diff options
| author | Oliver Eikemeier <eik@FreeBSD.org> | 2004-06-12 22:43:44 +0000 |
|---|---|---|
| committer | Oliver Eikemeier <eik@FreeBSD.org> | 2004-06-12 22:43:44 +0000 |
| commit | 53ec7442a9325113735ee05e7835d4ac9f2b4c7c (patch) | |
| tree | df3c2f585996309f1dd45175706e6ec349c8c84f /ports-mgmt/portaudit-db/database | |
| parent | Fix build with gcc34 (diff) | |
portaudit-db generates a portaudit database from a current
ports tree. It also features a file `database/portaudit.txt'
where UUIDs for vulnerabilities can be allocated quickly
before they are moved to the VuXML database.
Call `packaudit' after upgrading your ports tree.
Diffstat (limited to 'ports-mgmt/portaudit-db/database')
| -rw-r--r-- | ports-mgmt/portaudit-db/database/portaudit.txt | 7 | ||||
| -rw-r--r-- | ports-mgmt/portaudit-db/database/portaudit.xlist | 4 | ||||
| -rw-r--r-- | ports-mgmt/portaudit-db/database/portaudit.xml | 69 |
3 files changed, 80 insertions, 0 deletions
diff --git a/ports-mgmt/portaudit-db/database/portaudit.txt b/ports-mgmt/portaudit-db/database/portaudit.txt new file mode 100644 index 000000000000..7d3a72b5aff2 --- /dev/null +++ b/ports-mgmt/portaudit-db/database/portaudit.txt @@ -0,0 +1,7 @@ +# portaudit text based database +# $FreeBSD$ +smtpproxy<=1.1.3|http://0xbadc0ded.org/advisories/0402.txt|remotely exploitable format string vulnerability|1abf65f9-bc9d-11d8-916c-000347dd607f +apache<1.3.31_1|http://www.apacheweek.com/features/security-13|mod_proxy buffer overflow (CAN-2004-0492)|5bcd500c-bc9d-11d8-916c-000347dd607f +apache+mod_ssl<1.3.31+2.8.18_3|http://www.apacheweek.com/features/security-13|mod_proxy buffer overflow (CAN-2004-0492)|5bcd500c-bc9d-11d8-916c-000347dd607f +apache<2.0.49_1|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0488|mod_ssl stack-based buffer overflow|662cd99e-bc9d-11d8-916c-000347dd607f +apache+mod_ssl*<1.3.31+2.8.18_4|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0488|mod_ssl stack-based buffer overflow|662cd99e-bc9d-11d8-916c-000347dd607f diff --git a/ports-mgmt/portaudit-db/database/portaudit.xlist b/ports-mgmt/portaudit-db/database/portaudit.xlist new file mode 100644 index 000000000000..48700b58868a --- /dev/null +++ b/ports-mgmt/portaudit-db/database/portaudit.xlist @@ -0,0 +1,4 @@ +# portaudit exclude list +# $FreeBSD$ +3362f2c1-8344-11d8-a41f-0020ed76ef5a +5e7f58c3-b3f8-4258-aeb8-795e5e940ff8 diff --git a/ports-mgmt/portaudit-db/database/portaudit.xml b/ports-mgmt/portaudit-db/database/portaudit.xml new file mode 100644 index 000000000000..ae616f4cbf7e --- /dev/null +++ b/ports-mgmt/portaudit-db/database/portaudit.xml @@ -0,0 +1,69 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- +This file is in the public domain. + $FreeBSD$ +--> +<!DOCTYPE vuxml PUBLIC "-//vuxml.org//DTD VuXML 1.1//EN" "http://www.vuxml.org/dtd/vuxml-1/vuxml-11.dtd"> +<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + + <vuln vid="42e330ab-82a4-11d8-868e-000347dd607f"> + <topic>MPlayer remotely exploitable buffer overflow in the ASX parser</topic> + <affects> + <package> + <name>mplayer</name> + <name>mplayer-esound</name> + <name>mplayer-gtk</name> + <name>mplayer-gtk-esound</name> + <range><lt>0.92</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A remotely exploitable buffer overflow vulnerability was found in + MPlayer. A malicious host can craft a harmful ASX header, + and trick MPlayer into executing arbitrary code upon parsing that header.</p> + </body> + </description> + <references> + <url>http://www.mplayerhq.hu/</url> + <url>http://www.securityfocus.com/archive/1/339330</url> + <url>http://www.securityfocus.com/archive/1/339193</url> + <cvename>CAN-2003-0835</cvename> + <bid>8702</bid> + </references> + <dates> + <discovery>2003-09-24</discovery> + <entry>2004-03-30</entry> + </dates> + </vuln> + + <vuln vid="d8c46d74-8288-11d8-868e-000347dd607f"> + <topic>MPlayer remotely exploitable buffer overflow in the HTTP parser</topic> + <affects> + <package> + <name>mplayer</name> + <name>mplayer-esound</name> + <name>mplayer-gtk</name> + <name>mplayer-gtk-esound</name> + <range><lt>0.92.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A remotely exploitable buffer overflow vulnerability was found in + MPlayer. A malicious host can craft a harmful HTTP header ("Location:"), + and trick MPlayer into executing arbitrary code upon parsing that header.</p> + </body> + </description> + <references> + <url>http://www.mplayerhq.hu/</url> + <url>http://www.securityfocus.com/archive/1/359029</url> + <url>http://www.securityfocus.com/archive/1/359025</url> + </references> + <dates> + <discovery>2004-03-29</discovery> + <entry>2004-03-30</entry> + </dates> + </vuln> + +</vuxml> |