Date: Fri, 26 Aug 2011 11:17:56 -0700 From: Xin LI <delphij@delphij.net> Cc: freebsd-bugs@FreeBSD.org, roam@FreeBSD.org Subject: Re: ports/160218: security/stunnel is vulnerable to CVE-2011-2940 Message-ID: <4E57E354.6070003@delphij.net> In-Reply-To: <201108261742.p7QHg6iG099719@freefall.freebsd.org> References: <201108261742.p7QHg6iG099719@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --------------080300040206010504010108 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Here is a patch (tested with basic tinderboxing). This seems to be a DoS but no remote privilege escalation. Cheers, - -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iQEcBAEBCAAGBQJOV+NUAAoJEATO+BI/yjfBJZAH/jGDuaBRoSIo2P4Ja7/E2Hj2 Ja54pMF9gwedGovIWF5PkdE4wL37AJkh632w7NUJtT08ensyousJqY2PSf9ZoEJe Dc7M2qqJt337gWN0bMdPOtdtmBzES6kPWIuBkatd7UY8xq4tZUpqWOF0iCPREC4a 7ADhf8PYyloBaYtVy3Ulfh12XBmxAU9PpoeMrxgtkuxR6ge4HbsL08NeBcCiLn+s IEaRnHlul+PTBcqc3JrC3yqtm8beI9lO6Us74fkf+/zUOw7NRJzdNcP9gHuP6fIF 5MCtoN87d+R4TygYjAgbDH8smC349vBDHTkVdTZXbqTabOiiRndjf104Cqld3x8= =ueFt -----END PGP SIGNATURE----- --------------080300040206010504010108 Content-Type: text/plain; name="stunnel.diff" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="stunnel.diff" SW5kZXg6IE1ha2VmaWxlCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KUkNTIGZpbGU6IC9ob21lL25jdnMvcG9y dHMvc2VjdXJpdHkvc3R1bm5lbC9NYWtlZmlsZSx2CnJldHJpZXZpbmcgcmV2aXNpb24gMS4x MDMKZGlmZiAtdSAtcCAtcjEuMTAzIE1ha2VmaWxlCi0tLSBNYWtlZmlsZQkxIEF1ZyAyMDEx IDE0OjQ3OjQzIC0wMDAwCTEuMTAzCisrKyBNYWtlZmlsZQkyNiBBdWcgMjAxMSAxODoxMzoz NyAtMDAwMApAQCAtNiw3ICs2LDcgQEAKICMKIAogUE9SVE5BTUU9CXN0dW5uZWwKLVBPUlRW RVJTSU9OPQk0LjQxCitQT1JUVkVSU0lPTj0JNC40MgogQ0FURUdPUklFUz0Jc2VjdXJpdHkK IE1BU1RFUl9TSVRFUz0JZnRwOi8vZnRwLnN0dW5uZWwub3JnL3N0dW5uZWwvJVNVQkRJUiUv IFwKIAkJaHR0cDovL21pcnJvcnMuemVyZy5iaXovc3R1bm5lbC8lU1VCRElSJS8gXApJbmRl eDogZGlzdGluZm8KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTogL2hvbWUvbmN2cy9wb3J0cy9z ZWN1cml0eS9zdHVubmVsL2Rpc3RpbmZvLHYKcmV0cmlldmluZyByZXZpc2lvbiAxLjU4CmRp ZmYgLXUgLXAgLXIxLjU4IGRpc3RpbmZvCi0tLSBkaXN0aW5mbwkxIEF1ZyAyMDExIDE0OjQ3 OjQzIC0wMDAwCTEuNTgKKysrIGRpc3RpbmZvCTI2IEF1ZyAyMDExIDE4OjEzOjQ4IC0wMDAw CkBAIC0xLDIgKzEsMiBAQAotU0hBMjU2IChzdHVubmVsLTQuNDEudGFyLmd6KSA9IDA4ZTBl N2RmNDJiZmI4Yjg1NTFlYjZjNGI1YjUwZWFlNjA1MWFhZjc1MDc3MTAxZDcyOWU2N2M3YTNh MDBjNzIKLVNJWkUgKHN0dW5uZWwtNC40MS50YXIuZ3opID0gNTU3NDY3CitTSEEyNTYgKHN0 dW5uZWwtNC40Mi50YXIuZ3opID0gZDMzYzQwN2JmYzRmNTgwNzBlODE4MDgxYmQwODJjMzhm OTFjYWI3NjkxY2NiYjc5NGRhNjMxNDNjNTM1ZGUzYgorU0laRSAoc3R1bm5lbC00LjQyLnRh ci5neikgPSA1NTgzOTEK --------------080300040206010504010108--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E57E354.6070003>