FreeBSD -- Multiple portsnap vulnerabilities
Flaws in portsnap's verification of downloaded tar files
allows additional files to be included without causing the
verification to fail. Portsnap may then use or execute these
An attacker who can conduct man in the middle attack on
the network at the time when portsnap is run can cause
portsnap to execute arbitrary commands under the credentials
of the user who runs portsnap, typically root.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright