diff options
author | Josef El-Rayes <josef@FreeBSD.org> | 2004-11-29 21:04:59 +0000 |
---|---|---|
committer | Josef El-Rayes <josef@FreeBSD.org> | 2004-11-29 21:04:59 +0000 |
commit | 5a21690f3eccdb6c33ca5a046fdcf29dd9718a86 (patch) | |
tree | 7b67239c4ec2e45f7ab6bf2ce06b4214910074ac | |
parent | Mark port forbidden, due to security vulnerability[1]. (diff) |
Document vulnerability in net/opendchub.
Based on submission by: Niels Heinen <niels.heinen@ubizen.com>
-rw-r--r-- | security/vuxml/vuln.xml | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index c886959cb37e..730384c1675b 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,32 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="cdf14b68-3ff9-11d9-8405-00065be4b5b6"> + <topic>Open Dc Hub -- remote buffer overflow vulnerability</topic> + <affects> + <package> + <name>opendchub</name> + <range><le>0.7.14_1</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Donato Ferrante reported an exploitable buffer overflow in + this software package. Any user that can login with 'admin' + privileges can abuse it, trough the $RedirectAll command, + to execute arbitrary code.</p> + </body> + </description> + <references> + <mlist msgid="20041124155429.893852455E@chernobyl.investici.org">http://marc.theaimsgroup.com/?l=bugtraq&m=110144606411674</mlist> + <url>http://www.gentoo.org/security/en/glsa/glsa-200411-37.xml</url> + </references> + <dates> + <discovery>2004-11-24</discovery> + <entry>2004-11-27</entry> + </dates> + </vuln> + <vuln vid="a163baff-3fe1-11d9-a9e7-0001020eed82"> <topic>unarj -- long filename buffer overflow</topic> <affects> |