Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 6 Dec 2001 17:28:34 +0200 (EET)
From:      Alexey Rodin <alx@cii.sumy.ua>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   ports/32555: Formatting string bug in cyrus sasl lib
Message-ID:  <200112061528.fB6FSXg33288@relay2.cii.sumy.ua>
next in thread | raw e-mail | index | archive | help 

>Number:         32555
>Category:       ports
>Synopsis:       Formatting string bug in cyrus sasl lib
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 06 07:10:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Alexey Rodin
>Release:        FreeBSD 4.4-STABLE i386
>Organization:
ISP CII
>Environment:
System: FreeBSD relay2.cii.sumy.ua 4.4-STABLE FreeBSD 4.4-STABLE #0: Mon Sep 24 11:23:46 EEST 2001 root@ns.infonet.com.ua:/usr/src/sys/compile/PROXY2 i386

>Description:

The Cyrus SASL library provides an authentication API for mail clients
    and servers.
    A format bug was found in one of the logging functions, that could be
    used by an attacker to gain access to a machine or to acquire higher
    privileges.

This issue may be already have been on list. I assume
that the moderator this case rejects this mail. 

On last non-beta version of cyrus-sasl library have 
formatting string bug on default logging callback.

Default cyrys sasl logging callback is

static int _sasl_syslog(void *context __attribute__((unused)),
                        int priority,
                        const char *message)

on end of that function there is is

    /* do the syslog call. do not need to call openlog */
    syslog(syslog_priority | LOG_AUTH, message);

    return SASL_OK;
}

syslog takes format string as argument.

That is cyrus-sasl-1.5.24. That is lastest non-beta version on
 ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/


I have told that this is fixed on beta version.
================================================
From: Lawrence Greenfield
Date: Sun, 30 Sep 2001 10:12:19 -0400

If you take a look at
ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/BETA/cyrus-sasl-1.5.27.tar.gz

you'll notice that it has bug #326 fixed.


>How-To-Repeat:

cd /usr/ports/security/cyrus-sasl && make

>Fix:

--- lib/common.c.orig	Maanantai Heina"kuu 17 20:21:02 2000
+++ lib/common.c	Tiistai Lokakuu  2 12:31:13 2001
@@ -596,7 +596,9 @@
     }
     
     /* do the syslog call. do not need to call openlog */
-    syslog(syslog_priority | LOG_AUTH, message);
+
+    /* Patched by Kari Hurtta -- 2001-10-02   */
+    syslog(syslog_priority | LOG_AUTH, "%s", message);
     
     return SASL_OK;
 }




>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200112061528.fB6FSXg33288>