doc/share/security/advisories/FreeBSD-SN-02:03.asc

-----BEGIN PGP SIGNED MESSAGE-----

=============================================================================
FreeBSD-SN-02:03                                              Security Notice
                                                          The FreeBSD Project

Topic:          security issues in ports
Announced:      2002-05-28

I.   Introduction

Several ports in the FreeBSD Ports Collection are affected by security
issues.  These are listed below with references and affected versions.
All versions given refer to the FreeBSD port/package version numbers.
The listed vulnerabilities are not specific to FreeBSD unless
otherwise noted.

These ports are not installed by default, nor are they ``part of
FreeBSD'' as such.  The FreeBSD Ports Collection contains thousands of
third-party applications in a ready-to-install format.  FreeBSD makes
no claim about the security of these third-party applications.  See
<URL:http://www.freebsd.org/ports/> for more information about the
FreeBSD Ports Collection.

II.  Ports

+------------------------------------------------------------------------+
Port name:      amanda
Affected:       versions <= amanda-2.3.0.4
Status:         Port removed
Obsolete versions of Amanda contain multiple buffer overflows.
<URL:http://online.securityfocus.com/archive/1/274215>
+------------------------------------------------------------------------+
Port name:      fetchmail
Affected:       versions < fetchmail-5.9.11
Status:         Fixed
<URL:http://tuxedo.org/~esr/fetchmail/NEWS>
<URL:http://rhn.redhat.com/errata/RHSA-2002-047.html>
+------------------------------------------------------------------------+
Port name:      gaim
Affected:       versions < gaim-0.58
Status:         Fixed
World-readable temp files allow access to gaim users' hotmail
accounts.
<URL:http://online.securityfocus.com/archive/1/272180>
+------------------------------------------------------------------------+
Port name:      gnokii
Affected:       versions < gnokii-0.4.0.p20,1
Status:         Fixed
Write access to any file in the filesystem.
<URL:http://www.gnokii.org/news.shtml>
+------------------------------------------------------------------------+
Port name:      horde
Affected:       versions < horde-1.2.8
Status:         Fixed
Cross-site scripting attacks.
+------------------------------------------------------------------------+
Port name:      imap-uw
Affected:       all versions
Status:         Not fixed
Only when compiled with RFC 1730 support (make -DWITH_RFC1730):
Remote buffer overflow yielding non-privileged shell access.
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0379>
<URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102107222100529&w=2>
+------------------------------------------------------------------------+
Port name:      imp
Affected:       versions < imp-2.2.8
Status:         Fixed
Cross-site scripting attacks.
+------------------------------------------------------------------------+
Port name:      linux-netscape6
Affected:       versions < 6.2.3
Status:         Fixed
XMLHttpRequest allows reading of local files.
<URL:http://online.securityfocus.com/archive/1/270807>
+------------------------------------------------------------------------+
Port name:      mnogosearch
Affected:       versions < mnogosearch-3.1.19_2
Status:         Fixed
Long query can be abused to execute code with webserver privileges.
<URL:http://online.securityfocus.com/archive/1/272025>
+------------------------------------------------------------------------+
Port name:      mpg321
Affected:       versions < mpg321-0.2.9
Status:         Fixed
Buffer overflow may allow remote attackers to execute arbitrary code via
streaming data.
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0272>
+------------------------------------------------------------------------+
Port name:      ssh2
Affected:       all versions
Status:         Not fixed
Password authentication may be used even if password authentication
is disabled.
<URL:http://www.ssh.com/products/ssh/advisories/authentication.cfm>
+------------------------------------------------------------------------+
Port name:      tinyproxy
Affected:       versions < tinyproxy-1.5.0
Status:         Fixed
Invalid query could allow execution of arbitrary code.
<URL:http://tinyproxy.sourceforge.net/NEWS>
+------------------------------------------------------------------------+
Port name:      webmin
Affected:       versions < webmin-0.970
Status:         Fixed
Remote attacker can login to Webmin as any user.
<URL:http://www.webmin.com/webmin/changes.html>
+------------------------------------------------------------------------+

III. Upgrading Ports/Packages

To upgrade a fixed port/package, perform one of the following:

1) Upgrade your Ports Collection and rebuild and reinstall the port.
Several tools are available in the Ports Collection to make this
easier.  See:
  /usr/ports/devel/portcheckout
  /usr/ports/misc/porteasy
  /usr/ports/sysutils/portupgrade

2) Deinstall the old package and install a new package obtained from

[i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/

Packages are not automatically generated for other architectures at
this time.


+------------------------------------------------------------------------+
FreeBSD Security Notices are communications from the Security Officer
intended to inform the user community about potential security issues,
such as bugs in the third-party applications found in the Ports
Collection, which will not be addressed in a FreeBSD Security
Advisory.

Feedback on Security Notices is welcome at <security-officer@FreeBSD.org>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)

iQCVAwUBPPPEdFUuHi5z0oilAQFW8wP8CXG3dQyI5VPLp0m6frS4BtNtlkjOpq87
R/8FrDizVNGQ88+NzdPPPYWh8joAPGJZSXrWrSWKSge2dqEDK4CTpJ5BFzpQsxUZ
kexaZ43DRxrUMQN1AWDyarE+/y8uCk3BnJTWhNLOf2HeOYNekOn/BHQ53ucpoaKs
QQEX171+Jnk=
=Z1i5
-----END PGP SIGNATURE-----