git: 176a45b87015 - main - security/vuxml: fix long description warning
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 29 Sep 2023 09:32:37 UTC
The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=176a45b870156d3edec9da0d169873e41f3b9bbe commit 176a45b870156d3edec9da0d169873e41f3b9bbe Author: Fernando Apesteguía <fernape@FreeBSD.org> AuthorDate: 2023-09-27 13:05:32 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2023-09-29 09:32:20 +0000 security/vuxml: fix long description warning Eliminate an annoying warning from "make validate" Modify entry 441e1e1a-27a5-11ee-a156-080027f5fec9 description and get rid of empty lines and some expendable words. vuxml.freebsd.org prints all the lines joined together. --- security/vuxml/vuln/2023.xml | 94 ++++++++++++++++++-------------------------- 1 file changed, 38 insertions(+), 56 deletions(-) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 536e1862a1f1..eb4e3a42e565 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -2876,22 +2876,21 @@ <p>The Samba Team reports:</p> <blockquote cite="https://www.samba.org/samba/latest_news.html#4.18.5"> <dl> - <dt>CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability</dt> + <dt>CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type Confusion DoS Vulnerability</dt> <dd> When parsing Spotlight mdssvc RPC packets, one encoded - data structure is a key-value style dictionary where the - keys are character strings and the values can be any of + data structure is a key-value style dictionary where + keys are character strings and values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the function dalloc_value_for_key(), which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed in - pointer is not a valid talloc pointer. - - As RPC worker processes are shared among multiple client - connections, a malicious client can crash the worker - process affecting all other clients that are also served - by this worker. + pointer is not a valid talloc pointer. As RPC worker + processes are shared among multiple client connections, + a malicious client can crash the worker process + affecting all other clients that are also served by this + worker. </dd> <dt>CVE-2022-2127: Out-Of-Bounds read in winbind AUTH_CRAP</dt> <dd> @@ -2900,22 +2899,17 @@ replies have variable length. Winbind did not properly bounds-check the lan manager response length, which despite the lan manager version no longer being used is - still part of the protocol. - - If the system is running Samba's ntlm_auth as - authentication backend for services like Squid (or a - very unusual configuration with FreeRADIUS), the - vulnarebility is remotely exploitable - + still part of the protocol. If the system is running + Samba's ntlm_auth as authentication backend for services + like Squid (or a very unusual configuration with + FreeRADIUS), the vulnarebility is remotely exploitable. If not so configured, or to exploit this vulnerability locally, the user must have access to the privileged winbindd UNIX domain socket (a subdirectory with name 'winbindd_privileged' under "state directory", as set in - the smb.conf). - - This access is normally only given so special system - services like Squid or FreeRADIUS, that use this - feature. + the smb.conf). This access is normally only given so + special system services like Squid or FreeRADIUS, use + this feature. </dd> <dt>CVE-2023-34968: Spotlight server-side Share Path Disclosure</dt> <dd> @@ -2924,18 +2918,14 @@ the RPC request. Samba returns the real server-side share path at this point, as well as returning the absolute server-side path of results in search queries - by clients. - - Known server side paths could be used to mount - subsequent more serious security attacks or could + by clients. Known server side paths could be used to + mount subsequent more serious security attacks or could disclose confidential information that is part of the - path. - - To mitigate the issue, Samba will replace the real - server-side path with a fake path constructed from the - sharename. + path. To mitigate the issue, Samba will replace the + real server-side path with a fake path constructed from + the sharename. </dd> - <dt>CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability</dt> + <dt>CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite Loop DoS Vulnerability</dt> <dd> When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() @@ -2943,7 +2933,6 @@ contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. - This bug only affects servers where Spotlight is explicitly enabled globally or on individual shares with "spotlight = yes". @@ -2953,30 +2942,23 @@ SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet - signing is mandatory. - - SMB2 packet signing is a mechanism that ensures the - integrity and authenticity of data exchanged between a - client and a server using the SMB2 protocol. - - It provides protection against certain types of attacks, - such as man-in-the-middle attacks, where an attacker - intercepts network traffic and modifies the SMB2 - messages. - - Both client and server of an SMB2 connection can require - that signing is being used. The server-side setting in - Samba to configure signing to be required is "server - signing = required". Note that on an Samba AD DCs this - is also the default for all SMB2 connections. - - Unless the client requires signing which would result in - signing being used on the SMB2 connection, sensitive - data might have been modified by an attacker. - - Clients connecting to IPC$ on an AD DC will require - signed connections being used, so the integrity of these - connections was not affected. + signing is mandatory. SMB2 packet signing is a + mechanism that ensures the integrity and authenticity of + data exchanged between a client and a server using the + SMB2 protocol. It provides protection against certain + types of attacks, such as man-in-the-middle attacks, + where an attacker intercepts network traffic and + modifies the SMB2 messages. Both client and server of + an SMB2 connection can require that signing is being + used. The server-side setting in Samba to configure + signing to be required is "server signing = required". + Note that on an Samba AD DCs this is also the default + for all SMB2 connections. Unless the client requires + signing which would result in signing being used on the + SMB2 connection, sensitive data might have been modified + by an attacker. Clients connecting to IPC$ on an AD DC + will require signed connections being used, so the + integrity of these connections was not affected. </dd> </dl> </blockquote>