From owner-freebsd-security Fri Oct 27 17: 3:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from mailgw3.netvision.net.il (mailgw3.netvision.net.il [194.90.1.11]) by hub.freebsd.org (Postfix) with ESMTP id 873DF37B479 for ; Fri, 27 Oct 2000 17:03:16 -0700 (PDT) Received: from alchemy.oven.org (ras1-p101.hfa.netvision.net.il [62.0.145.101]) by mailgw3.netvision.net.il (8.9.3/8.9.3) with ESMTP id CAA29205 for ; Sat, 28 Oct 2000 02:02:20 +0200 (IST) Received: (from mapc@localhost) by alchemy.oven.org (8.11.0/8.11.0) id e9S03xF61660 for freebsd-security@freebsd.org; Sat, 28 Oct 2000 02:03:59 +0200 (IST) (envelope-from mapc) Date: Sat, 28 Oct 2000 02:03:59 +0200 From: Roman Shterenzon To: freebsd-security@freebsd.org Subject: [roman@xpert.com: Remote buffer overflow in gnomeicu 0.93] Message-ID: <20001028020359.A61199@alchemy.oven.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ----- Forwarded message from Roman Shterenzon ----- Date: Sat, 28 Oct 2000 00:46:08 +0200 From: Roman Shterenzon To: nectar@freebsd.org, ports@freebsd.org, jwise@pathwaynet.com Subject: Remote buffer overflow in gnomeicu 0.93 User-Agent: Mutt/1.2.5i Hi, Yesterday, running sockstat I noticed that openicu listens on TCP port 4000. I was curious so I fed it with some zeroes from /dev/zero, and, it crashed like a charm. I'm suspecting buffer overflow which may allow an intruder to receive a shell on victim's machine. Looking at code advises that the port can be chosen from 4000-4100 range. I believe it needs to be checked and the port marked as FORBIDDEN meanwhile. Sorry if it's false alarm. --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] ----- End forwarded message ----- --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message