Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 9 Aug 2003 12:11:43 +1000
From:      "Chris Knight" <chris@e-easy.com.au>
To:        "'Greg 'groggy' Lehey'" <grog@FreeBSD.org>, "'Alexander Leidinger'" <Alexander@Leidinger.net>
Cc:        'Kris Kennaway' <kris@obsecurity.org>
Subject:   RE: Ports scheduled for removal on Nov 7
Message-ID:  <0e5301c35e1b$94d21630$020aa8c0@aims.private>
In-Reply-To: <20030809013542.GZ1741@wantadilla.lemis.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Howdy,

> -----Original Message-----
> From: Greg 'groggy' Lehey
> Sent: Saturday, 9 August 2003 11:36
> To: Alexander Leidinger
> Cc: freebsd-ports@FreeBSD.org; chris@aims.com.au; Kris Kennaway
> Subject: Re: Ports scheduled for removal on Nov 7
>
>
> On Friday,  8 August 2003 at 12:42:44 +0200, Alexander
> Leidinger wrote:
> > On Thu, 7 Aug 2003 21:53:34 -0700
> > Kris Kennaway <kris@obsecurity.org> wrote:
> >
> >> The following ports are scheduled for removal on November 7 if they
> >> are still broken at that time and no PRs have been submitted to fix
> >
> >> databases/firebird	firebird-1.0.2	chris@aims.com.au
> >> databases/firebird-devel	firebird-1.0.r2	chris@aims.com.au
> >
> > I've marked them FORBIDDEN because of an posting on bugtraq. I've
> > talked with the maintainer and he explained, that the developers
> > focus on the development of the next version and don't seem to be
> > interested in fixing this vulnerability.
>
> Are you sure that this vulnerability exists?  bugtraq seems to be
> rather indiscriminate in its claims ("found in this version, all these
> others must have it too").  I've seen at least one case where we were
> about to throw out something (ghostview, I think) because of a library
> vulnerability on a different platform.
>
The vulnerability does exist. No bounds checking is done on the
environment variable and it is placed into a fixed length (1024) array
using strcat. Proof of concept code has been released for FreeBSD 4.7.
I've spent a bit of time on the exploit code, and with some slight mods,
it will affect Firebird 1.0, 1.0.2 and 1.0.3 on FreeBSD 4.7 and
FreeBSD 4.8.
I've got a fix which stops the exploit code from working. I plan on
tidying it up and committing it soonish.

> Greg
> --
> See complete headers for address and phone numbers
>

Regards,
Chris Knight
Systems Administrator
E-Easy
Tel: +61 3 6334 6664  Fax: +61 3 6331 7032  Mob: +61 419 528 795
Web: http://www.e-easy.com.au

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0e5301c35e1b$94d21630$020aa8c0>