Date: 26 May 2000 17:48:51 -0000 From: flatline@area51.v-wave.com To: FreeBSD-gnats-submit@freebsd.org Subject: ports/18837: Exploit in Qpopper-2.53 from Ports Collection w/fix Message-ID: <20000526174851.99257.qmail@cmdmicro.com>
next in thread | raw e-mail | index | archive | help
>Number: 18837 >Category: ports >Synopsis: Vulnerability in Qpopper-2.53 from ports collection >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri May 26 10:50:00 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Chris Wasser >Release: FreeBSD 4.0-STABLE i386 >Organization: N/A >Environment: FreeBSD 4.0-STABLE >Description: Vulnerability found in Qpopper-2.53 from the ports collection. Source: Bugtraq More Information: http://b0f.freebsd.lublib.pl/ Credit: Prizm (prizm@resentment.org) Someone probably already beat me to the punch on this... >How-To-Repeat: Install /usr/ports/mail/popper >Fix: Fix as per bugtraq posting: --- pop_uidl.c Fri May 26 11:31:26 2000 +++ pop_uidl.c.new Fri May 26 11:35:20 2000 @@ -59,7 +59,7 @@ sprintf(buffer, "%d %s", msg_id, mp->uidl_str); if (nl = index(buffer, NEWLINE)) *nl = 0; - return (pop_msg (p,POP_SUCCESS, buffer)); + return (pop_msg (p, POP_SUCCESS, "%s", buffer)); } } else { /* yes, we can do this */ @@ -152,7 +152,7 @@ sprintf(buffer, "%d %s", msg_id, mp->uidl_str); if (nl = index(buffer, NEWLINE)) *nl = 0; sprintf(buffer, "%s %d %.128s", buffer, mp->length, from_hdr(p, mp)); - return (pop_msg (p,POP_SUCCESS, buffer)); + return (pop_msg (p, POP_SUCCESS, "%s", buffer)); } } else { /* yes, we can do this */ >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000526174851.99257.qmail>