portaudit

[exile]

Just finished installing this port, ran it and wham shows up on itself.
Thought it was quite funny and I'd share.

===>   Registering installation for portaudit-0.5.17
===>  Cleaning for portaudit-0.5.17
root@Freedom[/usr/ports/ports-mgmt/portaudit]
[14]: /usr/local/sbin/portaudit -Fda
auditfile.tbz                                 100% of   77 kB  104 kBps
New database installed.
Database created: Sun Jun  3 14:00:04 PDT 2012
Affected package: libxml2-2.7.8_1
Type of problem: libxml2 -- An off-by-one out-of-bounds write by XPointer.
Reference: [url]http://portaudit.FreeBSD.org/b8ae4659-a0da-11e1-a294-bcaec565249c.html[/url]

Affected package: portaudit-0.5.17
Type of problem: portaudit -- auditfile remote code execution.
Reference: [url]http://portaudit.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html[/url]

 

[DutchDaemon]

The funny thing is that you haven't updated your ports tree and are installing an old, vulnerable version as a consequence. The current version of portaudit is portaudit-0.6.0 and libxml is at libxml2-2.7.8_3.

 

[exile]

Not outdated enough to know it was vulnerable.

 

[funky]

not outdated enough to know it was vulnerable

portaudit simply parses the auditfile.tbz and extracts the entries important for your system by looking at currently installed package versions. So the version of portaudit does not matter for this task, though it matters for its own vulnerabilities .

 

[Deleted member 30996]

Not outdated enough to know it was vulnerable.

Revision 1.30: download - view: text, markup, annotated - select for diffs
Sun Mar 11 21:32:57 2012 UTC (2 months, 3 weeks ago) by simon
Branches: MAIN
CVS tags: RELEASE_8_3_0, HEAD
Diff to: previous 1.29: preferred, colored
Changes since revision 1.29: +2 -1 lines

Portaudit 0.6.0:

Fix remote code execution which can occur with a specially crafted
audit file. The attacker would need to get the portaudit(1) to
download the bad audit database, e.g. by performing a man in the
middle attack.

Get out much?