From owner-freebsd-security@FreeBSD.ORG Tue Jan 31 16:33:29 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AC5691065670 for ; Tue, 31 Jan 2012 16:33:29 +0000 (UTC) (envelope-from oliver.pntr@gmail.com) Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by mx1.freebsd.org (Postfix) with ESMTP id 696528FC13 for ; Tue, 31 Jan 2012 16:33:29 +0000 (UTC) Received: by yenl12 with SMTP id l12so135335yen.13 for ; Tue, 31 Jan 2012 08:33:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=tq81HyOq04+ysDaBXHbpxYGOAnKo+Z05Eu6Qht8TjdA=; b=OiEgsAQX2m2uk/TeEOA9wO/m3GEX6w3Q4IGeT54Zb+NubMlbSREhuqdE75YoKNu4Fq sEteNo0oHHc6AyOXHMhpogIECgEi7CaqNWkCx7/WdYwy6b2PmPcZHnKR0jr8JfGiWIZ+ EjjCs3D2Y1bSNkg9zKZv9S7HA3gzlpxLdEmak= MIME-Version: 1.0 Received: by 10.236.148.143 with SMTP id v15mr34888981yhj.47.1328025802259; Tue, 31 Jan 2012 08:03:22 -0800 (PST) Received: by 10.236.22.138 with HTTP; Tue, 31 Jan 2012 08:03:22 -0800 (PST) In-Reply-To: References: <4F26A18A.3020402@phenoelit.de> Date: Tue, 31 Jan 2012 17:03:22 +0100 Message-ID: From: Oliver Pinter To: freebsd-security@freebsd.org Content-Type: multipart/mixed; boundary=20cf303a320b323bfc04b7d51abb Subject: Fwd: [Full-disclosure] Advisory: sudo 1.8 Format String Vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jan 2012 16:33:29 -0000 --20cf303a320b323bfc04b7d51abb Content-Type: text/plain; charset=ISO-8859-1 ---------- Forwarded message ---------- From: joernchen of Phenoelit Date: Mon, 30 Jan 2012 14:56:26 +0100 Subject: [Full-disclosure] Advisory: sudo 1.8 Format String Vulnerability To: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com Hi, FYI, see attached. cheers, joernchen -- joernchen ~ Phenoelit ~ C776 3F67 7B95 03BF 5344 http://www.phenoelit.de ~ A46A 7199 8B7B 756A F5AC --20cf303a320b323bfc04b7d51abb Content-Type: text/plain; charset=US-ASCII; name="advisory_sudo.txt" Content-Disposition: attachment; filename="advisory_sudo.txt" Content-Transfer-Encoding: base64 X-Attachment-Id: 68833241ebaac8e3_0.1 UGhlbm9lbGl0IEFkdmlzb3J5IDx3aXItaGFiZW4tYXVjaC1tYWwtd2FzLWdlZnVuZGVuICMwODE1 ICstLSsrPgoKWyBBdXRob3JzIF0KICAgICAgICBqb2VybmNoZW4gICAgICAgPGpvZXJuY2hlbiAo KSBwaGVub2VsaXQgZGU+CgogICAgICAgIFBoZW5vZWxpdCBHcm91cCAoaHR0cDovL3d3dy5waGVu b2VsaXQuZGUpCgpbIEFmZmVjdGVkIFByb2R1Y3RzIF0KICAgICAgICBzdWRvIDEuOC4wIC0gMS44 LjNwMSAoaHR0cDovL3N1ZG8ud3MpCgpbIFZlbmRvciBjb21tdW5pY2F0aW9uIF0KICAgICAgICAy MDEyLTAxLTI0IFNlbmQgdnVsbmVyYWJpbGl0eSBkZXRhaWxzIHRvIHN1ZG8gbWFpbnRhaW5lcgog ICAgICAgIDIwMTItMDEtMjQgTWFpbnRhaW5lciBpcyBlbWJhcnJhc2VkCiAgICAgICAgMjAxMi0w MS0yNyBBc2tpbmcgbWFpbnRhaW5lciBob3cgdGhlIGZpeGluZyBnb2VzCiAgICAgICAgMjAxMi0w MS0yNyBNYWludGFpbmVyIHJlc3BvbmRzIHdpdGggYSBwYXRjaCBhbmQgYSByZWxlYXNlIGRhdGUK ICAgICAgICAgICAgICAgICAgIG9mIDIwMTItMDEtMzAgZm9yIHRoZSBwYXRjaGVkIHN1ZG8gYW5k IGFkdmlzb3J5CiAgICAgICAgMjAxMi0wMS0zMCBSZWxlYXNlIG9mIHRoaXMgYWR2aXNvcnkKClsg RGVzY3JpcHRpb24gXQoKICAgICAgICBPYnNlcnZlIHNyYy9zdWRvLmM6Cgp2b2lkCnN1ZG9fZGVi dWcoaW50IGxldmVsLCBjb25zdCBjaGFyICpmbXQsIC4uLikKewogICAgdmFfbGlzdCBhcDsKICAg IGNoYXIgKmZtdDI7CgogICAgaWYgKGxldmVsID4gZGVidWdfbGV2ZWwpCiAgICAgICAgcmV0dXJu OwoKICAgIC8qIEJhY2tldCBmbXQgd2l0aCBwcm9ncmFtIG5hbWUgYW5kIGEgbmV3bGluZSB0byBt YWtlIGl0IGEgc2luZ2xlIAogICAgd3JpdGUgKi8KICAgIGVhc3ByaW50ZigmZm10MiwgIiVzOiAl c1xuIiwgZ2V0cHJvZ25hbWUoKSwgZm10KTsKICAgIHZhX3N0YXJ0KGFwLCBmbXQpOwogICAgdmZw cmludGYoc3RkZXJyLCBmbXQyLCBhcCk7CiAgICB2YV9lbmQoYXApOwogICAgZWZyZWUoZm10Mik7 Cn0KCiAgICAgICAgSGVyZSBnZXRwcm9nbmFtZSgpIGlzIGFyZ3ZbMF0gYW5kIGJ5IHRoaXMgdXNl ciBjb250cm9sbGVkLiBTbyAKICAgICAgICBhcmd2WzBdIGdvZXMgdG8gZm10MiB3aGljaCB0aGVu IGdldHMgdmZwcmludGYoKWVkIHRvIHN0ZGVyci4gVGhlCiAgICAgICAgcmVzdWx0IGlzIGEgRm9y bWF0IFN0cmluZyB2dWxuZXJhYmlsaXR5LiAgIAoKWyBFeGFtcGxlIF0KICAgICAgICAvdG1wICQg bG4gLXMgL3Vzci9iaW4vc3VkbyAlbgogICAgICAgIC90bXAgJCAuLyVuIC1EOQogICAgICAgICoq KiAlbiBpbiB3cml0YWJsZSBzZWdtZW50IGRldGVjdGVkICoqKgogICAgICAgIEFib3J0ZWQKICAg ICAgICAvdG1wICQKCiAgICAgICBBIG5vdGUgcmVnYXJkaW5nIGV4cGxvaXRhYmlsaXR5OiBUaGUg YWJvdmUgZXhhbXBsZSBzaG93cyB0aGUgcmVzdWx0CiAgICAgICBvZiBGT1JUSUZZX1NPVVJDRSB3 aGljaCBtYWtlcyBleHBsb3RpdGF0aW9uIHBhaW5mdWwgYnV0IG5vdCAKICAgICAgIGltcG9zc2li bGUgKHNlZSBbMF0pLiBXaXRob3V0IEZPUlRJRllfU09VUkNFIHRoZSBleHBsb2l0IGlzIHN0cmFp Z2h0CiAgICAgICBmb3J3YXJkOgogICAgICAgICAxLiBVc2UgZm9ybWF0c3RyaW5nIHRvIG92ZXJ3 cml0ZSB0aGUgc2V0dWlkKCkgY2FsbCB3aXRoIHNldGdpZCgpCiAgICAgICAgIDIuIFRyaWdnZXIg d2l0aCBmb3JtYXRzdHJpbmcgLUQ5IAogICAgICAgICAzLiBNYWtlIHVzZSBvZiBTVURPX0FTS1BB U1MgYW5kIGhhdmUgc2hlbGxjb2RlIGluIGFza3Bhc3Mgc2NyaXB0CiAgICAgICAgIDQuIEFzIGFz a3Bhc3Mgd2lsbCBiZSBjYWxsZWQgYWZ0ZXIgdGhlIGZvcm1hdHN0cmluZyBoYXMgCiAgICAgICAg ICAgIG92ZXJ3cml0dGVuIHNldHVpZCgpIHRoZSBhc2tlcGFzcyBzY3JpcHQgd2lsbCBydW4gd2l0 aCB1aWQgMAogICAgICAgICA1LiBFbmpveSB0aGUgcm9vdHNoZWxsCiAKWyBTb2x1dGlvbiBdCiAg ICAgICAgVXBkYXRlIHRvIHZlcnNpb24gMS44LjMucDIgCgpbIFJlZmVyZW5jZXMgXQogICAgICAg IFswXSBodHRwOi8vd3d3LnBocmFjay5vcmcvaXNzdWVzLmh0bWw/aXNzdWU9NjcmaWQ9OQoKWyBl bmQgb2YgZmlsZSBdCg== --20cf303a320b323bfc04b7d51abb-- From owner-freebsd-security@FreeBSD.ORG Tue Jan 31 16:56:18 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3735F106564A for ; Tue, 31 Jan 2012 16:56:18 +0000 (UTC) (envelope-from wxs@atarininja.org) Received: from syn.atarininja.org (syn.csh.rit.edu [129.21.49.45]) by mx1.freebsd.org (Postfix) with ESMTP id 0CD0D8FC0C for ; Tue, 31 Jan 2012 16:56:17 +0000 (UTC) Received: by syn.atarininja.org (Postfix, from userid 1001) id A9AF55C39; Tue, 31 Jan 2012 11:41:06 -0500 (EST) Date: Tue, 31 Jan 2012 11:41:06 -0500 From: Wesley Shields To: Oliver Pinter Message-ID: <20120131164106.GF14614@atarininja.org> References: <4F26A18A.3020402@phenoelit.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-security@freebsd.org Subject: Re: Fwd: [Full-disclosure] Advisory: sudo 1.8 Format String Vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jan 2012 16:56:18 -0000 On Tue, Jan 31, 2012 at 05:03:22PM +0100, Oliver Pinter wrote: > ---------- Forwarded message ---------- > From: joernchen of Phenoelit > Date: Mon, 30 Jan 2012 14:56:26 +0100 > Subject: [Full-disclosure] Advisory: sudo 1.8 Format String Vulnerability > To: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com > > Hi, > > FYI, see attached. I fixed and got a VuXML entry in for this yesterday. -- WXS