From owner-freebsd-ports  Fri May 26 10:50: 8 2000
Delivered-To: freebsd-ports@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id 9FE1A37C069
	for <freebsd-ports@FreeBSD.org>; Fri, 26 May 2000 10:50:01 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id KAA26494;
	Fri, 26 May 2000 10:50:01 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from cmdmicro.com (deepthought.cmdmicro.com [24.108.89.29])
	by hub.freebsd.org (Postfix) with SMTP id 97B1C37C006
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 26 May 2000 10:48:37 -0700 (PDT)
	(envelope-from root@cmdmicro.com)
Received: (qmail 99258 invoked by uid 0); 26 May 2000 17:48:51 -0000
Message-Id: <20000526174851.99257.qmail@cmdmicro.com>
Date: 26 May 2000 17:48:51 -0000
From: flatline@area51.v-wave.com
Reply-To: flatline@area51.v-wave.com
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: ports/18837: Exploit in Qpopper-2.53 from Ports Collection w/fix
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         18837
>Category:       ports
>Synopsis:       Vulnerability in Qpopper-2.53 from ports collection
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri May 26 10:50:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Chris Wasser
>Release:        FreeBSD 4.0-STABLE i386
>Organization:
N/A
>Environment:

FreeBSD 4.0-STABLE

>Description:

Vulnerability found in Qpopper-2.53 from the ports collection.
Source: Bugtraq
More Information: http://b0f.freebsd.lublib.pl/
Credit: Prizm (prizm@resentment.org)

Someone probably already beat me to the punch on this...

>How-To-Repeat:

Install /usr/ports/mail/popper

>Fix:

Fix as per bugtraq posting:

--- pop_uidl.c	Fri May 26 11:31:26 2000
+++ pop_uidl.c.new	Fri May 26 11:35:20 2000
@@ -59,7 +59,7 @@
 
 	sprintf(buffer, "%d %s", msg_id, mp->uidl_str);
         if (nl = index(buffer, NEWLINE)) *nl = 0;
-	return (pop_msg (p,POP_SUCCESS, buffer));
+	return (pop_msg (p, POP_SUCCESS, "%s", buffer));
       }
     } else {
 	/* yes, we can do this */
@@ -152,7 +152,7 @@
 	sprintf(buffer, "%d %s", msg_id, mp->uidl_str);
         if (nl = index(buffer, NEWLINE)) *nl = 0;
 	sprintf(buffer, "%s %d %.128s", buffer, mp->length, from_hdr(p, mp));
-	return (pop_msg (p,POP_SUCCESS, buffer));
+	return (pop_msg (p, POP_SUCCESS, "%s", buffer));
       }
     } else {
 	/* yes, we can do this */

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message