From owner-freebsd-ports@FreeBSD.ORG Fri Aug 8 19:42:56 2003 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AFB6637B401; Fri, 8 Aug 2003 19:42:56 -0700 (PDT) Received: from postoffice.e-easy.com.au (eth0.lnk.e-easy.com.au [203.31.73.253]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5F4C943F3F; Fri, 8 Aug 2003 19:42:54 -0700 (PDT) (envelope-from chris@e-easy.com.au) Received: from postoffice.aims.com.au (nts-ts1.aims.private [192.168.10.2]) by postoffice.e-easy.com.au with ESMTP id h792gfaF059225; Sat, 9 Aug 2003 12:42:41 +1000 (EST) (envelope-from chris@e-easy.com.au) Received: from ntsts1 by aims.com.au (MDaemon.PRO.v6.8.4.R) with ESMTP id 20-md50000000129.tmp; Sat, 09 Aug 2003 12:11:45 +1000 From: "Chris Knight" To: "'Greg 'groggy' Lehey'" , "'Alexander Leidinger'" Date: Sat, 9 Aug 2003 12:11:43 +1000 Message-ID: <0e5301c35e1b$94d21630$020aa8c0@aims.private> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) Importance: Normal In-Reply-To: <20030809013542.GZ1741@wantadilla.lemis.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4925.2800 X-Spam-Processed: aims.com.au, Sat, 09 Aug 2003 12:11:45 +1000 (not processed: spam filter disabled) X-Return-Path: chris@e-easy.com.au X-Virus-Scanned: by amavisd-milter (http://amavis.org/) X-Spam-Status: No, hits=-4.3 required=4.5 tests=AWL,BAYES_10,IN_REP_TO,QUOTED_EMAIL_TEXT version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: freebsd-ports@FreeBSD.org cc: 'Kris Kennaway' Subject: RE: Ports scheduled for removal on Nov 7 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Aug 2003 02:42:57 -0000 Howdy, > -----Original Message----- > From: Greg 'groggy' Lehey > Sent: Saturday, 9 August 2003 11:36 > To: Alexander Leidinger > Cc: freebsd-ports@FreeBSD.org; chris@aims.com.au; Kris Kennaway > Subject: Re: Ports scheduled for removal on Nov 7 > > > On Friday, 8 August 2003 at 12:42:44 +0200, Alexander > Leidinger wrote: > > On Thu, 7 Aug 2003 21:53:34 -0700 > > Kris Kennaway wrote: > > > >> The following ports are scheduled for removal on November 7 if they > >> are still broken at that time and no PRs have been submitted to fix > > > >> databases/firebird firebird-1.0.2 chris@aims.com.au > >> databases/firebird-devel firebird-1.0.r2 chris@aims.com.au > > > > I've marked them FORBIDDEN because of an posting on bugtraq. I've > > talked with the maintainer and he explained, that the developers > > focus on the development of the next version and don't seem to be > > interested in fixing this vulnerability. > > Are you sure that this vulnerability exists? bugtraq seems to be > rather indiscriminate in its claims ("found in this version, all these > others must have it too"). I've seen at least one case where we were > about to throw out something (ghostview, I think) because of a library > vulnerability on a different platform. > The vulnerability does exist. No bounds checking is done on the environment variable and it is placed into a fixed length (1024) array using strcat. Proof of concept code has been released for FreeBSD 4.7. I've spent a bit of time on the exploit code, and with some slight mods, it will affect Firebird 1.0, 1.0.2 and 1.0.3 on FreeBSD 4.7 and FreeBSD 4.8. I've got a fix which stops the exploit code from working. I plan on tidying it up and committing it soonish. > Greg > -- > See complete headers for address and phone numbers > Regards, Chris Knight Systems Administrator E-Easy Tel: +61 3 6334 6664 Fax: +61 3 6331 7032 Mob: +61 419 528 795 Web: http://www.e-easy.com.au