Date: Mon, 30 Mar 1998 17:48:14 -0700 (MST) From: marcs@znep.com To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: ports/6180: youbin port has root-exploitable security hole Message-ID: <199803310048.RAA08244@gras-varg.worldgate.com>
next in thread | raw e-mail | index | archive | help
>Number: 6180
>Category: ports
>Synopsis: youbin port has root-exploitable security hole
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Mar 30 16:50:01 PST 1998
>Last-Modified:
>Originator: Marc Slemko
>Organization:
>Release: FreeBSD 2.2.6-STABLE i386
>Environment:
youbin-2.13 port as of today.
>Description:
The "youbin" program is installed setuid root but it has a hole that
is almost certainly exploitable.
"youbin -s xxxxx<many x's>" will normally cause a segmentation fault
due to no bounds checking.
The code does:
[...]
char server_name[MAXHOSTNAMELEN + 1]; /* Server name. */
[...]
strcpy(server_name, optarg);
without any checking. There are almost certainly more holes, I
stopped looking after the first.
>How-To-Repeat:
>Fix:
The port should be marked as broken or someone needs to go through it
and fix all the holes. Just fixing this one is not enough.
I have sent the authors a note about this.
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199803310048.RAA08244>