From owner-freebsd-ports-bugs@FreeBSD.ORG Sat May 24 03:40:17 2003 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 92AE837B401 for ; Sat, 24 May 2003 03:40:17 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 57E2D43F93 for ; Sat, 24 May 2003 03:40:13 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h4OAeDUp013727 for ; Sat, 24 May 2003 03:40:13 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h4OAeD6v013726; Sat, 24 May 2003 03:40:13 -0700 (PDT) Resent-Date: Sat, 24 May 2003 03:40:13 -0700 (PDT) Resent-Message-Id: <200305241040.h4OAeD6v013726@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Udo Schweigert Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D69F637B401 for ; Sat, 24 May 2003 03:36:38 -0700 (PDT) Received: from goliath.siemens.de (goliath.siemens.de [192.35.17.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 33E3343F3F for ; Sat, 24 May 2003 03:36:37 -0700 (PDT) (envelope-from udo.schweigert@siemens.com) Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by goliath.siemens.de (8.11.7/8.11.7) with ESMTP id h4OAaZM03868 for ; Sat, 24 May 2003 12:36:35 +0200 (MEST) Received: from mars.cert.siemens.de (ust.mchp.siemens.de [139.23.201.17]) by mail1.siemens.de (8.11.7/8.11.7) with ESMTP id h4OAaZ819977 for ; Sat, 24 May 2003 12:36:35 +0200 (MEST) Received: from alaska.cert.siemens.de (alaska.cert.siemens.de [139.23.202.134]) 1.42 2003/02/21 12:06:56 ust Exp $) with ESMTP id h4OAaZci052538 for ; Sat, 24 May 2003 12:36:35 +0200 (CEST) Received: from alaska.cert.siemens.de (alaska.cert.siemens.de [127.0.0.1]) hosts/alaska/mail/config.mc,v 1.15 2002/12/31 15:32:17 ust Exp $) with ESMTP id h4OAaYD5008276 for ; Sat, 24 May 2003 12:36:34 +0200 (CEST) (envelope-from ust@alaska.cert.siemens.de) Received: (from ust@localhost) hosts/alaska/mail/submit.mc,v 1.4 2002/12/31 15:32:17 ust Exp $) id h4OAaYC6007274; Sat, 24 May 2003 12:36:34 +0200 (CEST) (envelope-from ust) Message-Id: <200305241036.h4OAaYC6007274@alaska.cert.siemens.de> Date: Sat, 24 May 2003 12:36:34 +0200 (CEST) From: Udo Schweigert To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: ports/52635: maintainer-update of security/nessus-* X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Udo Schweigert List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 May 2003 10:40:17 -0000 >Number: 52635 >Category: ports >Synopsis: maintainer-update of security/nessus-* >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sat May 24 03:40:12 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Udo Schweigert >Release: FreeBSD 4.8-STABLE i386 >Organization: >Environment: System: FreeBSD alaska.cert.siemens.de 4.8-STABLE FreeBSD 4.8-STABLE #56: Thu May 1 16:39:39 CEST 2003 ust@alaska.cert.siemens.de:/usr/obj/work/src/RELENG_4/sys/alaska i386 >Description: Maintainer-update of the security/nessus-* ports: - Upgrade to nessus version 2.0.6a This - among others - fixes various issues which could allow a NASL script to crash the NASL interpretor and execute arbitrary code. >How-To-Repeat: >Fix: diff -ru /usr/ports/security/nessus/Makefile nessus/Makefile --- /usr/ports/security/nessus/Makefile Wed May 14 06:32:47 2003 +++ nessus/Makefile Sat May 24 12:12:38 2003 @@ -6,8 +6,7 @@ # PORTNAME= nessus -PORTVERSION= 2.0.5 -PORTREVISION= 1 +PORTVERSION= 2.0.6a CATEGORIES= security MASTER_SITES= ftp://ftp.nessus.org/pub/nessus/nessus-${PORTVERSION}/src/ \ ftp://ftp.gwdg.de/pub/linux/misc/nessus/nessus-${PORTVERSION}/src/ \ diff -ru /usr/ports/security/nessus/distinfo nessus/distinfo --- /usr/ports/security/nessus/distinfo Wed May 14 06:32:47 2003 +++ nessus/distinfo Sat May 24 12:12:48 2003 @@ -1 +1 @@ -MD5 (nessus/nessus-core-2.0.5.tar.gz) = 0f42f4cace67f2a97ed28cf56d25f1b3 +MD5 (nessus/nessus-core-2.0.6a.tar.gz) = 2dd997d65d1785526fe9d87393ce0417 diff -ru /usr/ports/security/nessus-libnasl/Makefile nessus-libnasl/Makefile --- /usr/ports/security/nessus-libnasl/Makefile Wed May 14 06:32:47 2003 +++ nessus-libnasl/Makefile Sat May 24 12:10:15 2003 @@ -6,8 +6,7 @@ # PORTNAME= nessus-libnasl -PORTVERSION= 2.0.5 -PORTREVISION= 1 +PORTVERSION= 2.0.6a CATEGORIES= security MASTER_SITES= ftp://ftp.nessus.org/pub/nessus/nessus-${PORTVERSION}/src/ \ ftp://ftp.gwdg.de/pub/linux/misc/nessus/nessus-${PORTVERSION}/src/ \ diff -ru /usr/ports/security/nessus-libnasl/distinfo nessus-libnasl/distinfo --- /usr/ports/security/nessus-libnasl/distinfo Wed May 14 06:32:47 2003 +++ nessus-libnasl/distinfo Sat May 24 12:10:24 2003 @@ -1 +1 @@ -MD5 (nessus/libnasl-2.0.5.tar.gz) = 5e85a4f7de5a111eb283bc1ce627a573 +MD5 (nessus/libnasl-2.0.6a.tar.gz) = 879551f7e1943eba7133f64b576c1f67 diff -ru /usr/ports/security/nessus-libraries/Makefile nessus-libraries/Makefile --- /usr/ports/security/nessus-libraries/Makefile Wed May 14 06:32:48 2003 +++ nessus-libraries/Makefile Sat May 24 12:07:20 2003 @@ -9,8 +9,7 @@ # client. PORTNAME= nessus-libraries -PORTVERSION= 2.0.5 -PORTREVISION= 1 +PORTVERSION= 2.0.6a CATEGORIES= security MASTER_SITES= ftp://ftp.nessus.org/pub/nessus/nessus-${PORTVERSION}/src/ \ ftp://ftp.gwdg.de/pub/linux/misc/nessus/nessus-${PORTVERSION}/src/ \ diff -ru /usr/ports/security/nessus-libraries/distinfo nessus-libraries/distinfo --- /usr/ports/security/nessus-libraries/distinfo Wed May 14 06:32:48 2003 +++ nessus-libraries/distinfo Sat May 24 12:07:48 2003 @@ -1 +1 @@ -MD5 (nessus/nessus-libraries-2.0.5.tar.gz) = 0f5f6cdbab465c5dda9abd5da13900c9 +MD5 (nessus/nessus-libraries-2.0.6a.tar.gz) = 8d2ad10fe0dd55fc21a4f42350ab0599 diff -ru /usr/ports/security/nessus-plugins/Makefile nessus-plugins/Makefile --- /usr/ports/security/nessus-plugins/Makefile Wed May 14 06:32:48 2003 +++ nessus-plugins/Makefile Sat May 24 12:14:45 2003 @@ -6,8 +6,7 @@ # PORTNAME= nessus-plugins -PORTVERSION= 2.0.5 -PORTREVISION= 1 +PORTVERSION= 2.0.6a CATEGORIES= security MASTER_SITES= ftp://ftp.nessus.org/pub/nessus/nessus-${PORTVERSION}/src/ \ ftp://ftp.gwdg.de/pub/linux/misc/nessus/nessus-${PORTVERSION}/src/ \ diff -ru /usr/ports/security/nessus-plugins/distinfo nessus-plugins/distinfo --- /usr/ports/security/nessus-plugins/distinfo Wed May 14 06:32:48 2003 +++ nessus-plugins/distinfo Sat May 24 12:14:59 2003 @@ -1 +1 @@ -MD5 (nessus/nessus-plugins-2.0.5.tar.gz) = ae56ce50cfabd577a9e417753c6b0de0 +MD5 (nessus/nessus-plugins-2.0.6a.tar.gz) = 4f03c34f37c3505ea3a834f15a27afb6 diff -ru /usr/ports/security/nessus-plugins/pkg-plist nessus-plugins/pkg-plist --- /usr/ports/security/nessus-plugins/pkg-plist Wed May 14 06:32:48 2003 +++ nessus-plugins/pkg-plist Sat May 24 12:18:44 2003 @@ -37,6 +37,7 @@ lib/nessus/plugins/CSCdw50657.nasl lib/nessus/plugins/CSCdw67458.nasl lib/nessus/plugins/CSCdx07754.nasl +lib/nessus/plugins/CSCdx17916.nasl lib/nessus/plugins/CSCdx39981.nasl lib/nessus/plugins/CSCdx54675.nasl lib/nessus/plugins/CSCdx92043.nasl @@ -155,6 +156,7 @@ lib/nessus/plugins/advanced_poll_phpinfo.nasl lib/nessus/plugins/afs_version.nasl lib/nessus/plugins/agora.nasl +lib/nessus/plugins/airport_plaintext_credentials.nasl lib/nessus/plugins/aix_ftpd.nasl lib/nessus/plugins/album_pl_cmd_exec.nasl lib/nessus/plugins/alcatel_adsl.nasl @@ -232,6 +234,7 @@ lib/nessus/plugins/badblue_get_DoS.nasl lib/nessus/plugins/badblue_null_byte.nasl lib/nessus/plugins/badblue_remote_administrative_access.nasl +lib/nessus/plugins/badblue_remote_administrative_access2.nasl lib/nessus/plugins/bakfiles.nasl lib/nessus/plugins/basilix_inc_files.nasl lib/nessus/plugins/basilix_webmail.nasl @@ -261,6 +264,7 @@ lib/nessus/plugins/binlogin_overflow_telnet.nasl lib/nessus/plugins/bitkeeper_remote_shell.nasl lib/nessus/plugins/bizdb1_search.nasl +lib/nessus/plugins/biztalk_flaws.nasl lib/nessus/plugins/blackice_dos.nasl lib/nessus/plugins/bonk.nasl lib/nessus/plugins/bonsai_flaws.nasl @@ -287,6 +291,7 @@ lib/nessus/plugins/cc_guestbook.nasl lib/nessus/plugins/cdk.nasl lib/nessus/plugins/cern_httpd_path.nasl +lib/nessus/plugins/cesarftp_passwd.nasl lib/nessus/plugins/cf_debug.nasl lib/nessus/plugins/cfinger_format_bug.nasl lib/nessus/plugins/cfinger_search.nasl @@ -359,6 +364,7 @@ lib/nessus/plugins/db4web_dir_trav.nasl lib/nessus/plugins/db4web_tcp_relay.nasl lib/nessus/plugins/dbman_cgi.nasl +lib/nessus/plugins/dbtools_dbmanager_pwd.nasl lib/nessus/plugins/dcetest.nasl lib/nessus/plugins/dcforum.nasl lib/nessus/plugins/dcp_portal_injection.nasl @@ -388,8 +394,10 @@ lib/nessus/plugins/domino_http_dos.nasl lib/nessus/plugins/domino_traversal.nasl lib/nessus/plugins/domino_xss.nasl +lib/nessus/plugins/dragandzip_overflow.nasl lib/nessus/plugins/dragon_ftp.nasl lib/nessus/plugins/dragon_telnet.nasl +lib/nessus/plugins/drweb_overflow.nasl lib/nessus/plugins/dtspcd.nasl lib/nessus/plugins/dump.inc lib/nessus/plugins/dumpenv.nasl @@ -407,6 +415,7 @@ lib/nessus/plugins/emule_dos.nasl lib/nessus/plugins/epolicy_orchestrator_format_string.nasl lib/nessus/plugins/eserv.nasl +lib/nessus/plugins/eserv_mem_leak.nasl lib/nessus/plugins/eshop_information_disclosure.nasl lib/nessus/plugins/etheni_code_injection.nasl lib/nessus/plugins/etherleak.nasl @@ -416,6 +425,7 @@ lib/nessus/plugins/exchange_dos.nasl lib/nessus/plugins/exchange_public_folders_information_leak.nasl lib/nessus/plugins/ezpublish_config_disclosure.nasl +lib/nessus/plugins/ezpublish_dir_xss.nasl lib/nessus/plugins/ezpublish_xss.nasl lib/nessus/plugins/ezshopper.nasl lib/nessus/plugins/fake_identd.nasl @@ -510,7 +520,10 @@ lib/nessus/plugins/handler.nasl lib/nessus/plugins/happymall_cmd_exec.nasl lib/nessus/plugins/healthd_detect.nasl +lib/nessus/plugins/helix_overflow.nasl lib/nessus/plugins/homefree.nasl +lib/nessus/plugins/horde_test_disclosure.nasl +lib/nessus/plugins/horde_turba_path_disclosure.nasl lib/nessus/plugins/hotsync.nasl lib/nessus/plugins/hp_instant_toptools_dos.nasl lib/nessus/plugins/hp_jetdirect_vulns.nasl @@ -636,6 +649,7 @@ lib/nessus/plugins/iws_shtml.nasl lib/nessus/plugins/jigsaw_msdos_dev_DoS.nasl lib/nessus/plugins/jj.nasl +lib/nessus/plugins/jmf_privs_escalation.nasl lib/nessus/plugins/jrun.nasl lib/nessus/plugins/jrun_dir_listing.nasl lib/nessus/plugins/jrun_getdir.nasl @@ -681,6 +695,7 @@ lib/nessus/plugins/lotus_esmtp_overflow.nasl lib/nessus/plugins/lotus_notes_openserver_disclosure.nasl lib/nessus/plugins/lotus_path_disclosure.nasl +lib/nessus/plugins/lovgate_virus_installed.nasl lib/nessus/plugins/lpd_aix_overflow.nasl lib/nessus/plugins/lpd_bsd_overflow.nasl lib/nessus/plugins/lpd_dvips.nasl @@ -689,6 +704,7 @@ lib/nessus/plugins/macos_x_directory_svc_dos.nasl lib/nessus/plugins/mailman_webmail.nasl lib/nessus/plugins/mailmax_imap_overflows.nasl +lib/nessus/plugins/mailmax_imap_overflows2.nasl lib/nessus/plugins/mailmaxweb_path_disclosure.nasl lib/nessus/plugins/mailnews.nasl lib/nessus/plugins/mambo.nasl @@ -710,6 +726,7 @@ lib/nessus/plugins/mercure_webview.nasl lib/nessus/plugins/metainfo_mail.nasl lib/nessus/plugins/mibiisa_overflow.nasl +lib/nessus/plugins/miniportail_admin_access.nasl lib/nessus/plugins/minivend_view_page.nasl lib/nessus/plugins/misc_format_string.nasl lib/nessus/plugins/misc_func.inc @@ -725,6 +742,7 @@ lib/nessus/plugins/mod_python_handle.nasl lib/nessus/plugins/mod_ssl_offby1.nasl lib/nessus/plugins/mod_ssl_overflow.nasl +lib/nessus/plugins/mod_ssl_wildcard_dns_xss.nasl lib/nessus/plugins/mod_survey_sql_injection.nasl lib/nessus/plugins/monkeyweb_too_big_post.nasl lib/nessus/plugins/mountd_overflow.nasl @@ -774,6 +792,7 @@ lib/nessus/plugins/ncl_items.nasl lib/nessus/plugins/ncl_items_2.nasl lib/nessus/plugins/nds_web_based_browsing.nasl +lib/nessus/plugins/neoteris_ive_xss.nasl lib/nessus/plugins/nessus_detect.nasl lib/nessus/plugins/nestea.nasl lib/nessus/plugins/netauth.nasl @@ -846,6 +865,7 @@ lib/nessus/plugins/ocean12_guestbook_xss.nasl lib/nessus/plugins/office_files.nasl lib/nessus/plugins/officescan_disclosure.nasl +lib/nessus/plugins/oneorzero_flaws.nasl lib/nessus/plugins/oops_overflow.nasl lib/nessus/plugins/openbb_sql_injection.nasl lib/nessus/plugins/openlink_overflow.nasl @@ -894,6 +914,7 @@ lib/nessus/plugins/osX_apache_finder_content.nasl lib/nessus/plugins/oshare.nasl lib/nessus/plugins/owa-anonymous.nasl +lib/nessus/plugins/owl_browse.nasl lib/nessus/plugins/ows_bin_cgi.nasl lib/nessus/plugins/ows_overflow.nasl lib/nessus/plugins/p-smash.nasl @@ -936,6 +957,7 @@ lib/nessus/plugins/php_nuke_opendir.nasl lib/nessus/plugins/php_nuke_sql_debug.nasl lib/nessus/plugins/php_overflow.nasl +lib/nessus/plugins/php_proxima_file_reading.nasl lib/nessus/plugins/php_safe_mode.nasl lib/nessus/plugins/php_socket_iovec_alloc_overflow.nasl lib/nessus/plugins/php_split_mime.nasl @@ -964,6 +986,7 @@ lib/nessus/plugins/poptop_negative_read.nasl lib/nessus/plugins/port_shell_execution.nasl lib/nessus/plugins/portal_of_doom.nasl +lib/nessus/plugins/poster_version_two.nasl lib/nessus/plugins/postgresql_multiple_flaws.nasl lib/nessus/plugins/postgresql_unpassworded.nasl lib/nessus/plugins/postnuke_info_disclosure.nasl @@ -980,6 +1003,7 @@ lib/nessus/plugins/proftpd_pre10.nasl lib/nessus/plugins/proftpd_pre6_exploit.nasl lib/nessus/plugins/proxy_connect.nasl +lib/nessus/plugins/proxy_cross_site_scripting.nasl lib/nessus/plugins/proxy_gopher.nasl lib/nessus/plugins/proxy_port.nasl lib/nessus/plugins/proxy_post.nasl @@ -1144,6 +1168,7 @@ lib/nessus/plugins/shlwapi_dll_dos.nasl lib/nessus/plugins/shopping_cart_information_disclosure.nasl lib/nessus/plugins/shopplus_information_disclosure.nasl +lib/nessus/plugins/shoutcast_log_xss.nasl lib/nessus/plugins/shoutcast_version.nasl lib/nessus/plugins/showmount.nasl lib/nessus/plugins/silverstream_database.nasl @@ -1315,6 +1340,7 @@ lib/nessus/plugins/smtpscan.nasl lib/nessus/plugins/smtpserver_detect.nasl lib/nessus/plugins/snapstream_dir_trav.nasl +lib/nessus/plugins/snitz_cmd_exec.nasl lib/nessus/plugins/snitz_forums_2000_xss.nasl lib/nessus/plugins/snmpXdmid.nasl lib/nessus/plugins/snmp_cisco_type.nasl @@ -1387,6 +1413,7 @@ lib/nessus/plugins/tanned_format_string.nasl lib/nessus/plugins/tcp_chorusing.nasl lib/nessus/plugins/tcp_seq.nasl +lib/nessus/plugins/tcpip_ambiguities.nasl lib/nessus/plugins/teardrop.nasl lib/nessus/plugins/technote.nasl lib/nessus/plugins/telnet.nasl @@ -1425,6 +1452,8 @@ lib/nessus/plugins/trojan_horses.nasl lib/nessus/plugins/truegalerie_admin_bypass.nasl lib/nessus/plugins/ttawebtop.nasl +lib/nessus/plugins/ttcms_code_injection.nasl +lib/nessus/plugins/ttforum_code_injection.nasl lib/nessus/plugins/ttyprompt.nasl lib/nessus/plugins/typo3_dev_read.nasl lib/nessus/plugins/typsoft_ftp_DoS.nasl @@ -1478,9 +1507,12 @@ lib/nessus/plugins/webdav_iis.nasl lib/nessus/plugins/webdist.nasl lib/nessus/plugins/webdriver.nasl +lib/nessus/plugins/weberp_config_file_disclosure.nasl lib/nessus/plugins/webfind.nasl lib/nessus/plugins/webgais.nasl lib/nessus/plugins/weblogic_adm_servlet.nasl +lib/nessus/plugins/weblogic_casigned_cert_spoofing.nasl +lib/nessus/plugins/weblogic_cleartext_password.nasl lib/nessus/plugins/weblogic_dotdotdos.nasl lib/nessus/plugins/weblogic_hostname_disclosure.nasl lib/nessus/plugins/weblogic_percent.nasl @@ -1535,6 +1567,7 @@ lib/nessus/plugins/ws4d_overflow.nasl lib/nessus/plugins/ws4e_too_long_url.nasl lib/nessus/plugins/wsftp_overflows.nasl +lib/nessus/plugins/wsmp3d_cmd_exec.nasl lib/nessus/plugins/wu_ftpd_glob.nasl lib/nessus/plugins/wu_ftpd_overflow.nasl lib/nessus/plugins/wu_ftpd_pasv_format_string.nasl >Release-Note: >Audit-Trail: >Unformatted: