Ruslan wrote in to mention that the ‘Latest Vulnerabilities’ section is not current. I’m trying to find out why.
FreshPorts has processed the latest vuln entries; http://www.freshports.org/vuxml.php reports Revision: 1.2685.
But http://www.freshports.org/vuxml.php?all lists nothing later than 2012-04-27.
I just refreshed the security/vuxml port on the main FreshPorts server. It is now re-processing the latest vuln file. Let’s see what that gives me.
Ummm. nothing different. OK, let’s delete all existing vuxml entries from the table and try again:
$ touch ../dynamic/vuxml ../dynamic/job_waiting && tail -F /var/log/messages May 6 15:03:27 supernews fp-daemon: yes, there is a job waiting May 6 15:03:28 supernews FreshPorts[12281]: flag not set. no work for process_updating.sh May 6 15:03:28 supernews FreshPorts[12281]: flag not set. no work for process_moved.sh May 6 15:03:28 supernews FreshPorts[12281]: flag not set. no work for process_www_en_ports_categories.sh May 6 15:03:28 supernews FreshPorts[12281]: /usr/websites/freshports.org/dynamic/vuxml exists. About to run process_vuxml.sh May 6 15:03:28 supernews FreshPorts /usr/websites/freshports.org/scripts/process_vuxml.sh: vuxml processing begins May 6 15:03:29 supernews FreshPorts /usr/websites/freshports.org/scripts/process_vuxml.sh: vuxml ident begins May 6 15:03:29 supernews FreshPorts /usr/websites/freshports.org/scripts/process_vuxml.sh: vuxml latest begins May 6 15:03:30 supernews FreshPorts /usr/websites/freshports.org/scripts/process_vuxml.sh: vuxml finishes May 6 15:03:30 supernews FreshPorts /usr/websites/freshports.org/scripts/process_vuxml.sh: vuxml terminates May 6 15:03:30 supernews FreshPorts[12281]: Finished running process_vuxml.sh May 6 15:03:31 supernews sudo: nagios : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/local/libexec/nagios/check_pid_sudo /var/run/dovecot/master.pid
Umm, that’s a problem. vuxml should take many minutes to run.
Running the command manually shows an error
[dan@supernews:/usr/websites/freshports.org/scripts] $ perl ./process_vuxml.pl -w < ~dan/ports/security/vuxml/vuln.xml
Existing VuXML entries will be deleted
dbname = freshports.org
creating parsing engine
running parsing engine
vid: 60de13d5-95f0-11e1-806a-001143cd36d8
topic: php -- vulnerability in certain CGI-based setups
packages:
php5:
gt: 5.4 lt: 5.4.2
lt: 5.3.12 php53:
lt: 5.3.12 php4:
lt: 4.4.10 php52:
lt: 5.2.17_8 description:
<p>php development team reports:</p>
<blockquote cite="http://www.php.net/archive/2012.php#id2012-05-03-1">
<p>Security Enhancements and Fixes in PHP 5.3.12:</p>
<ul>
<li>Initial fix for cgi-bin ?-s cmdarg parse issue
(CVE-2012-1823)</li>
</ul>
</blockquote>
references:
cvename: CVE-2012-1823
dates:
discovery: 2012-05-03
entry: 2012-05-05
-----------------------------
sql is insert into vuxml_affected(id, vuxml_id, type) values (
3252497,
2145201,
'package')
gt: 5.4 lt: 5.4.2
lt: 5.3.12 sql is insert into vuxml_affected(id, vuxml_id, type) values (
3252498,
2145201,
'package')
lt: 5.3.12 sql is insert into vuxml_affected(id, vuxml_id, type) values (
3252499,
2145201,
'package')
lt: 4.4.10 sql is insert into vuxml_affected(id, vuxml_id, type) values (
3252500,
2145201,
'package')
lt: 5.2.17_8 cvename: CVE-2012-1823
sql is insert into vuxml_references(id, vuxml_id, type, reference) values (
7817623,
2145201,
'cvename',
'CVE-2012-1823')
vid: 18dffa02-946a-11e1-be9d-000c29cc39d3
topic: WebCalendar -- multiple vulnerabilities
packages:
WebCalendar-devel:
le: 1.2.4 description:
<p>Hanno Boeck reports:</p>
<blockquote cite="http://www.openwall.com/lists/oss-security/2012/04/28/1">
<p>Fixes [are now available] for various security vulnerabilities
including LFI (local file inclusion), XSS (cross site scripting)
and others.</p>
</blockquote>
references:
cvename: CVE-2012-1495
cvename: CVE-2012-1496
url: http://packetstormsecurity.org/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html
url: http://packetstormsecurity.org/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html
url: http://archives.neohapsis.com/archives/bugtraq/2012-04/0182.html
dates:
discovery: 2012-04-28
entry: 2012-05-02
-----------------------------
sql is insert into vuxml_affected(id, vuxml_id, type) values (
3252501,
2145202,
'package')
le: 1.2.4 cvename: CVE-2012-1495
sql is insert into vuxml_references(id, vuxml_id, type, reference) values (
7817624,
2145202,
'cvename',
'CVE-2012-1495')
cvename: CVE-2012-1496
sql is insert into vuxml_references(id, vuxml_id, type, reference) values (
7817625,
2145202,
'cvename',
'CVE-2012-1496')
url: http://packetstormsecurity.org/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html
sql is insert into vuxml_references(id, vuxml_id, type, reference) values (
7817626,
2145202,
'url',
'http://packetstormsecurity.org/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html')
url: http://packetstormsecurity.org/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html
sql is insert into vuxml_references(id, vuxml_id, type, reference) values (
7817627,
2145202,
'url',
'http://packetstormsecurity.org/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html')
url: http://archives.neohapsis.com/archives/bugtraq/2012-04/0182.html
sql is insert into vuxml_references(id, vuxml_id, type, reference) values (
7817628,
2145202,
'url',
'http://archives.neohapsis.com/archives/bugtraq/2012-04/0182.html')
vid: 94c0ac4f-9388-11e1-b242-00262d5ed8ee
topic: chromium -- multiple vulnerabilities
packages:
chromium:
lt: 18.0.1025.168description:
<p>Google Chrome Releases reports:</p>
<blockquote cite="http://googlechromereleases.blogspot.com/search/label/Stable%20updates">
<p>[106413] High CVE-2011-3078: Use after free in floats handling.
Credit to Google Chrome Security Team (Marty Barbella) and
independent later discovery by miaubiz.</p>
<p>[117627] Medium CVE-2011-3079: IPC validation failure. Credit to
PinkiePie.</p>
<p>[121726] Medium CVE-2011-3080: Race condition in sandbox IPC.
Credit to Willem Pinckaers of Matasano.</p>
<p>[121899] High CVE-2011-3081: Use after free in floats handling.
Credit to miaubiz.</p>
<p>[117110] High CVE-2012-1521: Use after free in xml parser. Credit
to Google Chrome Security Team (SkyLined) and independent later
discovery by wushi of team509 reported through iDefense VCP
(V-874rcfpq7z).</p>
</blockquote>
references:
cvename: CVE-2011-3078
cvename: CVE-2011-3079
cvename: CVE-2011-3080
cvename: CVE-2011-3081
cvename: CVE-2012-1521
url: http://googlechromereleases.blogspot.com/search/label/Stable%20updates
dates:
discovery: 2012-04-30
entry: 2012-05-01
-----------------------------
sql is insert into vuxml_affected(id, vuxml_id, type) values (
3252502,
2145203,
'package')
lt: 18.0.1025.168 cvename: CVE-2011-3078
sql is insert into vuxml_references(id, vuxml_id, type, reference) values (
7817629,
2145203,
'cvename',
'CVE-2011-3078')
cvename: CVE-2011-3079
sql is insert into vuxml_references(id, vuxml_id, type, reference) values (
7817630,
2145203,
'cvename',
'CVE-2011-3079')
cvename: CVE-2011-3080
sql is insert into vuxml_references(id, vuxml_id, type, reference) values (
7817631,
2145203,
'cvename',
'CVE-2011-3080')
cvename: CVE-2011-3081
sql is insert into vuxml_references(id, vuxml_id, type, reference) values (
7817632,
2145203,
'cvename',
'CVE-2011-3081')
cvename: CVE-2012-1521
sql is insert into vuxml_references(id, vuxml_id, type, reference) values (
7817633,
2145203,
'cvename',
'CVE-2012-1521')
url: http://googlechromereleases.blogspot.com/search/label/Stable%20updates
sql is insert into vuxml_references(id, vuxml_id, type, reference) values (
7817634,
2145203,
'url',
'http://googlechromereleases.blogspot.com/search/label/Stable%20updates')
vid: 2cde1892-913e-11e1-b44c-001fd0af1a4c
topic: php -- multiple vulnerabilities
packages:
php53:
lt: 5.3.11 php5:
lt: 5.3.11 description:
<p>php development team reports:</p>
<blockquote cite="http://www.php.net/archive/2012.php#id2012-04-26-1">
<p>Security Enhancements for both PHP 5.3.11 and PHP 5.4.1:</p>
<ul>
<li>Insufficient validating of upload name leading to corrupted $_FILES indices. (CVE-2012-1172) </li>
<li>Add open_basedir checks to readline_write_history and readline_read_history.</li>
</ul>
<p>Security Enhancements for both PHP 5.3.11 only:</p>
<ul>
<li>Regression in magic_quotes_gpc fix for CVE-2012-0831.</li>
</ul>
</blockquote>
references:
cvename: CVE-2012-0831
cvename: CVE-2012-1172
url: http://www.php.net/archive/2012.php#id2012-04-26-1
dates:
discovery: 2012-03-01
entry: 2012-04-28
modified: 2012-05-04
-----------------------------
sql is insert into vuxml_affected(id, vuxml_id, type) values (
3252503,
2145204,
'package')
lt: 5.3.11 sql is insert into vuxml_affected(id, vuxml_id, type) values (
3252504,
2145204,
'package')
lt: 5.3.11 cvename: CVE-2012-0831
sql is insert into vuxml_references(id, vuxml_id, type, reference) values (
7817635,
2145204,
'cvename',
'CVE-2012-0831')
cvename: CVE-2012-1172
sql is insert into vuxml_references(id, vuxml_id, type, reference) values (
7817636,
2145204,
'cvename',
'CVE-2012-1172')
url: http://www.php.net/archive/2012.php#id2012-04-26-1
sql is insert into vuxml_references(id, vuxml_id, type, reference) values (
7817637,
2145204,
'url',
'http://www.php.net/archive/2012.php#id2012-04-26-1')
vid: 0fa15e08-92ec-11e1-a94a-00215c6a37bb
topic: samba -- incorrect permission checks vulnerability
packages:
samba34:
gt: 3.4.* lt: 3.4.17
samba35:
gt: 3.5.* lt: 3.5.15
samba36:
gt: 3.6.* lt: 3.6.5
description:
<p>The Samba project reports:</p>
<blockquote cite="http://www.samba.org/samba/security/CVE-2012-2111">
<p>Samba versions 3.4.x to 3.6.4 inclusive are affected
by a vulnerability that allows arbitrary users to modify
privileges on a file server.</p>
<p>Security checks were incorrectly applied to the Local
Security Authority (LSA) remote proceedure calls (RPC)
CreateAccount, OpenAccount, AddAccountRights and
RemoveAccountRights allowing any authenticated user
to modify the privileges database.</p>
<p>This is a serious error, as it means that authenticated
users can connect to the LSA and grant themselves the
"take ownership" privilege. This privilege is used by the
smbd file server to grant the ability to change ownership
of a file or directory which means users could take ownership
of files or directories they do not own.</p>
</blockquote>
references:
cvename: CVE-2012-2111
dates:
discovery: 2012-04-30
entry: 2012-04-30
-----------------------------
sql is insert into vuxml_affected(id, vuxml_id, type) values (
3252505,
2145205,
'package')
gt: 3.4.* lt: 3.4.17
sql is insert into vuxml_affected(id, vuxml_id, type) values (
3252506,
2145205,
'package')
gt: 3.5.* lt: 3.5.15
sql is insert into vuxml_affected(id, vuxml_id, type) values (
3252507,
2145205,
'package')
gt: 3.6.* lt: 3.6.5
cvename: CVE-2012-2111
sql is insert into vuxml_references(id, vuxml_id, type, reference) values (
7817638,
2145205,
'cvename',
'CVE-2012-2111')
references_push(): Missing reference value at /usr/local/lib/perl5/site_perl/5.8.9/mach/XML/Parser/Expat.pm line 469
[dan@supernews:/usr/websites/freshports.org/scripts] $
The problem is caused by the vid entry after the above.
b428e6b3-926c-11e1-8d7b-003067b2972c contains this around line 276 of vuln.xml:
<references>
<freebsdsa/>
</references>
If I delete that freebsdsa line, all goes well.
This is valid XML. However, the code expects something in there.
The template in the code for this section is:
>vuxml>vuln>references
>vuxml>vuln>references>url *
>vuxml>vuln>references>mlist *
>vuxml>vuln>references>cvename *
>vuxml>vuln>references>bid *
>vuxml>vuln>references>certsa *
>vuxml>vuln>references>certvu *
>vuxml>vuln>references>uscertsa *
>vuxml>vuln>references>uscertta *
>vuxml>vuln>references>freebsdsa *
>vuxml>vuln>references>freebsdpr *
vuln.xml has been updated to give this tag some content. Ideally, my code should work without. At another time of year, I could look into this deeper, but… BSDCan.
But…
This appears to be the fix:
1331c1331
< $VuXML->references_push( FREEBSDSA, $VuXML->{text_buffer} );
---
> $VuXML->references_push( FREEBSDSA, $VuXML->{text_buffer} // '' );
FYI, this code was last changed 7 years, 3 months ago. My thanks to Mr Matthew Seaman for his fine work on the vuxml processing.
