MidnightBSD

Advisories for cipherdyne

CVE-2012-4435 MEDIUM

fwknop before 2.0.3 does not properly validate IP addresses, which allows remote authenticated users to cause a denial of service (server crash) via a long IP address.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
cipherdyne fwknop 2.0.1
cipherdyne fwknop *
cipherdyne fwknop 2.0
CVE-2012-4436 MEDIUM

Buffer overflow in the run_last_args function in client/fwknop.c in fwknop before 2.0.3, when processing --last, might allow local users to cause a denial of service (client crash) and possibly execute arbitrary code via many .fwknop.run arguments.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
cipherdyne fwknop 2.0.1
cipherdyne fwknop *
cipherdyne fwknop 2.0
CVE-2014-0039 MEDIUM

Untrusted search path vulnerability in fwsnort before 1.6.4, when not running as root, allows local users to execute arbitrary code via a Trojan horse fwsnort.conf in the current working directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cipherdyne fwsnort 0.5
cipherdyne fwsnort 0.9.0
cipherdyne fwsnort 0.8.1
cipherdyne fwsnort 1.0.2
cipherdyne fwsnort 0.6.2
cipherdyne fwsnort 1.6.2
cipherdyne fwsnort 1.0
cipherdyne fwsnort 0.6.4
cipherdyne fwsnort 1.0.1
cipherdyne fwsnort 0.8.0
cipherdyne fwsnort 1.6
cipherdyne fwsnort 1.5
cipherdyne fwsnort 0.7.0
cipherdyne fwsnort 1.0.5
cipherdyne fwsnort *
cipherdyne fwsnort 1.0.6
cipherdyne fwsnort 1.6.1
cipherdyne fwsnort 0.6.3
cipherdyne fwsnort 0.6.1
cipherdyne fwsnort 1.0.4
cipherdyne fwsnort 0.8.2
cipherdyne fwsnort 0.6
cipherdyne fwsnort 1.0.3
cipherdyne fwsnort 0.6.5
cipherdyne fwsnort 1.6.3