From owner-freebsd-ports Mon Mar 30 16:50:14 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA12828 for freebsd-ports-outgoing; Mon, 30 Mar 1998 16:50:14 -0800 (PST) (envelope-from owner-freebsd-ports@FreeBSD.ORG) Received: (from gnats@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA12804; Mon, 30 Mar 1998 16:50:05 -0800 (PST) (envelope-from gnats) Received: from gras-varg.worldgate.com (marcs@gras-varg.worldgate.com [198.161.84.12]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA12447 for ; Mon, 30 Mar 1998 16:48:16 -0800 (PST) (envelope-from marcs@worldgate.com) Received: (from marcs@localhost) by gras-varg.worldgate.com (8.8.8/8.6.12) id RAA08244; Mon, 30 Mar 1998 17:48:14 -0700 (MST) Message-Id: <199803310048.RAA08244@gras-varg.worldgate.com> Date: Mon, 30 Mar 1998 17:48:14 -0700 (MST) From: marcs@znep.com Reply-To: marcs@znep.com To: FreeBSD-gnats-submit@FreeBSD.ORG X-Send-Pr-Version: 3.2 Subject: ports/6180: youbin port has root-exploitable security hole Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 6180 >Category: ports >Synopsis: youbin port has root-exploitable security hole >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Mar 30 16:50:01 PST 1998 >Last-Modified: >Originator: Marc Slemko >Organization: >Release: FreeBSD 2.2.6-STABLE i386 >Environment: youbin-2.13 port as of today. >Description: The "youbin" program is installed setuid root but it has a hole that is almost certainly exploitable. "youbin -s xxxxx" will normally cause a segmentation fault due to no bounds checking. The code does: [...] char server_name[MAXHOSTNAMELEN + 1]; /* Server name. */ [...] strcpy(server_name, optarg); without any checking. There are almost certainly more holes, I stopped looking after the first. >How-To-Repeat: >Fix: The port should be marked as broken or someone needs to go through it and fix all the holes. Just fixing this one is not enough. I have sent the authors a note about this. >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message