From owner-freebsd-ports Fri Oct 27 15:45:38 2000 Delivered-To: freebsd-ports@freebsd.org Received: from mailgw1.netvision.net.il (mailgw1.netvision.net.il [194.90.1.14]) by hub.freebsd.org (Postfix) with ESMTP id 7F8EC37B479; Fri, 27 Oct 2000 15:45:35 -0700 (PDT) Received: from alchemy.oven.org (ras1-p101.hfa.netvision.net.il [62.0.145.101]) by mailgw1.netvision.net.il (8.9.3/8.9.3) with ESMTP id AAA00722; Sat, 28 Oct 2000 00:45:23 +0200 (IST) Received: (from mapc@localhost) by alchemy.oven.org (8.11.0/8.11.0) id e9RMk9L61070; Sat, 28 Oct 2000 00:46:09 +0200 (IST) (envelope-from mapc) Date: Sat, 28 Oct 2000 00:46:08 +0200 From: Roman Shterenzon To: nectar@freebsd.org, ports@freebsd.org, jwise@pathwaynet.com Subject: Remote buffer overflow in gnomeicu 0.93 Message-ID: <20001028004608.A61058@alchemy.oven.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, Yesterday, running sockstat I noticed that openicu listens on TCP port 4000. I was curious so I fed it with some zeroes from /dev/zero, and, it crashed like a charm. I'm suspecting buffer overflow which may allow an intruder to receive a shell on victim's machine. Looking at code advises that the port can be chosen from 4000-4100 range. I believe it needs to be checked and the port marked as FORBIDDEN meanwhile. Sorry if it's false alarm. --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message