diff options
| author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2004-05-19 12:57:13 +0000 |
|---|---|---|
| committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2004-05-19 12:57:13 +0000 |
| commit | c04f519b288f8e6142133e12f0102dfe62add5c7 (patch) | |
| tree | 99141d8788518981259b8f2dba0aee3630d76dc6 /security/vuxml/vuln.xml | |
| parent | Add an entry for the cvs pserver heap overflow. (diff) | |
make tidy
Notes
Notes:
svn path=/head/; revision=109504
Diffstat (limited to 'security/vuxml/vuln.xml')
| -rw-r--r-- | security/vuxml/vuln.xml | 74 |
1 files changed, 37 insertions, 37 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 64223a342486..64900ce86b98 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -138,6 +138,43 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. </dates> </vuln> + <vuln vid="35f6fdf8-a425-11d8-9c6d-0020ed76ef5a"> + <topic>Cyrus IMAP pre-authentication heap overflow vulnerability</topic> + <affects> + <package> + <name>cyrus</name> + <range><lt>2.0.17</lt></range> + <range><ge>2.1</ge><lt>2.1.11</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>In December 2002, Timo Sirainen reported:</p> + <blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&m=103886607825605"> + <p>Cyrus IMAP server has a a remotely exploitable pre-login + buffer overflow. [...] Note that you don't have to log in + before exploiting this, and since Cyrus + runs everything under one UID, it's possible to read every + user's mail in the system.</p> + </blockquote> + <p>It is unknown whether this vulnerability is exploitable for code + execution on FreeBSD systems.</p> + </body> + </description> + <references> + <cvename>CAN-2002-1580</cvename> + <bid>6298</bid> + <url>http://marc.theaimsgroup.com/?l=bugtraq&m=103886607825605</url> + <certvu>740169</certvu> + <!-- <mlist msgid="20021202175606.GA26254@irccrew.org">http://marc.theaimsgroup.com/?l=bugtraq&m=103886607825605</mlist> --> + </references> + <dates> + <discovery>2002-12-02</discovery> + <entry>2004-05-12</entry> + <modified>2004-05-18</modified> + </dates> + </vuln> + <vuln vid="20be2982-4aae-11d8-96f2-0020ed76ef5a"> <topic>fsp buffer overflow and directory traversal vulnerabilities</topic> <affects> @@ -228,43 +265,6 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. </dates> </vuln> - <vuln vid="35f6fdf8-a425-11d8-9c6d-0020ed76ef5a"> - <topic>Cyrus IMAP pre-authentication heap overflow vulnerability</topic> - <affects> - <package> - <name>cyrus</name> - <range><lt>2.0.17</lt></range> - <range><ge>2.1</ge><lt>2.1.11</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml"> - <p>In December 2002, Timo Sirainen reported:</p> - <blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&m=103886607825605"> - <p>Cyrus IMAP server has a a remotely exploitable pre-login - buffer overflow. [...] Note that you don't have to log in - before exploiting this, and since Cyrus - runs everything under one UID, it's possible to read every - user's mail in the system.</p> - </blockquote> - <p>It is unknown whether this vulnerability is exploitable for code - execution on FreeBSD systems.</p> - </body> - </description> - <references> - <cvename>CAN-2002-1580</cvename> - <bid>6298</bid> - <url>http://marc.theaimsgroup.com/?l=bugtraq&m=103886607825605</url> - <certvu>740169</certvu> - <!-- <mlist msgid="20021202175606.GA26254@irccrew.org">http://marc.theaimsgroup.com/?l=bugtraq&m=103886607825605</mlist> --> - </references> - <dates> - <discovery>2002-12-02</discovery> - <entry>2004-05-12</entry> - <modified>2004-05-18</modified> - </dates> - </vuln> - <vuln vid="fde53204-7ea6-11d8-9645-0020ed76ef5a"> <topic>insecure temporary file creation in xine-check, xine-bugreport</topic> <affects> |