From owner-freebsd-security Sun Oct 29 10: 0:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id 7294C37B479; Sun, 29 Oct 2000 10:00:38 -0800 (PST) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 13pwkz-0000Y2-00; Sun, 29 Oct 2000 20:00:33 +0200 Date: Sun, 29 Oct 2000 20:00:32 +0200 (IST) From: Roman Shterenzon To: Jeremy Norris Cc: ports@FreeBSD.ORG, security@freebsd.org Subject: Re: Remote buffer overflow in gnomeicu 0.93 In-Reply-To: <20001029072540.A89648@babylon.merseine.nu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 29 Oct 2000, Jeremy Norris wrote: > Gnomeicu doesn't run with any privelege however, unless one is foolish enough > to run it as root. At worse, a deviant person could crash it and gain access as > an unprivleged user. Is thate enough to make a port FORBIDDEN? It's a serious security breach, like giving someone to login as you without a password. That's exactly the same. Seems like a very serious problem to me. It's just a matter of time when the attacker will elevate her priveledges. > Jeremy > > On Sun, Oct 29, 2000 at 01:38:30AM +0200, Roman Shterenzon wrote: > > On Sat, 28 Oct 2000, Jeremy Norris wrote: > > > > > I would think this would be a problem with all icq clients, since icq opens up > > > a tcp port by default. Gnomeicu at least, however, lets you pick what port. > > > > > > Jeremy > > But, gnomeicu is the only one I've seen that crashes when sent too much > > data on that port. > > That's security breach. > > > > > On Sat, Oct 28, 2000 at 12:46:08AM +0200, Roman Shterenzon wrote: > > > > Hi, > > > > > > > > Yesterday, running sockstat I noticed that openicu listens on TCP port 4000. > > > > I was curious so I fed it with some zeroes from /dev/zero, and, it crashed > > > > like a charm. I'm suspecting buffer overflow which may allow an intruder > > > > to receive a shell on victim's machine. > > > > Looking at code advises that the port can be chosen from 4000-4100 range. > > > > I believe it needs to be checked and the port marked as FORBIDDEN meanwhile. > > > > Sorry if it's false alarm. > > > > > > > > --Roman Shterenzon, UNIX System Administrator and Consultant > > > > [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-ports" in the body of the message > > > > > > > --Roman Shterenzon, UNIX System Administrator and Consultant > > [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-ports" in the body of the message > --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message