From owner-freebsd-ports  Sun Oct 29  5:25:14 2000
Delivered-To: freebsd-ports@freebsd.org
Received: from babylon.merseine.nu (c418236-a.clmba1.mo.home.com [24.12.203.134])
	by hub.freebsd.org (Postfix) with ESMTP id 72AE837B4C5
	for <ports@FreeBSD.ORG>; Sun, 29 Oct 2000 05:25:11 -0800 (PST)
Received: (from ishmael@localhost)
	by babylon.merseine.nu (8.11.1/8.11.1) id e9TDPe889684;
	Sun, 29 Oct 2000 07:25:40 -0600 (CST)
	(envelope-from ishmael)
Date: Sun, 29 Oct 2000 07:25:40 -0600
From: Jeremy Norris <ishmael27@home.com>
To: Roman Shterenzon <roman@xpert.com>
Cc: ports@FreeBSD.ORG
Subject: Re: Remote buffer overflow in gnomeicu 0.93
Message-ID: <20001029072540.A89648@babylon.merseine.nu>
References: <20001028161730.A86612@babylon.merseine.nu> <Pine.LNX.4.10.10010290137230.25903-100000@jamus.xpert.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.LNX.4.10.10010290137230.25903-100000@jamus.xpert.com>; from roman@xpert.com on Sun, Oct 29, 2000 at 01:38:30AM +0200
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Gnomeicu doesn't run with any privelege however, unless one is foolish enough
to run it as root. At worse, a deviant person could crash it and gain access as
an unprivleged user. Is thate enough to make a port FORBIDDEN?

Jeremy

On Sun, Oct 29, 2000 at 01:38:30AM +0200, Roman Shterenzon wrote:
> On Sat, 28 Oct 2000, Jeremy Norris wrote:
> 
> > I would think this would be a problem with all icq clients, since icq opens up
> > a tcp port by default. Gnomeicu at least, however, lets you pick what port.
> > 
> > Jeremy
> But, gnomeicu is the only one I've seen that crashes when sent too much
> data on that port.
> That's security breach.
> 
> > On Sat, Oct 28, 2000 at 12:46:08AM +0200, Roman Shterenzon wrote:
> > > Hi,
> > > 
> > > Yesterday, running sockstat I noticed that openicu listens on TCP port 4000.
> > > I was curious so I fed it with some zeroes from /dev/zero, and, it crashed
> > > like a charm. I'm suspecting buffer overflow which may allow an intruder
> > > to receive a shell on victim's machine.
> > > Looking at code advises that the port can be chosen from 4000-4100 range.
> > > I believe it needs to be checked and the port marked as FORBIDDEN meanwhile.
> > > Sorry if it's false alarm.
> > > 
> > > --Roman Shterenzon, UNIX System Administrator and Consultant
> > > [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ]
> > > 
> > > 
> > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > with "unsubscribe freebsd-ports" in the body of the message
> > 
> 
> --Roman Shterenzon, UNIX System Administrator and Consultant
> [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ]
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-ports" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message