From owner-freebsd-ports Sun Oct 29 13:47:59 2000 Delivered-To: freebsd-ports@freebsd.org Received: from pimout3-int.prodigy.net (pimout3-ext.prodigy.net [207.115.63.102]) by hub.freebsd.org (Postfix) with ESMTP id 7F40137B4CF for ; Sun, 29 Oct 2000 13:47:55 -0800 (PST) Received: from ppp-207-193-0-236.kscymo.swbell.net (ppp-207-193-0-236.kscymo.swbell.net [207.193.0.236]) by pimout3-int.prodigy.net (8.10.1/8.10.1) with ESMTP id e9TLlpj93058; Sun, 29 Oct 2000 16:47:51 -0500 Received: (from jbryant@localhost) by ppp-207-193-0-236.kscymo.swbell.net (8.9.3/8.9.3) id PAA01771; Sun, 29 Oct 2000 15:47:48 -0600 (CST) (envelope-from jbryant) From: Jim Bryant Message-Id: <200010292147.PAA01771@ppp-207-193-0-236.kscymo.swbell.net> Subject: Re: Remote buffer overflow in gnomeicu 0.93 In-Reply-To: <20001029072540.A89648@babylon.merseine.nu> from Jeremy Norris at "Oct 29, 0 07:25:40 am" To: ishmael27@home.com (Jeremy Norris) Date: Sun, 29 Oct 100 15:47:47 -0600 (CST) Cc: roman@xpert.com, ports@FreeBSD.ORG Reply-To: kc5vdj@prodigy.net X-Windows: R00LZ!@# MS-Winbl0wz DR00LZ!@# X-files: The truth is that the X-Files is fiction X-Republican: The best kind!!! X-Operating-System: FreeBSD 4.0-RELEASE X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org IMHO, yes. I have a hard enough time trying to convince people at my workplace that this is the way to go for the future. When they see crap like this, they laugh in my face. I am a contractor working on various projects, some involving government. If holes aren't fixed as soon as they are known, it makes my job harder convincing some people that BSD/Linux systems are safe. Releasing optional packages/ports with holes that can allow such exploits only serves to keep Gates in biz at such sites, recent news about the holes being exposed in NT won't change anything because a lot of those shops are NT-based already, in other words, Gates doesn't have to get his foot in the door, we do. In reply: > Gnomeicu doesn't run with any privelege however, unless one is foolish enough > to run it as root. At worse, a deviant person could crash it and gain access as > an unprivleged user. Is thate enough to make a port FORBIDDEN? > > Jeremy > > On Sun, Oct 29, 2000 at 01:38:30AM +0200, Roman Shterenzon wrote: > > On Sat, 28 Oct 2000, Jeremy Norris wrote: > > > > > I would think this would be a problem with all icq clients, since icq opens up > > > a tcp port by default. Gnomeicu at least, however, lets you pick what port. > > > > > > Jeremy > > But, gnomeicu is the only one I've seen that crashes when sent too much > > data on that port. > > That's security breach. > > > > > On Sat, Oct 28, 2000 at 12:46:08AM +0200, Roman Shterenzon wrote: > > > > Hi, > > > > > > > > Yesterday, running sockstat I noticed that openicu listens on TCP port 4000. > > > > I was curious so I fed it with some zeroes from /dev/zero, and, it crashed > > > > like a charm. I'm suspecting buffer overflow which may allow an intruder > > > > to receive a shell on victim's machine. > > > > Looking at code advises that the port can be chosen from 4000-4100 range. > > > > I believe it needs to be checked and the port marked as FORBIDDEN meanwhile. > > > > Sorry if it's false alarm. jim -- All opinions expressed are mine, if you | "I will not be pushed, stamped, think otherwise, then go jump into turbid | briefed, debriefed, indexed, or radioactive waters and yell WAHOO !!! | numbered!" - #1, "The Prisoner" ------------------------------------------------------------------------------ kc5vdj@prodigy.net KC5VDJ - HF to 23cm KC5VDJ@NW0I.#NEKS.KS.USA.NOAM HF/VHF: IC-706MkII VHF/UHF/SHF: IC-T81A KPC3+ & PK-232MBX Grid: EM28px ------------------------------------------------------------------------------ ET has one helluva sense of humor, always anal-probing right-wing schizos! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message