Improve formatting

Also add plexmediaserver-plexpass package as vulnerable
svn path=/head/; revision=479532
2024-12-17 03:25:46 +00:00 · 2018-09-11 16:13:58 +00:00 · 2018-09-11 16:13:58 +00:00 · b650bfd4d4 · 2021-03-31 03:12:20 +00:00
commit b650bfd4d4
parent 6f6f767d3c
1 changed files with 10 additions and 9 deletions
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@ -63,6 +63,7 @@ Notes:
    <affects>
      <package>
 	<name>plexmediaserver</name>
+	<name>plexmediaserver-plexpass</name>
 	<range><lt>1.13.5.5332</lt></range>
      </package>
    </affects>
@ -71,17 +72,17 @@ Notes:
 	<p>Chris reports:</p>
 	<blockquote cite="https://seclists.org/fulldisclosure/2018/Aug/1">
 	  <p>The XML parsing engine for Plex Media Server's SSDP/UPNP
-	    functionality is vulnerable to an XML External Entity 
+	    functionality is vulnerable to an XML External Entity
 	    Processing (XXE) attack. Unauthenticated attackers on the same LAN can
 	    use this vulnerability to:</p>
-	  <li>
-	  <ul>Access arbitrary files from the filesystem with the same permission as
-	  the user account running Plex.</ul>
-	  <ul>Initiate SMB connections to capture NetNTLM challenge/response and
-	  crack to clear-text password.</ul>
-	  <ul>Initiate SMB connections to relay NetNTLM challenge/response and
-	  achieve Remote Command Execution in Windows domains.</ul>
-	  </li>
+	  <ul>
+	  <li>Access arbitrary files from the filesystem with the same permission as
+	  the user account running Plex.</li>
+	  <li>Initiate SMB connections to capture NetNTLM challenge/response and
+	  crack to clear-text password.</li>
+	  <li>Initiate SMB connections to relay NetNTLM challenge/response and
+	  achieve Remote Command Execution in Windows domains.</li>
+	  </ul>
 	</blockquote>
      </body>
    </description>