From root@fenrir.codigo23.lab Mon May 14 03:22:20 2012 Return-Path: Received: from fenrir.codigo23.lab (localhost [127.0.0.1]) by fenrir.codigo23.lab (8.14.5/8.14.5) with ESMTP id q4D1MNxD038292 for ; Sun, 13 May 2012 03:22:23 +0200 (CEST) (envelope-from root@fenrir.codigo23.lab) Received: (from root@localhost) by fenrir.codigo23.lab (8.14.5/8.14.5/Submit) id q4D1MNLp038270 for root; Sun, 13 May 2012 03:22:23 +0200 (CEST) (envelope-from root) Date: Sun, 13 May 2012 03:22:23 +0200 (CEST) From: Charlie Root Message-Id: <201205130122.q4D1MNLp038270@fenrir.codigo23.lab> To: root@fenrir.codigo23.lab Subject: fenrir.codigo23.lab security run output Checking setuid files and devices: Checking for uids of 0: root 0 toor 0 Checking for passwordless accounts: Checking login.conf permissions: Checking for ports with mismatched checksums: fenrir.codigo23.lab kernel log messages: +++ /tmp/security.94lpgJ1k 2012-05-13 03:22:14.000000000 +0200 +Accounting disabled +Accounting enabled +Accounting disabled +Accounting enabled fenrir.codigo23.lab login failures: fenrir.codigo23.lab refused connections: Checking for a current audit database: Database created: Sat May 12 03:20:04 CEST 2012 Checking for packages with security vulnerabilities: Affected package: nvidia-driver-285.05.09 Type of problem: NVIDIA UNIX driver -- access to arbitrary system memory. Reference: http://portaudit.FreeBSD.org/b91234e7-9a8b-11e1-b666-001636d274f3.html Affected package: chromium-15.0.874.121 Type of problem: chromium -- multiple vulnerabilities. Reference: http://portaudit.FreeBSD.org/94c0ac4f-9388-11e1-b242-00262d5ed8ee.html Affected package: firefox-8.0,1 Type of problem: mozilla -- multiple vulnerabilities. Reference: http://portaudit.FreeBSD.org/380e8c56-8e32-11e1-9580-4061862b8c22.html Affected package: png-1.4.8 Type of problem: png -- memory corruption/possible remote code execution. Reference: http://portaudit.FreeBSD.org/262b92fe-81c8-11e1-8899-001ec9578670.html Affected package: freetype2-2.4.7 Type of problem: freetype -- multiple vulnerabilities. Reference: http://portaudit.FreeBSD.org/462e2d6c-8017-11e1-a571-bcaec565249c.html Affected package: mutt-devel-1.5.21_3 Type of problem: mutt-devel -- failure to check SMTP TLS server certificate. Reference: http://portaudit.FreeBSD.org/49314321-7fd4-11e1-9582-001b2134ef46.html Affected package: chromium-15.0.874.121 Type of problem: chromium -- multiple vulnerabilities. Reference: http://portaudit.FreeBSD.org/057130e6-7f61-11e1-8a43-00262d5ed8ee.html Affected package: chromium-15.0.874.121 Type of problem: chromium -- multiple vulnerabilities. Reference: http://portaudit.FreeBSD.org/b8f0a391-7910-11e1-8a43-00262d5ed8ee.html Affected package: raptor2-2.0.4_1 Type of problem: raptor/raptor2 -- XXE in RDF/XML File Interpretation. Reference: http://portaudit.FreeBSD.org/60f81af3-7690-11e1-9423-00235a5f2c9a.html Affected package: chromium-15.0.874.121 Type of problem: chromium -- multiple vulnerabilities. Reference: http://portaudit.FreeBSD.org/330106da-7406-11e1-a1d7-00262d5ed8ee.html Affected package: libtasn1-2.11 Type of problem: libtasn1 -- ASN.1 length decoding vulnerability. Reference: http://portaudit.FreeBSD.org/2e7e9072-73a0-11e1-a883-001cc0a36e12.html Affected package: gnutls-2.12.14 Type of problem: libtasn1 -- ASN.1 length decoding vulnerability. Reference: http://portaudit.FreeBSD.org/2e7e9072-73a0-11e1-a883-001cc0a36e12.html Affected package: gnutls-2.12.14 Type of problem: gnutls -- possible overflow/Denial of service vulnerabilities. Reference: http://portaudit.FreeBSD.org/aecee357-739e-11e1-a883-001cc0a36e12.html Affected package: firefox-8.0,1 Type of problem: mozilla -- multiple vulnerabilities. Reference: http://portaudit.FreeBSD.org/a1050b8b-6db3-11e1-8b37-0011856a6e37.html Affected package: portaudit-0.5.17 Type of problem: portaudit -- auditfile remote code execution. Reference: http://portaudit.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html Affected package: chromium-15.0.874.121 Type of problem: chromium -- Errant plug-in load and GPU process memory corruption. Reference: http://portaudit.FreeBSD.org/ab1f515d-6b69-11e1-8288-00262d5ed8ee.html Affected package: chromium-15.0.874.121 Type of problem: chromium -- cross-site scripting vulnerability. Reference: http://portaudit.FreeBSD.org/1015e1fe-69ce-11e1-8288-00262d5ed8ee.html Affected package: chromium-15.0.874.121 Type of problem: chromium -- multiple vulnerabilities. Reference: http://portaudit.FreeBSD.org/99aef698-66ed-11e1-8288-00262d5ed8ee.html Affected package: postgresql-client-8.4.10 Type of problem: databases/postgresql*-client -- multiple vulnerabilities. Reference: http://portaudit.FreeBSD.org/174b8864-6237-11e1-be18-14dae938ec40.html Affected package: libxml2-2.7.8_1 Type of problem: libxml2 -- heap buffer overflow. Reference: http://portaudit.FreeBSD.org/57f1a624-6197-11e1-b98c-bcaec565249c.html Affected package: chromium-15.0.874.121 Type of problem: chromium -- multiple vulnerabilities. Reference: http://portaudit.FreeBSD.org/2f5ff968-5829-11e1-8288-00262d5ed8ee.html Affected package: python24-2.4.5_8 Type of problem: Python -- DoS via malformed XML-RPC / HTTP POST request. Reference: http://portaudit.FreeBSD.org/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html Affected package: chromium-15.0.874.121 Type of problem: chromium -- multiple vulnerabilities. Reference: http://portaudit.FreeBSD.org/fe1976c2-5317-11e1-9e99-00262d5ed8ee.html Affected package: firefox-8.0,1 Type of problem: mozilla -- multiple vulnerabilities. Reference: http://portaudit.FreeBSD.org/0a9e2b72-4cb7-11e1-9146-14dae9ebcf89.html Affected package: sudo-1.8.3_1 Type of problem: sudo -- format string vulnerability. Reference: http://portaudit.FreeBSD.org/7c920bb7-4b5f-11e1-9f47-00e0815b8da8.html Affected package: chromium-15.0.874.121 Type of problem: chromium -- multiple vulnerabilities. Reference: http://portaudit.FreeBSD.org/33d73d59-4677-11e1-88cd-00262d5ed8ee.html Affected package: wireshark-1.6.2 Type of problem: Wireshark -- Multiple vulnerabilities. Reference: http://portaudit.FreeBSD.org/3ebb2dc8-4609-11e1-9f47-00e0815b8da8.html Affected package: ffmpeg-0.7.8,1 Type of problem: ffmpeg -- multiple vulnerabilities. Reference: http://portaudit.FreeBSD.org/ea2ddc49-3e8e-11e1-8095-5404a67eef98.html Affected package: chromium-15.0.874.121 Type of problem: chromium -- multiple vulnerabilities. Reference: http://portaudit.FreeBSD.org/1a1aef8e-3894-11e1-8b5c-00262d5ed8ee.html Affected package: firefox-8.0,1 Type of problem: mozilla -- multiple vulnerabilities. Reference: http://portaudit.FreeBSD.org/e3ff776b-2ba6-11e1-93c6-0011856a6e37.html Affected package: chromium-15.0.874.121 Type of problem: chromium -- multiple vulnerabilities. Reference: http://portaudit.FreeBSD.org/68ac6266-25c3-11e1-b63a-00262d5ed8ee.html Affected package: libXfont-1.4.4,1 Type of problem: libXfont -- possible local privilege escalation. Reference: http://portaudit.FreeBSD.org/304409c3-c3ef-11e0-8aa5-485d60cb5385.html 32 problem(s) in your installed packages found. You are advised to update or deinstall the affected package(s) immediately. -- End of security output --