diff options
author | Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> | 2020-04-21 19:48:03 +0000 |
---|---|---|
committer | Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> | 2020-04-21 19:48:03 +0000 |
commit | 1e71200b5219dbbb2119fa52e79461f9b06c6707 (patch) | |
tree | 79ad172b232488b166af3a9d77e897b0d773e284 /security | |
parent | d8d6270dd85475e94a22a0e4a1e0317e71fe09a8 (diff) | |
download | ports-1e71200b5219dbbb2119fa52e79461f9b06c6707.tar.gz ports-1e71200b5219dbbb2119fa52e79461f9b06c6707.zip |
Document libntlm vulnerability
Notes
Notes:
svn path=/head/; revision=532399
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 52d41c78fa9d..c1763cc86090 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,37 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="0f798bd6-8325-11ea-9a78-08002728f74c"> + <topic>libntlm -- buffer overflow vulnerability</topic> + <affects> + <package> + <name>libntlm</name> + <range><lt>1.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>NVD reports:</p> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2019-17455"> + <p>Libntlm through 1.5 relies on a fixed buffer size for + tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse + read and write operations, as demonstrated by a stack-based buffer + over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM + request.</p> + </blockquote> + </body> + </description> + <references> + <url>https://gitlab.com/jas/libntlm/-/issues/2</url> + <url>https://nvd.nist.gov/vuln/detail/CVE-2019-17455</url> + <cvename>CVE-2019-17455</cvename> + </references> + <dates> + <discovery>2019-10-08</discovery> + <entry>2020-04-21</entry> + </dates> + </vuln> + <vuln vid="012809ce-83f3-11ea-92ab-00163e433440"> <topic>OpenSSL remote denial of service vulnerability</topic> <affects> |