• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

CVE forum discussion categories?

Off-Topic & Non-Support Discussion
vulnerability
5
20
1.3k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    rcoleman-netgate Netgate @JonathanLee
    last edited by May 17, 2023, 4:42 AM

    @jonathanlee Likely pfBlockerNG

    Ryan
    Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
    Requesting firmware for your Netgate device? https://go.netgate.com
    Switching: Mikrotik, Netgear, Extreme
    Wireless: Aruba, Ubiquiti

    J D 2 Replies Last reply May 17, 2023, 4:46 AM Reply Quote 1
    • J
      JonathanLee @rcoleman-netgate
      last edited by May 17, 2023, 4:46 AM

      @rcoleman-netgate I have Squidguard, squid, squidlite, cron, watchdog, snort, patches,

      login-to-view

      Make sure to upvote

      R 1 Reply Last reply May 17, 2023, 4:56 AM Reply Quote 0
      • D
        Dobby_ @rcoleman-netgate
        last edited by May 17, 2023, 4:54 AM

        @rcoleman-netgate
        On 23.05 RC
        pfBlockerNG_v3.2.0_5

        On 2.7 devel
        pfBlockerNG_v3.2.0_4

        @JonathanLee
        23.05 RC
        login-to-view
        2.7 Devel
        login-to-view

        #~. @Dobby

        Turris Omnia - 4 Ports - 2 GB RAM / TurrisOS 7 Release (Btrfs)
        PC Engines APU4D4 - 4 Ports - 4 GB RAM / pfSense CE 2.7.2 Release (ZFS)
        PC Engines APU6B4 - 4 Ports - 4 GB RAM / pfSense+ (Plus) 24.03_1 Release (ZFS)

        J 1 Reply Last reply May 17, 2023, 4:56 AM Reply Quote 1
        • J
          JonathanLee @Dobby_
          last edited by May 17, 2023, 4:56 AM

          @dobby_ i noticed strongswan also shows as an issue for me. I am still running 23.01 the version before 23.05.

          Make sure to upvote

          D 1 Reply Last reply May 17, 2023, 5:03 AM Reply Quote 0
          • R
            rcoleman-netgate Netgate @JonathanLee
            last edited by May 17, 2023, 4:56 AM

            @jonathanlee said in CVE forum discussion categories?:

            @rcoleman-netgate I have Squidguard, squid, squidlite, cron, watchdog, snort, patches,

            I suspect curl() is required by System Patches. You can find dependencies from the System->Packages page.

            Ryan
            Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
            Requesting firmware for your Netgate device? https://go.netgate.com
            Switching: Mikrotik, Netgear, Extreme
            Wireless: Aruba, Ubiquiti

            1 Reply Last reply Reply Quote 1
            • D
              Dobby_ @JonathanLee
              last edited by Dobby_ May 17, 2023, 5:05 AM May 17, 2023, 5:03 AM

              @jonathanlee said in CVE forum discussion categories?:

              @dobby_ i noticed strongswan also shows as an issue for me. I am still running 23.01 the version before 23.05.

              Many patches were finding its way into the 23.05 and
              on top I think there will be more actual packages ad/or
              other version inside that will be not anymore affected
              by the vuln`s you were presenting.

              23.05 RC Strongswan

              [23.05-RC][root@xx xx xx]/root: pkg info strongswan
              strongswan-5.9.10_2
              Name           : strongswan
              Version        : 5.9.10_2
              Installed on   : Wed May 10 22:13:58 2023 CEST
              Origin         : security/strongswan
              Architecture   : FreeBSD:14:amd64
              Prefix         : /usr/local
              Categories     : security net-vpn
              Licenses       : GPLv2
              Maintainer     : strongswan@nanoteq.com
              WWW            : https://www.strongswan.org
              Comment        : Open Source IKEv2 IPsec-based VPN solution
              Options        :
                      BUILTIN        : off
                      CTR            : off
                      CURL           : on
                      EAPAKA3GPP2    : off
                      EAPDYNAMIC     : on
                      EAPRADIUS      : on
                      EAPSIMFILE     : on
                      FARP           : off
                      GCM            : on
                      IKEV1          : on
                      IPSECKEY       : on
                      KDF            : on
                      KERNELLIBIPSEC : off
                      LDAP           : off
                      LIBC           : off
                      LOADTESTER     : off
                      MEDIATION      : off
                      MYSQL          : off
                      PKCS11         : on
                      PKI            : on
                      PYTHON         : off
                      SCEP           : off
                      SMP            : off
                      SQLITE         : off
                      SWANCTL        : on
                      TESTVECTOR     : off
                      TPM            : off
                      TSS2           : off
                      UNBOUND        : on
                      UNITY          : on
                      VICI           : on
                      VSTR           : on
                      XAUTH          : on
              Shared Libs required:
                      libvstr-1.0.so.0
                      libunbound.so.8
                      libldns.so.3
                      libcurl.so.4
              Shared Libs provided:
                      libvici.so.0
                      libtls.so.0
                      libstrongswan.so.0
                      libstrongswan-xcbc.so
                      libstrongswan-xauth-pam.so
                      libstrongswan-xauth-generic.so
                      libstrongswan-xauth-eap.so
                      libstrongswan-x509.so
                      libstrongswan-whitelist.so
                      libstrongswan-vici.so
                      libstrongswan-updown.so
                      libstrongswan-unity.so
                      libstrongswan-unbound.so
                      libstrongswan-stroke.so
                      libstrongswan-sshkey.so
                      libstrongswan-socket-default.so
                      libstrongswan-sha2.so
                      libstrongswan-sha1.so
                      libstrongswan-revocation.so
                      libstrongswan-resolve.so
                      libstrongswan-rc2.so
                      libstrongswan-random.so
                      libstrongswan-pubkey.so
                      libstrongswan-pkcs8.so
                      libstrongswan-pkcs7.so
                      libstrongswan-pkcs12.so
                      libstrongswan-pkcs11.so
                      libstrongswan-pkcs1.so
                      libstrongswan-pgp.so
                      libstrongswan-pem.so
                      libstrongswan-openssl.so
                      libstrongswan-nonce.so
                      libstrongswan-md5.so
                      libstrongswan-md4.so
                      libstrongswan-kernel-pfroute.so
                      libstrongswan-kernel-pfkey.so
                      libstrongswan-kdf.so
                      libstrongswan-ipseckey.so
                      libstrongswan-hmac.so
                      libstrongswan-gcm.so
                      libstrongswan-fips-prf.so
                      libstrongswan-eap-ttls.so
                      libstrongswan-eap-tls.so
                      libstrongswan-eap-sim.so
                      libstrongswan-eap-sim-file.so
                      libstrongswan-eap-radius.so
                      libstrongswan-eap-peap.so
                      libstrongswan-eap-mschapv2.so
                      libstrongswan-eap-md5.so
                      libstrongswan-eap-identity.so
                      libstrongswan-eap-dynamic.so
                      libstrongswan-drbg.so
                      libstrongswan-dnskey.so
                      libstrongswan-des.so
                      libstrongswan-curve25519.so
                      libstrongswan-curl.so
                      libstrongswan-counters.so
                      libstrongswan-constraints.so
                      libstrongswan-cmac.so
                      libstrongswan-blowfish.so
                      libstrongswan-attr.so
                      libstrongswan-aes.so
                      libstrongswan-addrblock.so
                      libsimaka.so.0
                      libradius.so.0
                      libcharon.so.0
              Annotations    :
                      FreeBSD_version: 1400085
                      build_timestamp: 2023-05-04T17:08:03+0000
                      built_by       : poudriere-git-3.3.99.20220831
                      cpe            : cpe:2.3:a:strongswan:strongswan:5.9.10:::::freebsd14:x64:2
                      port_checkout_unclean: no
                      port_git_hash  : 78ba9de1f8df
                      ports_top_checkout_unclean: yes
                      ports_top_git_hash: e7f28213b661
                      repo_type      : binary
                      repository     : pfSense
              Flat size      : 3.24MiB
              Description    :
              Strongswan is an open source IPsec-based VPN solution.
              Strongswan for FreeBSD implements both the IKEv1 and IKEv2 (RFC 5996) key
              exchange protocols.
              
              WWW: https://www.strongswan.org
              

              2.7 Strongswan

              [2.7.0-DEVELOPMENT][root@xx xx xx]/root: pkg info strongswan
              strongswan-5.9.10_2
              Name           : strongswan
              Version        : 5.9.10_2
              Installed on   : Mon May  8 21:38:18 2023 CEST
              Origin         : security/strongswan
              Architecture   : FreeBSD:14:amd64
              Prefix         : /usr/local
              Categories     : security net-vpn
              Licenses       : GPLv2
              Maintainer     : strongswan@nanoteq.com
              WWW            : https://www.strongswan.org
              Comment        : Open Source IKEv2 IPsec-based VPN solution
              Options        :
                      BUILTIN        : off
                      CTR            : off
                      CURL           : on
                      EAPAKA3GPP2    : off
                      EAPDYNAMIC     : on
                      EAPRADIUS      : on
                      EAPSIMFILE     : on
                      FARP           : off
                      GCM            : on
                      IKEV1          : on
                      IPSECKEY       : on
                      KDF            : on
                      KERNELLIBIPSEC : off
                      LDAP           : off
                      LIBC           : off
                      LOADTESTER     : off
                      MEDIATION      : off
                      MYSQL          : off
                      PKCS11         : on
                      PKI            : on
                      PYTHON         : off
                      SCEP           : off
                      SMP            : off
                      SQLITE         : off
                      SWANCTL        : on
                      TESTVECTOR     : off
                      TPM            : off
                      TSS2           : off
                      UNBOUND        : on
                      UNITY          : on
                      VICI           : on
                      VSTR           : on
                      XAUTH          : on
              Shared Libs required:
                      libvstr-1.0.so.0
                      libunbound.so.8
                      libldns.so.3
                      libcurl.so.4
              Shared Libs provided:
                      libvici.so.0
                      libtls.so.0
                      libstrongswan.so.0
                      libstrongswan-xcbc.so
                      libstrongswan-xauth-pam.so
                      libstrongswan-xauth-generic.so
                      libstrongswan-xauth-eap.so
                      libstrongswan-x509.so
                      libstrongswan-whitelist.so
                      libstrongswan-vici.so
                      libstrongswan-updown.so
                      libstrongswan-unity.so
                      libstrongswan-unbound.so
                      libstrongswan-stroke.so
                      libstrongswan-sshkey.so
                      libstrongswan-socket-default.so
                      libstrongswan-sha2.so
                      libstrongswan-sha1.so
                      libstrongswan-revocation.so
                      libstrongswan-resolve.so
                      libstrongswan-rc2.so
                      libstrongswan-random.so
                      libstrongswan-pubkey.so
                      libstrongswan-pkcs8.so
                      libstrongswan-pkcs7.so
                      libstrongswan-pkcs12.so
                      libstrongswan-pkcs11.so
                      libstrongswan-pkcs1.so
                      libstrongswan-pgp.so
                      libstrongswan-pem.so
                      libstrongswan-openssl.so
                      libstrongswan-nonce.so
                      libstrongswan-md5.so
                      libstrongswan-md4.so
                      libstrongswan-kernel-pfroute.so
                      libstrongswan-kernel-pfkey.so
                      libstrongswan-kdf.so
                      libstrongswan-ipseckey.so
                      libstrongswan-hmac.so
                      libstrongswan-gcm.so
                      libstrongswan-fips-prf.so
                      libstrongswan-eap-ttls.so
                      libstrongswan-eap-tls.so
                      libstrongswan-eap-sim.so
                      libstrongswan-eap-sim-file.so
                      libstrongswan-eap-radius.so
                      libstrongswan-eap-peap.so
                      libstrongswan-eap-mschapv2.so
                      libstrongswan-eap-md5.so
                      libstrongswan-eap-identity.so
                      libstrongswan-eap-dynamic.so
                      libstrongswan-drbg.so
                      libstrongswan-dnskey.so
                      libstrongswan-des.so
                      libstrongswan-curve25519.so
                      libstrongswan-curl.so
                      libstrongswan-counters.so
                      libstrongswan-constraints.so
                      libstrongswan-cmac.so
                      libstrongswan-blowfish.so
                      libstrongswan-attr.so
                      libstrongswan-aes.so
                      libstrongswan-addrblock.so
                      libsimaka.so.0
                      libradius.so.0
                      libcharon.so.0
              Annotations    :
                      FreeBSD_version: 1400085
                      build_timestamp: 2023-04-27T06:52:01+0000
                      built_by       : poudriere-git-3.3.99.20220831
                      cpe            : cpe:2.3:a:strongswan:strongswan:5.9.10:::::freebsd14:x64:2
                      port_checkout_unclean: no
                      port_git_hash  : 78ba9de1f8df
                      ports_top_checkout_unclean: yes
                      ports_top_git_hash: 78ba9de1f8df
                      repo_type      : binary
                      repository     : pfSense
              Flat size      : 3.24MiB
              Description    :
              Strongswan is an open source IPsec-based VPN solution.
              Strongswan for FreeBSD implements both the IKEv1 and IKEv2 (RFC 5996) key
              exchange protocols.
              
              WWW: https://www.strongswan.org
              

              #~. @Dobby

              Turris Omnia - 4 Ports - 2 GB RAM / TurrisOS 7 Release (Btrfs)
              PC Engines APU4D4 - 4 Ports - 4 GB RAM / pfSense CE 2.7.2 Release (ZFS)
              PC Engines APU6B4 - 4 Ports - 4 GB RAM / pfSense+ (Plus) 24.03_1 Release (ZFS)

              1 Reply Last reply Reply Quote 1
              • J
                JonathanLee @Dobby_
                last edited by May 17, 2023, 7:07 PM

                @dobby_ how did you update curl?

                login-to-view

                Make sure to upvote

                D 1 Reply Last reply May 17, 2023, 7:14 PM Reply Quote 0
                • D
                  Dobby_ @JonathanLee
                  last edited by May 17, 2023, 7:14 PM

                  @jonathanlee said in CVE forum discussion categories?:

                  @dobby_ how did you update curl?

                  I never did that! I was only installing 23.05 RC and on the
                  other hardware 2.7 Devel, both are amd64 (x86_64), so
                  I don´t know in real but I am imagine that in the newer
                  versions are also newer packets (pkg`s) installed or the
                  last available versions of some packets, modules and so
                  on and so on.

                  #~. @Dobby

                  Turris Omnia - 4 Ports - 2 GB RAM / TurrisOS 7 Release (Btrfs)
                  PC Engines APU4D4 - 4 Ports - 4 GB RAM / pfSense CE 2.7.2 Release (ZFS)
                  PC Engines APU6B4 - 4 Ports - 4 GB RAM / pfSense+ (Plus) 24.03_1 Release (ZFS)

                  1 Reply Last reply Reply Quote 1
                  • M
                    mer
                    last edited by May 18, 2023, 11:23 AM

                    pkg info -r curl should tell you what packages are depending on the curl package

                    J 1 Reply Last reply May 22, 2023, 10:38 PM Reply Quote 2
                    • J
                      JonathanLee @mer
                      last edited by May 22, 2023, 10:38 PM

                      @mer

                      login-to-view

                      After the update to 23.05

                      login-to-view

                      It is like I have two different versions installed.

                      Make sure to upvote

                      D 1 Reply Last reply May 23, 2023, 12:05 AM Reply Quote 0
                      • D
                        Dobby_ @JonathanLee
                        last edited by May 23, 2023, 12:05 AM

                        @jonathanlee

                        This time I have one more then you!
                        login-to-view

                        #~. @Dobby

                        Turris Omnia - 4 Ports - 2 GB RAM / TurrisOS 7 Release (Btrfs)
                        PC Engines APU4D4 - 4 Ports - 4 GB RAM / pfSense CE 2.7.2 Release (ZFS)
                        PC Engines APU6B4 - 4 Ports - 4 GB RAM / pfSense+ (Plus) 24.03_1 Release (ZFS)

                        J 1 Reply Last reply May 23, 2023, 2:27 AM Reply Quote 0
                        • J
                          JonathanLee @Dobby_
                          last edited by May 23, 2023, 2:27 AM

                          @dobby_ I wonder how we can fix curl issues

                          Make sure to upvote

                          D 1 Reply Last reply May 23, 2023, 4:42 AM Reply Quote 0
                          • D
                            Dobby_ @JonathanLee
                            last edited by Dobby_ May 23, 2023, 7:59 AM May 23, 2023, 4:42 AM

                            @jonathanlee said in CVE forum discussion categories?:

                            @dobby_ I wonder how we can fix curl issues

                            Before it wasn`t marked as vuln. and now it is also shown
                            in the newer version, perhaps they found the problems
                            in the last days/hours and before it was not known.

                            As an example and compared to the 2.7 Devel version
                            (latest) you may able to see what we can await from
                            the real 2.7 Release.

                            login-to-view

                            #~. @Dobby

                            Turris Omnia - 4 Ports - 2 GB RAM / TurrisOS 7 Release (Btrfs)
                            PC Engines APU4D4 - 4 Ports - 4 GB RAM / pfSense CE 2.7.2 Release (ZFS)
                            PC Engines APU6B4 - 4 Ports - 4 GB RAM / pfSense+ (Plus) 24.03_1 Release (ZFS)

                            1 Reply Last reply Reply Quote 0
                            • J
                              jimp Rebel Alliance Developer Netgate
                              last edited by May 23, 2023, 12:57 PM

                              More often than not even if something is marked as a problem in cURL, the actual bug does not affect how cURL is used in pfSense software.

                              Many of these bugs end up being about connecting to random/arbitrary malicious servers or using options/features/functions that never get enabled on pfSense, and so on.

                              So it's not enough to see that something is flagged as being potentially vulnerable you also have to know if that vulnerable use case applies to cURL in this type of environment.

                              Usually if something is worth worrying about we'll bump the package even for older releases and then people can upgrade it manually from the shell, but sometimes that isn't feasible.

                              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                              Need help fast? Netgate Global Support!

                              Do not Chat/PM for help!

                              1 Reply Last reply Reply Quote 3
                              • J
                                JonathanLee
                                last edited by May 23, 2023, 2:24 PM

                                I got rid of some multiples in CURL and Strongswan by installing and uninstalling the package NUT again. NUT had some left over files from the last pfSense version.

                                login-to-view

                                Make sure to upvote

                                1 Reply Last reply Reply Quote 1
                                15 out of 20
                                • First post
                                  15/20
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.