Date: Thu, 21 Dec 2000 11:15:24 +0900 (KST) From: hollywar@holywar.net To: FreeBSD-gnats-submit@freebsd.org Subject: ports/23703: Update korean/bitchx for security reason Message-ID: <200012210215.eBL2FO810120@alamis.holywar.net> Resent-Message-ID: <200012210220.eBL2K2O36759@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 23703
>Category: ports
>Synopsis: Update korean/bitchx for security reason
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Dec 20 18:20:01 PST 2000
>Closed-Date:
>Last-Modified:
>Originator: JunSeon Oh
>Release: FreeBSD 4.2-STABLE i386
>Organization:
holynet
>Environment:
bitchx allows remote code execution
>Description:
The bitchx port, versions prior to 1.0c17_1, contains a remote
vulnerability. Through a stack overflow in the DNS parsing code, a
malicious remote user in control of their reverse DNS records may
crash a bitchx session, or cause arbitrary code to be executed by the
user running bitchx.
>How-To-Repeat:
Please add this patch to korean/bitchx/files/patch-al
>Fix:
--- source/misc.c.orig Tue Jul 4 18:01:52 2000
+++ source/misc.c Thu Dec 21 11:03:09 2000
@@ -2427,6 +2427,8 @@
switch(type)
{
case T_A :
+ if (dlen != sizeof(struct in_addr))
+ return 0;
rptr->re_he.h_length = dlen;
if (ans == 1)
rptr->re_he.h_addrtype=(class == C_IN) ?
@@ -2473,6 +2475,7 @@
*alias = NULL;
break;
default :
+ cp += dlen ;
break;
}
}
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012210215.eBL2FO810120>