From owner-freebsd-security Thu Mar 6 8:34:51 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0B1D737B401 for ; Thu, 6 Mar 2003 08:34:48 -0800 (PST) Received: from pol.dyndns.org (pol.net1.nerim.net [80.65.225.93]) by mx1.FreeBSD.org (Postfix) with ESMTP id AA06043F75 for ; Thu, 6 Mar 2003 08:34:46 -0800 (PST) (envelope-from guy@device.dyndns.org) Received: from oemcomputer.device.dyndns.org (partserver.pol.local [172.16.10.10]) by pol.dyndns.org (8.12.6/8.12.6) with ESMTP id h26GYgfq024491 for ; Thu, 6 Mar 2003 17:34:45 +0100 (CET) Message-Id: <5.1.1.6.0.20030306172440.00a6e100@device.dyndns.org> X-Sender: guy@device.dyndns.org X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Date: Thu, 06 Mar 2003 17:34:36 +0100 To: freebsd-security@FreeBSD.ORG From: "Guy P." Subject: Re: Prov. patch for the file hole ISS disclosed In-Reply-To: <20030306154138.GA33430@madman.celabo.org> References: <200303061415.h26EFlhD004317@device.dyndns.org> <200303061415.h26EFlhD004317@device.dyndns.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 16:41 06/03/2003, Jacques A. Vidrine wrote: >[I guess you mean iDEFENSE. Comparing the sendmail issue and > this file issue gives you a pretty good idea of the difference > between ISS and iDEFENSE :-) ] > >On Thu, Mar 06, 2003 at 03:15:47PM +0100, Guy Poizat wrote: > > Here is my suggestion. Feel free to comment/correct me, > > as this is my first ever C line out of a windows system :] > > I tested it against RELENG_4. > >Thanks! However, this has already been fixed in -CURRENT (by import >of FILE 3.41). I do not know whether or not David plans to MFC in >time for 4.8-RELEASE. This, IMO, would be a good idea, as probably many third party utilities are using the file command. For instance, i decided to fix that quick because i use amavis for wiping viruses out of emails attachements, which seems to be using file during its scanning process. As the exploit looks like fairly easy to build, i can nearly imagine a new worm taking advantage of it... My idea is not to stress you, just wanted to be sure everybody understand it could be a remote compromise of some sort too :] -- Guy P. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message