freebsd-ports/security/vuxml/vuln-2003.xml

  <vuln vid="81313647-2d03-11d8-9355-0020ed76ef5a">
    <topic>ElGamal sign+encrypt keys created by GnuPG can be compromised</topic>
    <affects>
      <package>
	<name>gnupg</name>
	<range><ge>1.0.2</ge><lt>1.2.3_4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Any ElGamal sign+encrypt keys created by GnuPG contain a
	  cryptographic weakness that may allow someone to obtain
	  the private key. <strong>These keys should be considered
	  unusable and should be revoked.</strong></p>
	<p>The following summary was written by Werner Koch, GnuPG
	  author:</p>
	<blockquote cite="http://lists.gnupg.org/pipermail/gnupg-devel/2003-November/020570.html">
	  <p>Phong Nguyen identified a severe bug in the way GnuPG
	    creates and uses ElGamal keys for signing.	This is
	    a significant security failure which can lead to a
	    compromise of almost all ElGamal keys used for signing.
	    Note that this is a real world vulnerability which will
	    reveal your private key within a few seconds.</p>
	  <p>...</p>
	  <p>Please <em>take immediate action and revoke your ElGamal
	    signing keys</em>.	Furthermore you should take whatever
	    measures necessary to limit the damage done for signed or
	    encrypted documents using that key.</p>
	  <p>Note that the standard keys as generated by GnuPG (DSA
	    and ElGamal encryption) as well as RSA keys are NOT
	    vulnerable.  Note also that ElGamal signing keys cannot
	    be generated without the use of a special flag to enable
	    hidden options and even then overriding a warning message
	    about this key type.  See below for details on how to
	    identify vulnerable keys.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2003-0971</cvename>
      <mlist>http://lists.gnupg.org/pipermail/gnupg-devel/2003-November/020570.html</mlist>
    </references>
    <dates>
      <discovery>2003-11-27</discovery>
      <entry>2003-12-12</entry>
    </dates>
  </vuln>

  <vuln vid="f04cc5cb-2d0b-11d8-beaf-000a95c4d922">
    <topic>bind8 negative cache poison attack</topic>
    <affects>
      <package>
	<name>bind</name>
	<range><ge>8.3</ge><lt>8.3.7</lt></range>
	<range><ge>8.4</ge><lt>8.4.3</lt></range>
      </package>
      <package>
	<name>FreeBSD</name>
	<range><ge>5.1</ge><lt>5.1_11</lt></range>
	<range><ge>5.0</ge><lt>5.0_19</lt></range>
	<range><ge>4.9</ge><lt>4.9_1</lt></range>
	<range><ge>4.8</ge><lt>4.8_14</lt></range>
	<range><ge>4.7</ge><lt>4.7_24</lt></range>
	<range><ge>4.6</ge><lt>4.6.2_27</lt></range>
	<range><ge>4.5</ge><lt>4.5_37</lt></range>
	<range><lt>4.4_47</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>A programming error in BIND 8 named can result in a DNS
	message being incorrectly cached as a negative response.  As
	a result, an attacker may arrange for malicious DNS messages
	to be delivered to a target name server, and cause that name
	server to cache a negative response for some target domain
	name.  The name server would thereafter respond negatively
	to legitimate queries for that domain name, resulting in a
	denial-of-service for applications that require DNS.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2003-0914</cvename>
      <freebsdsa>SA-03:19.bind</freebsdsa>
      <certvu>734644</certvu>
    </references>
    <dates>
      <discovery>2003-11-28</discovery>
      <entry>2003-12-12</entry>
      <modified>2004-05-05</modified>
    </dates>
  </vuln>

  <vuln vid="96fdbf5b-2cfd-11d8-9355-0020ed76ef5a">
    <topic>Mathopd buffer overflow</topic>
    <affects>
      <package>
	<name>mathopd</name>
	<range><lt>1.4p2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mathopd contains a buffer overflow in the prepare_reply()
	  function that may be remotely exploitable.</p>
      </body>
    </description>
    <references>
      <url>http://www.mail-archive.com/mathopd%40mathopd.org/msg00136.html</url>
    </references>
    <dates>
      <discovery>2003-12-04</discovery>
      <entry>2003-12-12</entry>
    </dates>
  </vuln>

  <vuln vid="d7af61c8-2cc0-11d8-9355-0020ed76ef5a">
    <topic>lftp HTML parsing vulnerability</topic>
    <affects>
      <package>
	<name>lftp</name>
	<range><le>2.6.10</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>A buffer overflow exists in lftp which may be triggered when
	  requesting a directory listing from a malicious server over
	  HTTP.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2003-0963</cvename>
      <url>http://lftp.yar.ru/news.html#2.6.10</url>
    </references>
    <dates>
      <discovery>2003-12-11</discovery>
      <entry>2003-12-12</entry>
    </dates>
  </vuln>

  <vuln vid="ebdf65c7-2ca6-11d8-9355-0020ed76ef5a">
    <topic>qpopper format string vulnerability</topic>
    <affects>
      <package>
	<name>qpopper</name>
	<range><lt>2.53_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>An authenticated user may trigger a format string
	  vulnerability present in qpopper's UIDL code, resulting
	  in arbitrary code execution with group ID `mail'
	  privileges.</p>
      </body>
    </description>
    <references>
      <bid>1241</bid>
      <cvename>CVE-2000-0442</cvename>
      <url>http://www.netsys.com/suse-linux-security/2000-May/att-0137/01-b0f5-Qpopper.txt</url>
    </references>
    <dates>
      <discovery>2000-05-23</discovery>
      <entry>2003-12-12</entry>
    </dates>
  </vuln>

  <vuln vid="af0296be-2455-11d8-82e5-0020ed76ef5a">
    <topic>fetchmail -- address parsing vulnerability</topic>
    <affects>
      <package>
	<name>fetchmail</name>
	<range><le>6.2.0</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Fetchmail can be crashed by a malicious email message.</p>
      </body>
    </description>
    <references>
      <url>http://security.e-matters.de/advisories/052002.html</url>
    </references>
    <dates>
      <discovery>2003-10-25</discovery>
      <entry>2003-10-25</entry>
      <modified>2012-09-04</modified>
    </dates>
  </vuln>

  <vuln vid="2bcd2d24-24ca-11d8-82e5-0020ed76ef5a">
    <topic>Buffer overflow in pam_smb password handling</topic>
    <affects>
      <package>
	<name>pam_smb</name>
	<range><lt>1.9.9_3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Applications utilizing pam_smb can be compromised by
	  any user who can enter a password.  In many cases,
	  this is a remote root compromise.</p>
      </body>
    </description>
    <references>
      <url>http://www.skynet.ie/~airlied/pam_smb/</url>
      <cvename>CVE-2003-0686</cvename>
    </references>
    <dates>
      <discovery>2003-10-25</discovery>
      <entry>2003-10-25</entry>
      <modified>2003-10-25</modified>
    </dates>
  </vuln>

  <vuln vid="c4b7badf-24ca-11d8-82e5-0020ed76ef5a">
    <topic>Buffer overflows in libmcrypt</topic>
    <affects>
      <package>
	<name>libmcrypt</name>
	<range><lt>2.5.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>libmcrypt does incomplete input validation, leading to
	  several buffer overflows.  Additionally,
	  a memory leak is present.  Both of these problems may be
	  exploited in a denial-of-service attack.</p>
      </body>
    </description>
    <references>
      <mlist>http://marc.theaimsgroup.com/?l=bugtraq&amp;m=104162752401212&amp;w=2</mlist>
      <cvename>CVE-2003-0031</cvename>
      <cvename>CVE-2003-0032</cvename>
    </references>
    <dates>
      <discovery>2003-10-25</discovery>
      <entry>2003-10-25</entry>
      <modified>2003-10-25</modified>
    </dates>
  </vuln>

  <vuln vid="6fd9a1e9-efd3-11d8-9837-000c41e2cdad">
    <cancelled/>
  </vuln>

  <vuln vid="3362f2c1-8344-11d8-a41f-0020ed76ef5a">
    <cancelled/>
  </vuln>
Split vuln.xml file [1/2] The vuln.xml file has grown a lot since 2003. To avoid having to unlock the svn size limitation, the file is now split into 1 file per year up to the current year + previous one. The split is made based on the date when the entry has been added. In order to achieve the split without breaking any consumer we use a standard XML mechanism via the definition of entities. While here add a new target make vuln-flat.xml which will expand the entities in order to be able to regenerate a one uniq file if needed. This useful to for example allow to test with pkg audit directly given the XML parser used in pkg does not support custom entities. The vuxml web site generator has been modified to ensure the vuln.xml file it provides is the expanded version, so for consumers it is still only one single file to download. 2021-01-21 14:18:49 +01:00			`<vuln vid="81313647-2d03-11d8-9355-0020ed76ef5a">`
			`<topic>ElGamal sign+encrypt keys created by GnuPG can be compromised</topic>`
			`<affects>`
			`<package>`
			`<name>gnupg</name>`
			`<range><ge>1.0.2</ge><lt>1.2.3_4</lt></range>`
			`</package>`
			`</affects>`
			`<description>`
			`<body xmlns="http://www.w3.org/1999/xhtml">`
			`<p>Any ElGamal sign+encrypt keys created by GnuPG contain a`
			`cryptographic weakness that may allow someone to obtain`
			`the private key. <strong>These keys should be considered`
			`unusable and should be revoked.</strong></p>`
			`<p>The following summary was written by Werner Koch, GnuPG`
			`author:</p>`
			`<blockquote cite="http://lists.gnupg.org/pipermail/gnupg-devel/2003-November/020570.html">`
			`<p>Phong Nguyen identified a severe bug in the way GnuPG`
			`creates and uses ElGamal keys for signing. This is`
			`a significant security failure which can lead to a`
			`compromise of almost all ElGamal keys used for signing.`
			`Note that this is a real world vulnerability which will`
			`reveal your private key within a few seconds.</p>`
			`<p>...</p>`
			`<p>Please <em>take immediate action and revoke your ElGamal`
			`signing keys</em>. Furthermore you should take whatever`
			`measures necessary to limit the damage done for signed or`
			`encrypted documents using that key.</p>`
			`<p>Note that the standard keys as generated by GnuPG (DSA`
			`and ElGamal encryption) as well as RSA keys are NOT`
			`vulnerable. Note also that ElGamal signing keys cannot`
			`be generated without the use of a special flag to enable`
			`hidden options and even then overriding a warning message`
			`about this key type. See below for details on how to`
			`identify vulnerable keys.</p>`
			`</blockquote>`
			`</body>`
			`</description>`
			`<references>`
			`<cvename>CVE-2003-0971</cvename>`
			`<mlist>http://lists.gnupg.org/pipermail/gnupg-devel/2003-November/020570.html</mlist>`
			`</references>`
			`<dates>`
			`<discovery>2003-11-27</discovery>`
			`<entry>2003-12-12</entry>`
			`</dates>`
			`</vuln>`

			`<vuln vid="f04cc5cb-2d0b-11d8-beaf-000a95c4d922">`
			`<topic>bind8 negative cache poison attack</topic>`
			`<affects>`
			`<package>`
			`<name>bind</name>`
			`<range><ge>8.3</ge><lt>8.3.7</lt></range>`
			`<range><ge>8.4</ge><lt>8.4.3</lt></range>`
			`</package>`
			`<package>`
			`<name>FreeBSD</name>`
			`<range><ge>5.1</ge><lt>5.1_11</lt></range>`
			`<range><ge>5.0</ge><lt>5.0_19</lt></range>`
			`<range><ge>4.9</ge><lt>4.9_1</lt></range>`
			`<range><ge>4.8</ge><lt>4.8_14</lt></range>`
			`<range><ge>4.7</ge><lt>4.7_24</lt></range>`
			`<range><ge>4.6</ge><lt>4.6.2_27</lt></range>`
			`<range><ge>4.5</ge><lt>4.5_37</lt></range>`
			`<range><lt>4.4_47</lt></range>`
			`</package>`
			`</affects>`
			`<description>`
			`<body xmlns="http://www.w3.org/1999/xhtml">`
			`<p>A programming error in BIND 8 named can result in a DNS`
			`message being incorrectly cached as a negative response. As`
			`a result, an attacker may arrange for malicious DNS messages`
			`to be delivered to a target name server, and cause that name`
			`server to cache a negative response for some target domain`
			`name. The name server would thereafter respond negatively`
			`to legitimate queries for that domain name, resulting in a`
			`denial-of-service for applications that require DNS.</p>`
			`</body>`
			`</description>`
			`<references>`
			`<cvename>CVE-2003-0914</cvename>`
			`<freebsdsa>SA-03:19.bind</freebsdsa>`
			`<certvu>734644</certvu>`
			`</references>`
			`<dates>`
			`<discovery>2003-11-28</discovery>`
			`<entry>2003-12-12</entry>`
			`<modified>2004-05-05</modified>`
			`</dates>`
			`</vuln>`

			`<vuln vid="96fdbf5b-2cfd-11d8-9355-0020ed76ef5a">`
			`<topic>Mathopd buffer overflow</topic>`
			`<affects>`
			`<package>`
			`<name>mathopd</name>`
			`<range><lt>1.4p2</lt></range>`
			`</package>`
			`</affects>`
			`<description>`
			`<body xmlns="http://www.w3.org/1999/xhtml">`
			`<p>Mathopd contains a buffer overflow in the prepare_reply()`
			`function that may be remotely exploitable.</p>`
			`</body>`
			`</description>`
			`<references>`
			`<url>http://www.mail-archive.com/mathopd%40mathopd.org/msg00136.html</url>`
			`</references>`
			`<dates>`
			`<discovery>2003-12-04</discovery>`
			`<entry>2003-12-12</entry>`
			`</dates>`
			`</vuln>`

			`<vuln vid="d7af61c8-2cc0-11d8-9355-0020ed76ef5a">`
			`<topic>lftp HTML parsing vulnerability</topic>`
			`<affects>`
			`<package>`
			`<name>lftp</name>`
			`<range><le>2.6.10</le></range>`
			`</package>`
			`</affects>`
			`<description>`
			`<body xmlns="http://www.w3.org/1999/xhtml">`
			`<p>A buffer overflow exists in lftp which may be triggered when`
			`requesting a directory listing from a malicious server over`
			`HTTP.</p>`
			`</body>`
			`</description>`
			`<references>`
			`<cvename>CVE-2003-0963</cvename>`
			`<url>http://lftp.yar.ru/news.html#2.6.10</url>`
			`</references>`
			`<dates>`
			`<discovery>2003-12-11</discovery>`
			`<entry>2003-12-12</entry>`
			`</dates>`
			`</vuln>`

Fix indentation 2021-01-25 16:50:42 +01:00			`<vuln vid="ebdf65c7-2ca6-11d8-9355-0020ed76ef5a">`
Split vuln.xml file [1/2] The vuln.xml file has grown a lot since 2003. To avoid having to unlock the svn size limitation, the file is now split into 1 file per year up to the current year + previous one. The split is made based on the date when the entry has been added. In order to achieve the split without breaking any consumer we use a standard XML mechanism via the definition of entities. While here add a new target make vuln-flat.xml which will expand the entities in order to be able to regenerate a one uniq file if needed. This useful to for example allow to test with pkg audit directly given the XML parser used in pkg does not support custom entities. The vuxml web site generator has been modified to ensure the vuln.xml file it provides is the expanded version, so for consumers it is still only one single file to download. 2021-01-21 14:18:49 +01:00			`<topic>qpopper format string vulnerability</topic>`
			`<affects>`
			`<package>`
			`<name>qpopper</name>`
			`<range><lt>2.53_1</lt></range>`
			`</package>`
			`</affects>`
			`<description>`
			`<body xmlns="http://www.w3.org/1999/xhtml">`
			`<p>An authenticated user may trigger a format string`
			`vulnerability present in qpopper's UIDL code, resulting`
			in arbitrary code execution with group ID `mail'
			`privileges.</p>`
			`</body>`
			`</description>`
			`<references>`
			`<bid>1241</bid>`
			`<cvename>CVE-2000-0442</cvename>`
			`<url>http://www.netsys.com/suse-linux-security/2000-May/att-0137/01-b0f5-Qpopper.txt</url>`
			`</references>`
			`<dates>`
			`<discovery>2000-05-23</discovery>`
			`<entry>2003-12-12</entry>`
			`</dates>`
			`</vuln>`

			`<vuln vid="af0296be-2455-11d8-82e5-0020ed76ef5a">`
			`<topic>fetchmail -- address parsing vulnerability</topic>`
			`<affects>`
			`<package>`
			`<name>fetchmail</name>`
			`<range><le>6.2.0</le></range>`
			`</package>`
			`</affects>`
			`<description>`
			`<body xmlns="http://www.w3.org/1999/xhtml">`
			`<p>Fetchmail can be crashed by a malicious email message.</p>`
			`</body>`
			`</description>`
			`<references>`
			`<url>http://security.e-matters.de/advisories/052002.html</url>`
			`</references>`
			`<dates>`
			`<discovery>2003-10-25</discovery>`
			`<entry>2003-10-25</entry>`
			`<modified>2012-09-04</modified>`
			`</dates>`
			`</vuln>`

			`<vuln vid="2bcd2d24-24ca-11d8-82e5-0020ed76ef5a">`
			`<topic>Buffer overflow in pam_smb password handling</topic>`
			`<affects>`
			`<package>`
			`<name>pam_smb</name>`
			`<range><lt>1.9.9_3</lt></range>`
			`</package>`
			`</affects>`
			`<description>`
			`<body xmlns="http://www.w3.org/1999/xhtml">`
			`<p>Applications utilizing pam_smb can be compromised by`
			`any user who can enter a password. In many cases,`
			`this is a remote root compromise.</p>`
			`</body>`
			`</description>`
			`<references>`
			`<url>http://www.skynet.ie/~airlied/pam_smb/</url>`
			`<cvename>CVE-2003-0686</cvename>`
			`</references>`
			`<dates>`
			`<discovery>2003-10-25</discovery>`
			`<entry>2003-10-25</entry>`
			`<modified>2003-10-25</modified>`
			`</dates>`
			`</vuln>`

			`<vuln vid="c4b7badf-24ca-11d8-82e5-0020ed76ef5a">`
			`<topic>Buffer overflows in libmcrypt</topic>`
			`<affects>`
			`<package>`
			`<name>libmcrypt</name>`
			`<range><lt>2.5.6</lt></range>`
			`</package>`
			`</affects>`
			`<description>`
			`<body xmlns="http://www.w3.org/1999/xhtml">`
			`<p>libmcrypt does incomplete input validation, leading to`
			`several buffer overflows. Additionally,`
			`a memory leak is present. Both of these problems may be`
			`exploited in a denial-of-service attack.</p>`
			`</body>`
			`</description>`
			`<references>`
			`<mlist>http://marc.theaimsgroup.com/?l=bugtraq&m=104162752401212&w=2</mlist>`
			`<cvename>CVE-2003-0031</cvename>`
			`<cvename>CVE-2003-0032</cvename>`
			`</references>`
			`<dates>`
			`<discovery>2003-10-25</discovery>`
			`<entry>2003-10-25</entry>`
			`<modified>2003-10-25</modified>`
			`</dates>`
			`</vuln>`

			`<vuln vid="6fd9a1e9-efd3-11d8-9837-000c41e2cdad">`
			`<cancelled/>`
			`</vuln>`

			`<vuln vid="3362f2c1-8344-11d8-a41f-0020ed76ef5a">`
			`<cancelled/>`
			`</vuln>`