From owner-freebsd-security Fri Sep 8 5:49:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.euroweb.hu (mail.euroweb.hu [193.226.220.4]) by hub.freebsd.org (Postfix) with ESMTP id 917B737B423; Fri, 8 Sep 2000 05:49:27 -0700 (PDT) Received: (from hu006co@localhost) by mail.euroweb.hu (8.8.5/8.8.5) id OAA05585; Fri, 8 Sep 2000 14:49:23 +0200 (MET DST) Received: (from zgabor@localhost) by CoDe.hu (8.9.3/8.8.8) id OAA00796; Fri, 8 Sep 2000 14:47:07 +0200 (CEST) (envelope-from zgabor) Date: Fri, 8 Sep 2000 14:47:07 +0200 From: Gabor Zahemszky To: freebsd-security@freebsd.org Cc: kris@freebsd.org Subject: Re: UNIX locale format string vulnerability (fwd) Message-ID: <20000908144707.F682@zg.CoDe.hu> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from kris@FreeBSD.ORG on Thu, Sep 07, 2000 at 02:53:51AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Sep 07, 2000 at 02:53:51AM -0700, Kris Kennaway wrote: > HOWEVER: no program shipped in the FreeBSD base system is believed to be > vulnerable to either of these problems. > > They both affect catopen(), and we don't use that function at all except > in tcsh, which is non-privileged. We don't even have any code which has Oops! On my 3.4R system, there is a little utility, named: ee (and ree), and it is using catopen(). I don't think it changed in 4.x, is it? ZGabor at CoDe dot HU -- #!/bin/ksh Z='21N16I25C25E30, 40M30E33E25T15U!' ;IFS=' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';set $Z ;for i { [[ $i = ? ]]&&print $i&&break;[[ $i = ??? ]]&&j=$i&&i=${i%?};typeset -i40 i=8#$i;print -n ${i#???};[[ "$j" = ??? ]]&&print -n "${j#??} "&&j=;typeset +i i;};IFS=' 0123456789 ';set $Z;X=;for i { [[ $i = , ]]&&i=2;[[ $i = ?? ]]||typeset -l i;X="$X $i";typeset +l i;};print "$X" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message