From dz@426.ch  Fri Jun 10 08:33:25 2005
Return-Path: <dz@426.ch>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9B61416A41C
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 10 Jun 2005 08:33:25 +0000 (GMT)
	(envelope-from dz@426.ch)
Received: from smtp1.netcologne.de (smtp1.netcologne.de [194.8.194.112])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5072143D1D
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 10 Jun 2005 08:33:24 +0000 (GMT)
	(envelope-from dz@426.ch)
Received: from trevize.426.ch (xdsl-213-196-253-152.netcologne.de [213.196.253.152])
	by smtp1.netcologne.de (Postfix) with ESMTP id 6AE8C39301
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 10 Jun 2005 10:33:22 +0200 (MEST)
Received: by trevize.a.426.ch (Postfix, from userid 1000)
	id D930067B82; Fri, 10 Jun 2005 10:33:19 +0200 (CEST)
Message-Id: <20050610083319.D930067B82@trevize.a.426.ch>
Date: Fri, 10 Jun 2005 10:33:19 +0200 (CEST)
From: Derik van Zuetphen <dz@426.ch>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: security vulerability in sysutils/nwclient(602)
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         82101
>Category:       ports
>Synopsis:       security vulerability in sysutils/nwclient(602)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    niels
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 10 08:40:15 GMT 2005
>Closed-Date:    Mon Jul 18 13:04:19 GMT 2005
>Last-Modified:  Mon Jul 18 13:04:19 GMT 2005
>Originator:     Derik van Zuetphen
>Release:        FreeBSD 5.4-RELEASE-p1 i386
>Organization:
>Environment:
System: FreeBSD trevize.a.426.ch 5.4-RELEASE-p1 FreeBSD 5.4-RELEASE-p1 #15: Mon May 30 14:32:58 CEST 2005 root@trevize.a.426.ch:/usr/obj/usr/src/sys/TREVIZE i386


>Description:
	sysutils/nwclient602 and sysutils/nwclient have multiple security 
	vulnerabilities according to
		http://www3.ca.com/securityadvisor/vulninfo/Vuln.aspx?ID=4666

	this should either be updated or mentioned in the VuXML database.



>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->	 niels  
Responsible-Changed-By: niels 
Responsible-Changed-When: Wed Jun 15 07:23:29 GMT 2005 
Responsible-Changed-Why:  
Thanks, I'll look into this. 

The first problem I already ran into is that recent versions 
of this software don't seem to be freely available anymore. In 
fact, after filling in an evaluation form I didn't get the expected 
download link, I got the following: 

### START 
A sales representative will contact you shortly with download 
instructions for your primary request, as well as any additional 
products you would like to evaluate. 
### STOP 

I'll keep you posted. 

Niels 




http://www.freebsd.org/cgi/query-pr.cgi?pr=82101 

From: Derik van Zuetphen <dz@426.ch>
To: bug-followup@FreeBSD.org, niels@FreeBSD.org
Cc:  
Subject: Re: ports/82101: security vulerability in sysutils/nwclient(602)
Date: Thu, 16 Jun 2005 18:20:34 +0200

 Hi Niels,
 
 as far as I see, the FreeBSD version was made be a company named Feral
 (http://www.feral.com), which does not exist anymore.
 
 But you can download the Linux version from
 http://www.legato.com/support/websupport/patches_updates/networker.htm
 
 Unfortunately, it doesn't work. The Networker savefs binary produces
 no result, when it is called by the server with argument "-p".
 
 Unless nobody can make the Linux version work, I don't see the
 possibility of an update. 
 
 But the two nwclient ports should still be marked as vulnerable.
 
 
 -Derik.
 
State-Changed-From-To: open->	 closed 
State-Changed-By: niels 
State-Changed-When: Mon Jul 18 13:02:57 GMT 2005 
State-Changed-Why:  


VuXMLwas comitted last week. In addition the ports have been makred forbidden. 

Tnx! 

Niels 


http://www.freebsd.org/cgi/query-pr.cgi?pr=82101 
>Unformatted:
