ports/188512: Multiple vulnerabilities not listed in vuln.xml

Pawel Biernacki pawel.biernacki at gmail.com
Sat Apr 12 13:50:00 UTC 2014 

>Number:         188512
>Category:       ports
>Synopsis:       Multiple vulnerabilities not listed in vuln.xml
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Sat Apr 12 13:50:00 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator:     Pawel Biernacki
>Release:        FreeBSD 11.0-CURRENT
>Organization:
Collaborative work of #freebsd on irc.freenode.net
>Environment:
FreeBSD a.b.c. 11.0-CURRENT FreeBSD 11.0-CURRENT #2 r264308: Wed Apr  9 22:29:38 UTC 2014     toor at a.b.c:/usr/obj/usr/src/sys/ABC  amd64
>Description:
Multiple vulnerabilities are not listed in vuln.xml:

OpenLDAP -- incorrect handling of NULL in certificate Common Name (openldap24-client and linux-f10-openldap)
cURL -- inappropriate GSSAPI delegation (curl and linux-f10-curl)
dbus-glib -- privledge escalation (dbus-glib and linux-f10-dbus-glib)
nas -- multiple vulnerabilities (nas and linux-f10-nas-libs)
libaudiofile -- heap-based overflow in Microsoft ADPCM compression module (libaudiofile and linux-f10-libaudiofile)

also previous vulnerabilities entries don't cover linux-f10-* packages:

linux-f10-gnutls, linux-f10-libgcrypt, linux-f10-libxml2, linux-f10-png, linux-f10-tiff, linux-f10-nss, linux-f10-expat.

Please find attached patch for vuxml adding vulnerable ports to the database.

>How-To-Repeat:
Choose a random listed package(s) and read attached link to description of vulnerability. 
>Fix:


Patch attached with submission follows:

Index: security/vuxml/vuln.xml
===================================================================
--- security/vuxml/vuln.xml	(revision 351090)
+++ security/vuxml/vuln.xml	(working copy)
@@ -51,6 +51,160 @@
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="abad20bf-c1b4-11e3-a5ac-001b21614864">
+    <topic>OpenLDAP -- incorrect handling of NULL in certificate Common Name</topic>
+    <affects>
+      <package>
+	<name>openldap24-client</name>
+	<name>linux-f10-openldap</name>
+	<range><lt>2.4.18</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Jan Lieskovsky reports:</p>
+	<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3767">
+	  <p>OpenLDAP does not properly handle a '\0' character in a domain name
+	    in the subject's Common Name (CN) field of an X.509 certificate,
+	    which allows man-in-the-middle attackers to spoof arbitrary SSL
+	    servers via a crafted certificate issued by a legitimate
+	    Certification Authority</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2009-3767</cvename>
+      <url>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3767</url>
+    </references>
+    <dates>
+      <discovery>2009-08-07</discovery>
+      <entry>2014-04-11</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="9aecb94c-c1ad-11e3-a5ac-001b21614864">
+    <topic>cURL -- inappropriate GSSAPI delegation</topic>
+    <affects>
+      <package>
+	<name>curl</name>
+	<name>linux-f10-curl</name>
+	<range><ge>7.10.6</ge><le>7.21.6</le></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>cURL reports:</p>
+	<blockquote cite="http://curl.haxx.se/docs/adv_20110623.html">
+	  <p>When doing GSSAPI authentication, libcurl unconditionally performs
+	    credential delegation. This hands the server a copy of the client's
+	    security credentials, allowing the server to impersonate the client
+	    to any other using the same GSSAPI mechanism.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2011-2192</cvename>
+      <url>http://curl.haxx.se/docs/adv_20110623.html</url>
+    </references>
+    <dates>
+      <discovery>2011-06-23</discovery>
+      <entry>2014-04-11</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="77bb0541-c1aa-11e3-a5ac-001b21614864">
+    <topic>dbus-glib -- privledge escalation</topic>
+    <affects>
+      <package>
+	<name>dbus-glib</name>
+	<name>linux-f10-dbus-glib</name>
+	<range><lt>0.100.1</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Sebastian Krahmer reports:</p>
+	<blockquote cite="https://bugs.freedesktop.org/show_bug.cgi?id=60916">
+	  <p>A privilege escalation flaw was found in the way dbus-glib, the
+	    D-Bus add-on library to integrate the standard D-Bus library with
+	    the GLib thread abstraction and main loop, performed filtering of
+	    the message sender (message source subject), when the
+	    NameOwnerChanged signal was received. A local attacker could use
+	    this flaw to escalate their privileges.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-0292</cvename>
+      <url>https://bugs.freedesktop.org/show_bug.cgi?id=60916</url>
+    </references>
+    <dates>
+      <discovery>2013-02-15</discovery>
+      <entry>2014-04-11</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="bf7912f5-c1a8-11e3-a5ac-001b21614864">
+    <topic>nas -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>nas</name>
+	<name>linux-f10-nas-libs</name>
+	<range><lt>1.9.4</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Hamid Zamani reports:</p>
+	<blockquote cite="http://radscan.com/pipermail/nas/2013-August/001270.html">
+	  <p>multiple security problems (buffer overflows, format string
+	    vulnerabilities and missing input sanitising), which could lead to
+	    the execution of arbitrary code.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-4256</cvename>
+      <cvename>CVE-2013-4257</cvename>
+      <cvename>CVE-2013-4258</cvename>
+      <url>http://radscan.com/pipermail/nas/2013-August/001270.html</url>
+    </references>
+    <dates>
+      <discovery>2013-08-07</discovery>
+      <entry>2014-04-11</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="09f47c51-c1a6-11e3-a5ac-001b21614864">
+    <topic>libaudiofile -- heap-based overflow in Microsoft ADPCM compression module</topic>
+    <affects>
+      <package>
+	<name>libaudiofile</name>
+	<name>linux-f10-libaudiofile</name>
+	<range><lt>0.2.7</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Debian reports:</p>
+	<blockquote cite="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205">
+	  <p>Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile
+	    0.2.6 allows context-dependent attackers to cause a denial of service
+	    (application crash) or possibly execute arbitrary code via a crafted
+	    WAV file.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2014-0159</cvename>
+      <url>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205</url>
+    </references>
+    <dates>
+      <discovery>2008-12-30</discovery>
+      <entry>2014-04-11</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="7ccd4def-c1be-11e3-9d09-000c2980a9f3">
     <topic>OpenSSL -- Local Information Disclosure</topic>
     <affects>
@@ -1084,6 +1238,7 @@
     <affects>
       <package>
 	<name>gnutls</name>
+	<name>linux-f10-gnutls</name>
 	<range><lt>2.12.23_4</lt></range>
       </package>
       <package>
@@ -4644,6 +4799,7 @@
     <affects>
       <package>
 	<name>libgcrypt</name>
+	<name>linux-f10-libgcrypt</name>
 	<range><lt>1.5.3</lt></range>
       </package>
     </affects>
@@ -4660,6 +4816,7 @@
       </body>
     </description>
     <references>
+    <cvename>CVE-2013-4242</cvename>
     <url>http://eprint.iacr.org/2013/448</url>
     <url>http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000329.html</url>
     <url>http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html</url>
@@ -17586,6 +17743,7 @@
     <affects>
       <package>
 	<name>libxml2</name>
+	<name>linux-f10-libxml2</name>
 	<range><lt>2.7.8_3</lt></range>
       </package>
     </affects>
@@ -18888,6 +19046,7 @@
     <affects>
       <package>
 	<name>png</name>
+	<name>linux-f10-png</name>
 	<range><lt>1.4.11</lt></range>
       </package>
     </affects>
@@ -19929,6 +20088,7 @@
     <affects>
       <package>
 	<name>libxml2</name>
+	<name>linux-f10-libxml2</name>
 	<range><lt>2.7.8_2</lt></range>
       </package>
     </affects>
@@ -22706,6 +22866,7 @@
       </package>
       <package>
 	<name>libxml2</name>
+	<name>linux-f10-libxml2</name>
 	<range><lt>2.7.8</lt></range>
       </package>
     </affects>
@@ -32355,6 +32516,7 @@
       </package>
       <package>
 	<name>linux-tiff</name>
+	<name>linux-f10-tiff</name>
 	<range><lt>3.9.4</lt></range>
       </package>
     </affects>
@@ -33540,6 +33702,11 @@
 	<name>linux-firefox-devel</name>
 	<range><lt>3.5.9</lt></range>
       </package>
+      <package>
+        <name>nss</name>
+        <name>linux-f10-nss</name>
+        <range><lt>3.12.5</lt></range>
+      </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
@@ -35069,6 +35236,7 @@
     <affects>
       <package>
 	<name>expat2</name>
+	<name>linux-f10-expat</name>
 	<range><lt>2.0.1_1</lt></range>
       </package>
     </affects>


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list