29 Sep 2023 09:32:37 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 38T9Wbta084272; Fri, 29 Sep 2023 09:32:37 GMT (envelope-from git) Date: Fri, 29 Sep 2023 09:32:37 GMT Message-Id: <202309290932.38T9Wbta084272@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Fernando =?utf-8?Q?Apestegu=C3=ADa?= Subject: git: 176a45b87015 - main - security/vuxml: fix long description warning List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: fernape X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 176a45b870156d3edec9da0d169873e41f3b9bbe Auto-Submitted: auto-generated The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=176a45b870156d3edec9da0d169873e41f3b9bbe commit 176a45b870156d3edec9da0d169873e41f3b9bbe Author: Fernando ApesteguĂ­a AuthorDate: 2023-09-27 13:05:32 +0000 Commit: Fernando ApesteguĂ­a CommitDate: 2023-09-29 09:32:20 +0000 security/vuxml: fix long description warning Eliminate an annoying warning from "make validate" Modify entry 441e1e1a-27a5-11ee-a156-080027f5fec9 description and get rid of empty lines and some expendable words. vuxml.freebsd.org prints all the lines joined together. --- security/vuxml/vuln/2023.xml | 94 ++++++++++++++++++-------------------------- 1 file changed, 38 insertions(+), 56 deletions(-) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 536e1862a1f1..eb4e3a42e565 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -2876,22 +2876,21 @@

The Samba Team reports:

-
CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability
+
CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type Confusion DoS Vulnerability
When parsing Spotlight mdssvc RPC packets, one encoded - data structure is a key-value style dictionary where the - keys are character strings and the values can be any of + data structure is a key-value style dictionary where + keys are character strings and values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the function dalloc_value_for_key(), which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed in - pointer is not a valid talloc pointer. - - As RPC worker processes are shared among multiple client - connections, a malicious client can crash the worker - process affecting all other clients that are also served - by this worker. + pointer is not a valid talloc pointer. As RPC worker + processes are shared among multiple client connections, + a malicious client can crash the worker process + affecting all other clients that are also served by this + worker.
CVE-2022-2127: Out-Of-Bounds read in winbind AUTH_CRAP
@@ -2900,22 +2899,17 @@ replies have variable length. Winbind did not properly bounds-check the lan manager response length, which despite the lan manager version no longer being used is - still part of the protocol. - - If the system is running Samba's ntlm_auth as - authentication backend for services like Squid (or a - very unusual configuration with FreeRADIUS), the - vulnarebility is remotely exploitable - + still part of the protocol. If the system is running + Samba's ntlm_auth as authentication backend for services + like Squid (or a very unusual configuration with + FreeRADIUS), the vulnarebility is remotely exploitable. If not so configured, or to exploit this vulnerability locally, the user must have access to the privileged winbindd UNIX domain socket (a subdirectory with name 'winbindd_privileged' under "state directory", as set in - the smb.conf). - - This access is normally only given so special system - services like Squid or FreeRADIUS, that use this - feature. + the smb.conf). This access is normally only given so + special system services like Squid or FreeRADIUS, use + this feature.
CVE-2023-34968: Spotlight server-side Share Path Disclosure
@@ -2924,18 +2918,14 @@ the RPC request. Samba returns the real server-side share path at this point, as well as returning the absolute server-side path of results in search queries - by clients. - - Known server side paths could be used to mount - subsequent more serious security attacks or could + by clients. Known server side paths could be used to + mount subsequent more serious security attacks or could disclose confidential information that is part of the - path. - - To mitigate the issue, Samba will replace the real - server-side path with a fake path constructed from the - sharename. + path. To mitigate the issue, Samba will replace the + real server-side path with a fake path constructed from + the sharename.
-
CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability
+
CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite Loop DoS Vulnerability
When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() @@ -2943,7 +2933,6 @@ contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. - This bug only affects servers where Spotlight is explicitly enabled globally or on individual shares with "spotlight = yes". @@ -2953,30 +2942,23 @@ SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet - signing is mandatory. - - SMB2 packet signing is a mechanism that ensures the - integrity and authenticity of data exchanged between a - client and a server using the SMB2 protocol. - - It provides protection against certain types of attacks, - such as man-in-the-middle attacks, where an attacker - intercepts network traffic and modifies the SMB2 - messages. - - Both client and server of an SMB2 connection can require - that signing is being used. The server-side setting in - Samba to configure signing to be required is "server - signing = required". Note that on an Samba AD DCs this - is also the default for all SMB2 connections. - - Unless the client requires signing which would result in - signing being used on the SMB2 connection, sensitive - data might have been modified by an attacker. - - Clients connecting to IPC$ on an AD DC will require - signed connections being used, so the integrity of these - connections was not affected. + signing is mandatory. SMB2 packet signing is a + mechanism that ensures the integrity and authenticity of + data exchanged between a client and a server using the + SMB2 protocol. It provides protection against certain + types of attacks, such as man-in-the-middle attacks, + where an attacker intercepts network traffic and + modifies the SMB2 messages. Both client and server of + an SMB2 connection can require that signing is being + used. The server-side setting in Samba to configure + signing to be required is "server signing = required". + Note that on an Samba AD DCs this is also the default + for all SMB2 connections. Unless the client requires + signing which would result in signing being used on the + SMB2 connection, sensitive data might have been modified + by an attacker. Clients connecting to IPC$ on an AD DC + will require signed connections being used, so the + integrity of these connections was not affected.