Date: Sat, 28 Oct 2000 02:03:59 +0200 From: Roman Shterenzon <roman@xpert.com> To: freebsd-security@freebsd.org Subject: [roman@xpert.com: Remote buffer overflow in gnomeicu 0.93] Message-ID: <20001028020359.A61199@alchemy.oven.org>
next in thread | raw e-mail | index | archive | help
----- Forwarded message from Roman Shterenzon <roman@xpert.com> ----- Date: Sat, 28 Oct 2000 00:46:08 +0200 From: Roman Shterenzon <roman@xpert.com> To: nectar@freebsd.org, ports@freebsd.org, jwise@pathwaynet.com Subject: Remote buffer overflow in gnomeicu 0.93 User-Agent: Mutt/1.2.5i Hi, Yesterday, running sockstat I noticed that openicu listens on TCP port 4000. I was curious so I fed it with some zeroes from /dev/zero, and, it crashed like a charm. I'm suspecting buffer overflow which may allow an intruder to receive a shell on victim's machine. Looking at code advises that the port can be chosen from 4000-4100 range. I believe it needs to be checked and the port marked as FORBIDDEN meanwhile. Sorry if it's false alarm. --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] ----- End forwarded message ----- --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001028020359.A61199>