Skip to content

Commit 815478b

Browse files
laffer1claude
andcommitted
Add historical advisories for 2007-2019
Backfill 108 advisories (MNBSD-2007-* through MNBSD-2019-*) from the website release-note blockquotes, mapped to FreeBSD security advisories / errata notices and CVEs and pinned to MidnightBSD release versions via git tags. Completes the historical advisory backfill down to the project's first releases in 2007. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
1 parent ee3f6bf commit 815478b

108 files changed

Lines changed: 2485 additions & 0 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
id: MNBSD-2007-0
2+
summary: Symlink attack in the jail rc.d startup system
3+
details: |
4+
A symlink exploit was found in the MidnightBSD jail system: the jail rc.d script did not verify pathnames when writing files, allowing a symlink attack that could overwrite host files or escape the jail. A fix was made available and users were advised to update /etc/rc.d/jail from cvs; formal patches were deferred until the first release. This corresponds to FreeBSD-SA-07:01.jail.
5+
affected:
6+
- package:
7+
name: jail
8+
ecosystem: MidnightBSD
9+
ranges:
10+
- type: ECOSYSTEM
11+
events:
12+
- introduced: "0"
13+
- fixed: "0.1.0"
14+
references:
15+
- type: WEB
16+
url: https://www.freebsd.org/security/advisories/FreeBSD-SA-07:01.jail.asc
17+
- type: WEB
18+
url: https://www.cve.org/CVERecord?id=CVE-2007-0166
19+
aliases:
20+
- CVE-2007-0166
21+
modified: "2007-01-23T12:00:00Z"
22+
published: "2007-01-23T12:00:00Z"
Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
id: MNBSD-2007-1
2+
summary: IPv6 Type 0 routing headers allow traffic amplification
3+
details: |
4+
IPv6 Type 0 routing headers (RH0) could cause packets to traverse the same link multiple times, enabling network amplification and denial-of-service attacks. The patch (which ignores RH0 by default) was applied to CURRENT and STABLE. This corresponds to FreeBSD-SA-07:03.ipv6.
5+
affected:
6+
- package:
7+
name: kernel
8+
ecosystem: MidnightBSD
9+
ranges:
10+
- type: ECOSYSTEM
11+
events:
12+
- introduced: "0"
13+
- fixed: "0.2"
14+
references:
15+
- type: WEB
16+
url: https://www.freebsd.org/security/advisories/FreeBSD-SA-07:03.ipv6.asc
17+
- type: WEB
18+
url: https://www.cve.org/CVERecord?id=CVE-2007-2242
19+
aliases:
20+
- CVE-2007-2242
21+
modified: "2007-05-02T12:00:00Z"
22+
published: "2007-05-02T12:00:00Z"
Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
id: MNBSD-2007-2
2+
summary: BIND predictable DNS query IDs enabling cache poisoning, fixed in 9.3.4p1
3+
details: |
4+
BIND was patched (equivalent to 9.3.4p1) to fix a weakness in the generation of DNS query IDs that made them predictable, enabling DNS cache poisoning/spoofing. The fix was applied to the 0.2 and 0.1 branches. This corresponds to FreeBSD-SA-07:07.bind (CVE-2007-2926); the related BIND ACL default issue CVE-2007-2925 was also addressed in 9.3.4p1.
5+
affected:
6+
- package:
7+
name: bind
8+
ecosystem: MidnightBSD
9+
ranges:
10+
- type: ECOSYSTEM
11+
events:
12+
- introduced: "0"
13+
- fixed: "0.2"
14+
references:
15+
- type: WEB
16+
url: https://www.freebsd.org/security/advisories/FreeBSD-SA-07:07.bind.asc
17+
- type: WEB
18+
url: https://www.cve.org/CVERecord?id=CVE-2007-2926
19+
- type: WEB
20+
url: https://www.cve.org/CVERecord?id=CVE-2007-2925
21+
aliases:
22+
- CVE-2007-2926
23+
- CVE-2007-2925
24+
modified: "2007-08-01T12:00:00Z"
25+
published: "2007-08-01T12:00:00Z"
Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
id: MNBSD-2007-3
2+
summary: tcpdump BGP dissector buffer overflow
3+
details: |
4+
tcpdump was patched for a security issue in the BGP dissector (print-bgp.c), where an unchecked value could lead to a buffer overflow and potential denial of service or code execution when decoding malicious traffic. The fix was applied to the 0.2 and 0.1 branches. This corresponds to FreeBSD-SA-07:06.tcpdump.
5+
affected:
6+
- package:
7+
name: tcpdump
8+
ecosystem: MidnightBSD
9+
ranges:
10+
- type: ECOSYSTEM
11+
events:
12+
- introduced: "0"
13+
- fixed: "0.2"
14+
references:
15+
- type: WEB
16+
url: https://www.freebsd.org/security/advisories/FreeBSD-SA-07:06.tcpdump.asc
17+
- type: WEB
18+
url: https://www.cve.org/CVERecord?id=CVE-2007-3798
19+
aliases:
20+
- CVE-2007-3798
21+
modified: "2007-08-01T12:00:00Z"
22+
published: "2007-08-01T12:00:00Z"
Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
id: MNBSD-2008-0
2+
summary: sendfile does not check file access permissions, exposing write-only files
3+
details: |
4+
The sendfile(2) system call did not properly check file access permissions before serving data, allowing a file marked write-only to be served to a client. sendfile is used by many daemons including Apache httpd. A patch to correct the issue was added to CURRENT. This corresponds to FreeBSD-SA-08:03.sendfile.
5+
affected:
6+
- package:
7+
name: kernel
8+
ecosystem: MidnightBSD
9+
ranges:
10+
- type: ECOSYSTEM
11+
events:
12+
- introduced: "0"
13+
- fixed: "0.3"
14+
references:
15+
- type: WEB
16+
url: https://www.freebsd.org/security/advisories/FreeBSD-SA-08:03.sendfile.asc
17+
- type: WEB
18+
url: https://www.cve.org/CVERecord?id=CVE-2008-0777
19+
aliases:
20+
- CVE-2008-0777
21+
modified: "2008-02-15T12:00:00Z"
22+
published: "2008-02-15T12:00:00Z"
Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
id: MNBSD-2008-1
2+
summary: Integer overflow in libc strfmon
3+
details: |
4+
A security issue was found with strfmon(3) in libc: multiple integer overflows could be triggered when processing format strings, potentially leading to memory corruption. The issue was fixed in CURRENT. No dedicated FreeBSD Security Advisory was issued for strfmon.
5+
affected:
6+
- package:
7+
name: libc
8+
ecosystem: MidnightBSD
9+
ranges:
10+
- type: ECOSYSTEM
11+
events:
12+
- introduced: "0"
13+
- fixed: "0.3"
14+
references:
15+
- type: WEB
16+
url: https://www.cve.org/CVERecord?id=CVE-2008-1391
17+
aliases:
18+
- CVE-2008-1391
19+
modified: "2008-04-03T12:00:00Z"
20+
published: "2008-04-03T12:00:00Z"
Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
id: MNBSD-2008-10
2+
summary: arc4random insufficient entropy at system startup
3+
details: |
4+
The arc4random(9) random number framework did not obtain enough entropy at boot, so system services relying on it received predictable random numbers; GEOM classes initialized at startup remained affected. Users were advised to update to RELENG_0_2 (MidnightBSD 0.2.1-p3). This corresponds to FreeBSD-SA-08:11.arc4random.
5+
affected:
6+
- package:
7+
name: kernel
8+
ecosystem: MidnightBSD
9+
ranges:
10+
- type: ECOSYSTEM
11+
events:
12+
- introduced: "0"
13+
- fixed: "0.2.1p3"
14+
references:
15+
- type: WEB
16+
url: https://www.freebsd.org/security/advisories/FreeBSD-SA-08:11.arc4random.asc
17+
- type: WEB
18+
url: https://www.cve.org/CVERecord?id=CVE-2008-5162
19+
aliases:
20+
- CVE-2008-5162
21+
modified: "2008-11-24T12:00:00Z"
22+
published: "2008-11-24T12:00:00Z"
Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
id: MNBSD-2008-11
2+
summary: Insufficiently initialized bluetooth and netgraph network protocol handlers
3+
details: |
4+
Bluetooth and netgraph socket protocol handlers were not initialized properly, leaving function pointers uninitialized. A local user could exploit this to cause a denial of service or potentially execute arbitrary code with kernel privileges. The fix was available in RELENG_0_2, RELENG_0_1, and current. This corresponds to FreeBSD-SA-08:13.protosw.
5+
affected:
6+
- package:
7+
name: kernel
8+
ecosystem: MidnightBSD
9+
ranges:
10+
- type: ECOSYSTEM
11+
events:
12+
- introduced: "0"
13+
- fixed: "0.2.1"
14+
references:
15+
- type: WEB
16+
url: https://www.freebsd.org/security/advisories/FreeBSD-SA-08:13.protosw.asc
17+
- type: WEB
18+
url: https://www.cve.org/CVERecord?id=CVE-2008-5736
19+
aliases:
20+
- CVE-2008-5736
21+
modified: "2008-12-31T12:00:00Z"
22+
published: "2008-12-31T12:00:00Z"
Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
id: MNBSD-2008-2
2+
summary: bzip2 buffer over-read fixed by updating to 1.0.5
3+
details: |
4+
bzip2 was updated to 1.0.5 in CURRENT to correct a security issue, a buffer over-read in bzlib that could cause a crash (denial of service) via a crafted compressed file. No dedicated FreeBSD Security Advisory was issued; it was handled as a contrib update.
5+
affected:
6+
- package:
7+
name: bzip2
8+
ecosystem: MidnightBSD
9+
ranges:
10+
- type: ECOSYSTEM
11+
events:
12+
- introduced: "0"
13+
- fixed: "0.3"
14+
references:
15+
- type: WEB
16+
url: https://www.cve.org/CVERecord?id=CVE-2008-1372
17+
aliases:
18+
- CVE-2008-1372
19+
modified: "2008-04-06T12:00:00Z"
20+
published: "2008-04-06T12:00:00Z"
Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
id: MNBSD-2008-3
2+
summary: Security issue in mksh fixed by updating to r33d
3+
details: |
4+
A security issue was reported in mksh (referenced by Secunia advisory 29803), affecting only CURRENT users. The software was updated to r33d. No CVE could be confidently identified for this issue.
5+
affected:
6+
- package:
7+
name: mksh
8+
ecosystem: MidnightBSD
9+
ranges:
10+
- type: ECOSYSTEM
11+
events:
12+
- introduced: "0"
13+
- fixed: "0.3"
14+
references:
15+
- type: WEB
16+
url: https://www.midnightbsd.org/security/
17+
modified: "2008-04-17T12:00:00Z"
18+
published: "2008-04-17T12:00:00Z"

0 commit comments

Comments
 (0)