Date: Fri, 28 Mar 2003 04:23:38 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Greg 'groggy' Lehey <grog@FreeBSD.org> Cc: sobomax@FreeBSD.org Subject: Re: FORBIDDEN ports scheduled for removal Message-ID: <20030328122338.GA20529@rot13.obsecurity.org> In-Reply-To: <20030328020025.GN72254@wantadilla.lemis.com> References: <20030328013119.GA17944@rot13.obsecurity.org> <20030328014146.GK72254@wantadilla.lemis.com> <20030328020025.GN72254@wantadilla.lemis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--5vNYLRcllDrimb99 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 28, 2003 at 12:30:25PM +1030, Greg 'groggy' Lehey wrote: > OK, found it at http://www.securityfocus.com/bid/5808. Discussion > says: >=20 > gv is a freely available, open source Portable Document Format (PDF) > and PostScript (PS) viewing utility. It is available for Unix and > Linux operating systems. >=20 > It has been reported that an insecure sscanf() function exists in > gv. Due to this function, an attacker may be able to put malicious > code in the %%PageOrder: portion of a file. When this malicious file > is opened with gv, the code would be executed in the security > context of the local user. >=20 > Note that this refers to gv, not ghostview. It's also incorrect with > ghostview 1.5. The binary doesn't contain a sscanf() function. I've > tried the exploit, and it didn't work. I'll check further, but I > think this one can be allowed again. Seems reasonable. It looks like sobomax marked this port FORBIDDEN by mistake. Kris --5vNYLRcllDrimb99 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+hD7KWry0BWjoQKURAlCKAJ4z2bnx1QIrrdZhxrbzOjGhvuW9pACfXF7+ DZz7ySczIx42Z7fpWKE0yPQ= =IDJW -----END PGP SIGNATURE----- --5vNYLRcllDrimb99--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030328122338.GA20529>