Date: Thu, 26 Jan 2006 12:50:10 GMT From: Ion-Mihai Tetcu <itetcu@people.tecnik93.com> To: freebsd-ports-bugs@FreeBSD.org Subject: Re: ports/92359: [MAINTAINER] net-im/kpopup: FORBIDDEN (local root exploit); contains the VuXML entry Message-ID: <200601261250.k0QCoA7G004269@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/92359; it has been noted by GNATS. From: Ion-Mihai Tetcu <itetcu@people.tecnik93.com> To: "Simon L. Nielsen" <simon@FreeBSD.org> Cc: FreeBSD gnats submit <FreeBSD-gnats-submit@FreeBSD.org> Subject: Re: ports/92359: [MAINTAINER] net-im/kpopup: FORBIDDEN (local root exploit); contains the VuXML entry Date: Thu, 26 Jan 2006 14:48:04 +0200 --MP_6dyp7e.H=Bxbhl9UQCt/stc Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline On Thu, 26 Jan 2006 13:22:42 +0100 "Simon L. Nielsen" <simon@FreeBSD.org> wrote: > On 2006.01.26 13:46:56 +0200, Ion-Mihai IOnut Tetcu wrote: > > Thanks, a few comments for the VuXML part (I can't commit it untill > tonight) It's 3 years old, I doubt a few hours will make much difference :) > > --- vuln.xml.cvs Thu Jan 26 11:40:13 2006 > > +++ vuln.xml Thu Jan 26 12:44:27 2006 > > @@ -34,6 +34,43 @@ > > > > --> > > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; > > + <vuln vid="1613db79-8e52-11da-8426-000fea0a9611"> > > + <topic> kpopup -- local root exploit and local denial of > > service</topic> > ^ shouldn't be space here. > > + <affects> > > + <package> > > + <name>kpopup</name> > > + <range><ge>0.9.1</ge><le>0.9.5</le></range> > > + </package> > > + </affects> > > + <description> > > + <body xmlns="http://www.w3.org/1999/xhtml">; > > + <p>Mitre CVE reports:</p> > > + <blockquote > > cite="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1170">; > > When using a blockquote the content must be exactly the text from the > source, CVE in this case. Minor typo or spelling fixes are OK, but > only minor things. It's fine to use multiple blockquotes in the same > VuXML entry, the leading text for each blockquote should just make it > clear where the quote is from. > > For text you have written (e.g. the last credit line) simply put it at > the "outer layer", I.E. not in a block quote. The reason that I > generally prefer block quotes for the main description is simple that > it's faster to "steal" somebody elses description (with credit of > cause), than phrasing the issue myself. That said I sometimes end up > writing it myself if I feel the other source texts I can find aren't > very good. OK, so I broke the above in 2 blockqoutes and move credits outside, after them. I also corrected in the first "and" --> "-", since all versions between are affected. > Since I'm blabbering on anyway, I might as well point you at my page > with VuXML notes http://simon.nitro.dk/vuxml.html . Some day that > will be added to the Porters Handbook.. some day :-). Thanks. > > + <p>Format string vulnerability in main.cpp in kpopup > > 0.9.1-0.9.5pre2 > > + allows local users to cause a denial of service > > (segmentation fault) > > + and possibly execute arbitrary code via format string > > specifiers in > > + command line arguments. > > + misc.cpp in KPopup 0.9.1 trusts the PATH variable when > > executing killall, > > + which allows local users to elevate their privileges by > > modifying the > > + PATH variable to reference a malicious killall program. > > + SecurityFocus credits "b0f" b0fnet@yahoo.com</p> > > + </blockquote> > > + </body> > > + </description> > > + <references> > > + <cvename>CVE-2003-1170</cvename> > > + <bid>8918</bid> > > + <cvename>CVE-2003-1167</cvename> > > + <bid>8915</bid> > > + <url>http://www.securityfocus.com/archive/1/342736</url>; > > + <url>http://www.henschelsoft.de/kpopup_en.html</url>; > > I generally sort plain alphabetically, but that's not very important. CVE and bid are sorted in the order of blockquote content. The next link points to the disclosure and exploit examples. The link to the author page is less informative hence is the latest. The reader won't probably go to all the links, so the most informative are first; but feel free to reorder them if you like. -- IOnut - Unregistered ;) FreeBSD "user" "Intellectual Property" is nowhere near as valuable as "Intellect" BOFH excuse #208: Your mail is being routed through Germany... and they're censoring us --MP_6dyp7e.H=Bxbhl9UQCt/stc Content-Type: text/x-patch; name=vuln.xml.diff Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=vuln.xml.diff --- vuln.xml.cvs Thu Jan 26 11:40:13 2006 +++ vuln.xml Thu Jan 26 14:36:06 2006 @@ -34,6 +34,45 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="1613db79-8e52-11da-8426-000fea0a9611"> + <topic>kpopup -- local root exploit and local denial of service</topic> + <affects> + <package> + <name>kpopup</name> + <range><ge>0.9.1</ge><le>0.9.5</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Mitre CVE reports:</p> + <blockquote cite="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1170">; + <p>Format string vulnerability in main.cpp in kpopup 0.9.1-0.9.5pre2 + allows local users to cause a denial of service (segmentation fault) + and possibly execute arbitrary code via format string specifiers in + command line arguments.</p> + </blockquote> + <blockquote cite="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1167">; + <p>misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, + which allows local users to elevate their privileges by modifying the + PATH variable to reference a malicious killall program.</p> + </blockquote> + <p>SecurityFocus credits "b0f" b0fnet@yahoo.com</p> + </body> + </description> + <references> + <cvename>CVE-2003-1170</cvename> + <bid>8918</bid> + <cvename>CVE-2003-1167</cvename> + <bid>8915</bid> + <url>http://www.securityfocus.com/archive/1/342736</url>; + <url>http://www.henschelsoft.de/kpopup_en.html</url>; + </references> + <dates> + <discovery>2003-10-28</discovery> + <entry>2006-01-26</entry> + </dates> + </vuln> + <vuln vid="57a0242d-8c4e-11da-8ddf-000ae42e9b93"> <topic>sge -- local root exploit in bundled rsh executable</topic> <affects> --MP_6dyp7e.H=Bxbhl9UQCt/stc--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601261250.k0QCoA7G004269>