From owner-freebsd-ports-bugs@FreeBSD.ORG  Thu Jan 26 11:50:11 2006
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
X-Original-To: freebsd-ports-bugs@hub.freebsd.org
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8415816A420
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Thu, 26 Jan 2006 11:50:11 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D977743D45
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Thu, 26 Jan 2006 11:50:10 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k0QBoAaM099591
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Thu, 26 Jan 2006 11:50:10 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k0QBoAud099590;
	Thu, 26 Jan 2006 11:50:10 GMT (envelope-from gnats)
Resent-Date: Thu, 26 Jan 2006 11:50:10 GMT
Resent-Message-Id: <200601261150.k0QBoAud099590@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	"Ion-Mihai "IOnut" Tetcu" <itetcu@people.tecnik93.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6E49E16A420
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 26 Jan 2006 11:46:59 +0000 (GMT)
	(envelope-from itetcu@people.tecnik93.com)
Received: from it.buh.tecnik93.com (it.buh.tecnik93.com [81.196.204.98])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B253643D58
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 26 Jan 2006 11:46:58 +0000 (GMT)
	(envelope-from itetcu@people.tecnik93.com)
Received: from it.buh.tecnik93.com (localhost [127.0.0.1])
	by it.buh.tecnik93.com (Postfix) with ESMTP id C7C16BAF1
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 26 Jan 2006 13:46:56 +0200 (EET)
Message-Id: <1138276016.43542@it.buh.tecnik93.com>
Date: Thu, 26 Jan 2006 13:46:56 +0200
From: "Ion-Mihai "IOnut" Tetcu" <itetcu@people.tecnik93.com>
To: "FreeBSD gnats submit" <FreeBSD-gnats-submit@FreeBSD.org>
X-Send-Pr-Version: gtk-send-pr 0.4.7 
Cc: 
Subject: ports/92359: [MAINTAINER] net-im/kpopup: FORBIDDEN (local root
	exploit); contains the VuXML entry
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jan 2006 11:50:11 -0000


>Number:         92359
>Category:       ports
>Synopsis:       [MAINTAINER] net-im/kpopup: FORBIDDEN (local root exploit); contains the VuXML entry
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 26 11:50:09 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Ion-Mihai "IOnut" Tetcu
>Release:        FreeBSD 6.0-STABLE i386
>Organization:
Tecnik'93 
>Environment:


System: FreeBSD 6.0-STABLE #1: Mon Jan 23 00:45:10 EET 2006



>Description:


Mark FORBIDDEN due to local root exploit and local denial of service until I
have time to upgrade it.
The VuXML diff is attached.

Drop USE_REINPLACE while I'm here.


>How-To-Repeat:





>Fix:


--- kpopup.diff begins here ---
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/net-im/kpopup/Makefile,v
retrieving revision 1.1.1.2
retrieving revision 1.6
diff -u -r1.1.1.2 -r1.6
--- Makefile	26 Jan 2006 11:32:02 -0000	1.1.1.2
+++ Makefile	26 Jan 2006 11:36:07 -0000	1.6
@@ -4,7 +4,7 @@
 #
 # $FreeBSD: ports/net-im/kpopup/Makefile,v 1.10 2006/01/26 10:34:27 garga Exp $
 #
-# $Tecnik: ports/net-im/kpopup/Makefile,v 1.2 2006/01/25 23:29:03 itetcu Exp $
+# $Tecnik: ports/net-im/kpopup/Makefile,v 1.6 2006/01/26 11:36:07 itetcu Exp $
 #
 
 PORTNAME=	kpopup
@@ -18,11 +18,12 @@
 
 RUN_DEPENDS=	smbclient:${PORTSDIR}/net/samba
 
+FORBIDDEN=	http://vuxml.freebsd.org/1613db79-8e52-11da-8426-000fea0a9611.html
+
 USE_KDELIBS_VER=3
 USE_GMAKE=	yes
 GNU_CONFIGURE=	yes
 CONFIGURE_TARGET=
-USE_REINPLACE=	yes
 
 post-patch:
 	@${REINPLACE_CMD} -e 's,malloc.h,stdlib.h,' ${WRKSRC}/kpopup/misc.cpp \
--- kpopup.diff ends here ---
--- vuln.xml.diff begins here ---
--- vuln.xml.cvs	Thu Jan 26 11:40:13 2006
+++ vuln.xml	Thu Jan 26 12:44:27 2006
@@ -34,6 +34,43 @@
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="1613db79-8e52-11da-8426-000fea0a9611">
+    <topic> kpopup -- local root exploit and local denial of service</topic>
+    <affects>
+      <package>
+	<name>kpopup</name>
+	<range><ge>0.9.1</ge><le>0.9.5</le></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Mitre CVE reports:</p>
+	<blockquote cite="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1170">
+	  <p>Format string vulnerability in main.cpp in kpopup 0.9.1-0.9.5pre2
+          allows local users to cause a denial of service (segmentation fault)
+          and possibly execute arbitrary code via format string specifiers in
+          command line arguments.
+          misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall,
+          which allows local users to elevate their privileges by modifying the
+          PATH variable to reference a malicious killall program.
+          SecurityFocus credits "b0f" b0fnet@yahoo.com</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+     <cvename>CVE-2003-1170</cvename>
+     <bid>8918</bid>
+     <cvename>CVE-2003-1167</cvename>
+     <bid>8915</bid>
+     <url>http://www.securityfocus.com/archive/1/342736</url>
+     <url>http://www.henschelsoft.de/kpopup_en.html</url>
+    </references>
+    <dates>
+      <discovery>2003-10-28</discovery>
+      <entry>2006-01-26</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="57a0242d-8c4e-11da-8ddf-000ae42e9b93">
     <topic>sge -- local root exploit in bundled rsh executable</topic>
     <affects>
--- vuln.xml.diff ends here ---



>Release-Note:
>Audit-Trail:
>Unformatted: