Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 29 Sep 2023 09:32:37 GMT
From:      Fernando =?utf-8?Q?Apestegu=C3=ADa?= <fernape@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: 176a45b87015 - main - security/vuxml: fix long description warning
Message-ID:  <202309290932.38T9Wbta084272@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch main has been updated by fernape:

URL: https://cgit.FreeBSD.org/ports/commit/?id=176a45b870156d3edec9da0d169873e41f3b9bbe

commit 176a45b870156d3edec9da0d169873e41f3b9bbe
Author:     Fernando ApesteguĂ­a <fernape@FreeBSD.org>
AuthorDate: 2023-09-27 13:05:32 +0000
Commit:     Fernando ApesteguĂ­a <fernape@FreeBSD.org>
CommitDate: 2023-09-29 09:32:20 +0000

    security/vuxml: fix long description warning
    
    Eliminate an annoying warning from "make validate"
    
    Modify entry 441e1e1a-27a5-11ee-a156-080027f5fec9 description and get rid of
    empty lines and some expendable words. vuxml.freebsd.org prints all the lines
    joined together.
---
 security/vuxml/vuln/2023.xml | 94 ++++++++++++++++++--------------------------
 1 file changed, 38 insertions(+), 56 deletions(-)

diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index 536e1862a1f1..eb4e3a42e565 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -2876,22 +2876,21 @@
 	<p>The Samba Team reports:</p>
 	<blockquote cite="https://www.samba.org/samba/latest_news.html#4.18.5">;
 	  <dl>
-	    <dt>CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability</dt>
+	    <dt>CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type Confusion DoS Vulnerability</dt>
 	    <dd>
 	      When parsing Spotlight mdssvc RPC packets, one encoded
-	      data structure is a key-value style dictionary where the
-	      keys are character strings and the values can be any of
+	      data structure is a key-value style dictionary where
+	      keys are character strings and values can be any of
 	      the supported types in the mdssvc protocol. Due to a
 	      lack of type checking in callers of the function
 	      dalloc_value_for_key(), which returns the object
 	      associated with a key, a caller may trigger a crash in
 	      talloc_get_size() when talloc detects that the passed in
-	      pointer is not a valid talloc pointer.
-
-	      As RPC worker processes are shared among multiple client
-	      connections, a malicious client can crash the worker
-	      process affecting all other clients that are also served
-	      by this worker.
+	      pointer is not a valid talloc pointer. As RPC worker
+	      processes are shared among multiple client connections,
+	      a malicious client can crash the worker process
+	      affecting all other clients that are also served by this
+	      worker.
 	    </dd>
 	    <dt>CVE-2022-2127: Out-Of-Bounds read in winbind AUTH_CRAP</dt>
 	    <dd>
@@ -2900,22 +2899,17 @@
 	      replies have variable length. Winbind did not properly
 	      bounds-check the lan manager response length, which
 	      despite the lan manager version no longer being used is
-	      still part of the protocol.
-
-	      If the system is running Samba's ntlm_auth as
-	      authentication backend for services like Squid (or a
-	      very unusual configuration with FreeRADIUS), the
-	      vulnarebility is remotely exploitable
-
+	      still part of the protocol. If the system is running
+	      Samba's ntlm_auth as authentication backend for services
+	      like Squid (or a very unusual configuration with
+	      FreeRADIUS), the vulnarebility is remotely exploitable.
 	      If not so configured, or to exploit this vulnerability
 	      locally, the user must have access to the privileged
 	      winbindd UNIX domain socket (a subdirectory with name
 	      'winbindd_privileged' under "state directory", as set in
-	      the smb.conf).
-
-	      This access is normally only given so special system
-	      services like Squid or FreeRADIUS, that use this
-	      feature.
+	      the smb.conf). This access is normally only given so
+	      special system services like Squid or FreeRADIUS, use
+	      this feature.
 	    </dd>
 	    <dt>CVE-2023-34968: Spotlight server-side Share Path Disclosure</dt>
 	    <dd>
@@ -2924,18 +2918,14 @@
 	      the RPC request. Samba returns the real server-side
 	      share path at this point, as well as returning the
 	      absolute server-side path of results in search queries
-	      by clients.
-
-	      Known server side paths could be used to mount
-	      subsequent more serious security attacks or could
+	      by clients. Known server side paths could be used to
+	      mount subsequent more serious security attacks or could
 	      disclose confidential information that is part of the
-	      path.
-
-	      To mitigate the issue, Samba will replace the real
-	      server-side path with a fake path constructed from the
-	      sharename.
+	      path. To mitigate the issue, Samba will replace the
+	      real server-side path with a fake path constructed from
+	      the sharename.
 	    </dd>
-	    <dt>CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability</dt>
+	    <dt>CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite Loop DoS Vulnerability</dt>
 	    <dd>
 	      When parsing Spotlight mdssvc RPC packets sent by the
 	      client, the core unmarshalling function sl_unpack_loop()
@@ -2943,7 +2933,6 @@
 	      contains the count of elements in an array-like
 	      structure. By passing 0 as the count value, the attacked
 	      function will run in an endless loop consuming 100% CPU.
-
 	      This bug only affects servers where Spotlight is
 	      explicitly enabled globally or on individual shares with
 	      "spotlight = yes".
@@ -2953,30 +2942,23 @@
 	      SMB2 packet signing is not enforced if an admin
 	      configured "server signing = required" or for SMB2
 	      connections to Domain Controllers where SMB2 packet
-	      signing is mandatory.
-
-	      SMB2 packet signing is a mechanism that ensures the
-	      integrity and authenticity of data exchanged between a
-	      client and a server using the SMB2 protocol.
-
-	      It provides protection against certain types of attacks,
-	      such as man-in-the-middle attacks, where an attacker
-	      intercepts network traffic and modifies the SMB2
-	      messages.
-
-	      Both client and server of an SMB2 connection can require
-	      that signing is being used. The server-side setting in
-	      Samba to configure signing to be required is "server
-	      signing = required". Note that on an Samba AD DCs this
-	      is also the default for all SMB2 connections.
-
-	      Unless the client requires signing which would result in
-	      signing being used on the SMB2 connection, sensitive
-	      data might have been modified by an attacker.
-
-	      Clients connecting to IPC$ on an AD DC will require
-	      signed connections being used, so the integrity of these
-	      connections was not affected.
+	      signing is mandatory. SMB2 packet signing is a
+	      mechanism that ensures the integrity and authenticity of
+	      data exchanged between a client and a server using the
+	      SMB2 protocol. It provides protection against certain
+	      types of attacks, such as man-in-the-middle attacks,
+	      where an attacker intercepts network traffic and
+	      modifies the SMB2 messages. Both client and server of
+	      an SMB2 connection can require that signing is being
+	      used. The server-side setting in Samba to configure
+	      signing to be required is "server signing = required".
+	      Note that on an Samba AD DCs this is also the default
+	      for all SMB2 connections. Unless the client requires
+	      signing which would result in signing being used on the
+	      SMB2 connection, sensitive data might have been modified
+	      by an attacker. Clients connecting to IPC$ on an AD DC
+	      will require signed connections being used, so the
+	      integrity of these connections was not affected.
 	    </dd>
 	  </dl>
 	</blockquote>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202309290932.38T9Wbta084272>