Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Vulnerability - Action Required: some unpatched vulnerabilities are detected in your repo #353

Open
Crispy-fried-chicken opened this issue Feb 4, 2024 · 1 comment
Open

Security Vulnerability - Action Required: some unpatched vulnerabilities are detected in your repo #353

Crispy-fried-chicken opened this issue Feb 4, 2024 · 1 comment

Comments

@Crispy-fried-chicken
Copy link

Crispy-fried-chicken commented Feb 4, 2024
edited
Loading

Hi,
I've notice that someone warned that there is some vulnerabilities exist in this repo, and we have scanned your repo by our self-developed tool which mainly uses static analysis methods, and has a high detection accuracy in our dataset. We have also received positive feedback from other projects before.
Here are some details as follows:

  1. nextitem and netclear functions from libexec/telnetd/utility.c, which shares the similarity with CVE-2020-10188 and the patch is freebsd/freebsd-src@5760cb2
  2. xprt_set_caller function from tests/fs/nfs/nfsservice/rpcbind/rpcb_svc_com.c , which shares the similarity with CVE-2015-7236 and the patch is freebsd/freebsd-src@066c492
  3. lookup_bytestring and linkaddr_string functions from external/bsd/tcpdump/dist/addrtoname.c, which shares the similarity with CVE-2017-12894 and the patch is the-tcpdump-group/tcpdump@730fc35
  4. atm_if_print and juniper_mlfr_print function from external/bsd/tcpdump/dist/print-juniper.c, which shares the similarity with CVE-2017-12897 and the patch is the-tcpdump-group/tcpdump@1dcd10a
  5. parserep function from external/bsd/tcpdump/dist/print-nfs.c, which shares the similarity with CVE-2017-12898 and the patch is the-tcpdump-group/tcpdump@19d25dd
  6. juniper_parse_header function from external/bsd/tcpdump/dist/print-juniper.c, which shares the similarity with CVE-2017-12993 the-tcpdump-group/tcpdump@b534e30
  7. beep_print from external/bsd/tcpdump/dist/print-beep.c, which shares the similarity with CVE-2017-13010 and the patch is the-tcpdump-group/tcpdump@877b66b
  8. arp_print functions from external/bsd/tcpdump/dist/print-arp.c, which shares the similarity with CVE-2017-13013 and the patch is the-tcpdump-group/tcpdump@13ab8d1
  9. ip_printroute and ip_optprint from external/bsd/tcpdump/dist/print-ip.c, which shares the similarity with CVE-2017-13022 and the patch is the-tcpdump-group/tcpdump@eee0b04
  10. pimv1_join_prune_print, cisco_autorp_print, pim_print, pimv2_addr_print and pimv2_print functions from external/bsd/tcpdump/dist/print-pim.c, which shares the similarity with CVE-2017-13030 and the patch is the-tcpdump-group/tcpdump@5dc1860
  11. ip_printts and ip_optprint functions from external/bsd/tcpdump/dist/print-ip.c, which shares the similarity with CVE-2017-13037 and the patch is the-tcpdump-group/tcpdump@2c2cfbd
  12. mp_capable_print, mp_join_print, mp_dss_print and mp_dss_len functions from external/bsd/tcpdump/dist/print-mptcp.c , which shares the similarity with CVE-2017-13040 and the patch is the-tcpdump-group/tcpdump@4c3aee4
  13. arp_print functions from external/bsd/tcpdump/dist/print-arp.c, which shares the similarity with CVE-2016-7923 and the patch is the-tcpdump-group/tcpdump@64f6392
  14. udp_print function from external/bsd/tcpdump/dist/print-udp.c, which shares the similarity with CVE-2016-7934 and the patch is the-tcpdump-group/tcpdump@cb922d0
  15. gre_print_0, gre_sre_print, gre_sre_ip_print, gre_sre_asn_print and gre_print_1 from external/bsd/tcpdump/dist/print-gre.c, which shares the similarity with CVE-2016-7939 and the patch is the-tcpdump-group/tcpdump@237efcf
  16. stp_print_config_bpdu, stp_print_mstp_bpdu and stp_print_spb_bpdu from external/bsd/tcpdump/dist/print-stp.c, which shares the similarity with CVE-2016-7940 and the patch is the-tcpdump-group/tcpdump@968776f
  17. bootp_print and tftp_print functions from external/bsd/tcpdump/dist/print-bootp.c and external/bsd/tcpdump/dist/print-tftp.c respectively, which shares the similarity with CVE-2016-7983 and the patch is the-tcpdump-group/tcpdump@7bf069c
  18. atm_print from external/bsd/tcpdump/dist/print-atm.c, which shares the similarity with CVE-2017-5484 and the patch is the-tcpdump-group/tcpdump@5d214e3
  19. CMS_decrypt, pkcs7_decrypt_rinfo and PKCS7_dataDecode functions from crypto/external/bsd/openssl/dist/crypto/cms/cms_smime.c and crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_doit.c respectively, which shares the similarity with CVE-2019-1563 and the patch is openbsd/src@0ae7bae
  20. rsa_pss_decode function from crypto/external/bsd/openssl/dist/crypto/rsa/rsa_ameth.c, which shares the similarity with CVE-2015-3194 and the patch is openbsd/src@b979545
  21. asn1_template_noexp_d2i and ASN1_item_ex_d2i functions from crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c, which shares the similarity with CVE-2015-3195 and the patch is openbsd/src@5280233
  22. _dopr, fmtstr, fmtint, fmtfp and doapr_outch function from external/bsd/openssl/dist/crypto/bio/b_print.c, which shares the similarity with CVE-2016-0799 and the patch is openssl/openssl@9cb1773
  23. BN_hex2bn and BN_dec2bn function from crypto/external/bsd/openssl/dist/crypto/bn/bn_print.c, which shares the similarity with CVE-2016-0797 and the patch is openssl/openssl@99ba9fd
  24. stp_print_mstp_bpdu and stp_print function from external/bsd/tcpdump/dist/print-stp.c, which shares the similarity with CVE-2017-11108 and the patch is the-tcpdump-group/tcpdump@d9e65de
  25. asn1_template_ex_d2i and asn1_template_noexp_d2i function from crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c, which shares the similarity with CVE-2018-0739 and the patch is openssl/openssl@4cabbb9
  26. aesni_cbc_hmac_sha1_cipher function from crypto/external/bsd/openssl/dist/crypto/evp/e_aes_cbc_hmac_sha1.c, which shares the similarity with CVE-2016-2107 and the patch is openssl/openssl@70428ea
  27. MakeFilename function from external/bsd/tcpdump/dist/tcpdump.c, which shares the similarity with CVE-2023-1801 and the patch is the-tcpdump-group/tcpdump@03c037b
  28. krb5_pac_parse function from crypto/external/bsd/heimdal/dist/lib/krb5/pac.c, which shares the similarity with CVE-2022-42898 and the patch is krb5/krb5@ea92d2f
    We have preliminarily verified the correctness of the above list through static analysis. Would you can help to check if these bugs are true? If they're true, please try to fix it, all of the vulnerabilities' root cause is that you use the old version of the freebsd, so maybe you should try to update this submodule. Thank you for your effort and patience!
@petershh
Copy link

petershh commented Feb 4, 2024
edited
Loading

Hello,

  1. You can keep all related issues in a single issue rather than creating multiple issues;
  2. Minix does not use any of FreeBSD code, and there are no submodules. Please fix your tool;
  3. As I said in the issue you have mentioned: in-tree software is heavily outdated; pkgsrc version used by Minix is heavily outdated; Minix itself needs a lot of effort to become more secure and to allow software upgrades. As for now, Minix should be considered insecure for production usage. Fixing vulnerabilities you have outlined will change nothing.

If you want to contribute to Minix in a more meaningful way, please take a look at a list stux has put together: https://groups.google.com/g/minix3/c/nUG1NwxXXkg .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@petershh @Crispy-fried-chicken