Date: Fri, 27 Sep 2002 22:55:11 +0200 (CEST) From: Tilman Linneweh <tilman@arved.de> To: FreeBSD-gnats-submit@FreeBSD.org Cc: tilman@arved.de Subject: ports/43437: Update port irc/ezbounce Security Fix Message-ID: <200209272055.g8RKtBhx002499@sauna.arved.de>
next in thread | raw e-mail | index | archive | help
>Number: 43437 >Category: ports >Synopsis: Update port irc/ezbounce Security Fix >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Fri Sep 27 14:00:13 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Tilman Linneweh >Release: FreeBSD 4.6-STABLE i386 >Organization: BSD Usergroup Austria >Environment: System: FreeBSD sauna.arved.de 4.6-STABLE FreeBSD 4.6-STABLE #0: Sun Jul 7 20:02:41 CEST 2002 tilman@sauna.arved.de:/usr/obj/usr/src/sys/SAUNA i386 >Description: From ezbounce's Homepage: July 21, 2002 Security update: patch against 1.02 A small problem exists in 1.02 that can be exploited remotely. It is an "off-by-two" error that can be exploited ONLY by users with admin privileges. Specifically, it is caused by an incorrect usage of strncat() in the "DIE" command handler. Therefore, it is not a serious security hole, but the patch is available for those uber-serious about their system safety. >How-To-Repeat: >Fix: --- ezbounce.diff begins here --- Index: Makefile =================================================================== RCS file: /home/ncvs/ports/irc/ezbounce/Makefile,v retrieving revision 1.21 diff -u -r1.21 Makefile --- Makefile 5 Jul 2002 03:07:59 -0000 1.21 +++ Makefile 27 Sep 2002 20:51:20 -0000 @@ -7,6 +7,7 @@ PORTNAME= ezbounce PORTVERSION= 1.02 +PORTREVISION= 1 CATEGORIES= irc MASTER_SITES= http://druglord.freelsd.org/ezbounce/ Index: files/patch-src-server.cpp =================================================================== RCS file: files/patch-src-server.cpp diff -N files/patch-src-server.cpp --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/patch-src-server.cpp 27 Sep 2002 20:50:30 -0000 @@ -0,0 +1,20 @@ +--- src/server.cpp Sun May 5 17:53:00 2002 ++++ src/server.cpp Mon Jul 22 04:27:26 2002 +@@ -204,7 +204,7 @@ + if (now) + { + strcpy(buff, "Server terminating: "); +- strncat(buff, reason, (sizeof buff) - strlen(buff) + 1); ++ strncat(buff, reason, (sizeof buff) - (strlen(buff) + 1)); + conn::broadcast(&conns,buff); + ircproxy_save_prefs(users, pcfg.userfile); + kill_conns(); +@@ -213,7 +213,7 @@ + } + terminate_request = 1; + strcpy(buff, "Terminate request: "); +- strncat(buff, reason, (sizeof buff) - strlen(buff) + 1); ++ strncat(buff, reason, (sizeof buff) - (strlen(buff) + 1)); + conn::broadcast(&conns,buff); + ircproxy_save_prefs(users, pcfg.userfile); + return 1; --- ezbounce.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209272055.g8RKtBhx002499>