From owner-freebsd-ports Sat Oct 28 14:17: 7 2000 Delivered-To: freebsd-ports@freebsd.org Received: from babylon.merseine.nu (c418236-a.clmba1.mo.home.com [24.12.203.134]) by hub.freebsd.org (Postfix) with ESMTP id 307D237B4C5 for ; Sat, 28 Oct 2000 14:17:05 -0700 (PDT) Received: (from ishmael@localhost) by babylon.merseine.nu (8.11.1/8.11.1) id e9SLHU986696; Sat, 28 Oct 2000 16:17:30 -0500 (CDT) (envelope-from ishmael) Date: Sat, 28 Oct 2000 16:17:30 -0500 From: Jeremy Norris To: Roman Shterenzon Cc: ports@FreeBSD.ORG Subject: Re: Remote buffer overflow in gnomeicu 0.93 Message-ID: <20001028161730.A86612@babylon.merseine.nu> References: <20001028004608.A61058@alchemy.oven.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001028004608.A61058@alchemy.oven.org>; from roman@xpert.com on Sat, Oct 28, 2000 at 12:46:08AM +0200 Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I would think this would be a problem with all icq clients, since icq opens up a tcp port by default. Gnomeicu at least, however, lets you pick what port. Jeremy On Sat, Oct 28, 2000 at 12:46:08AM +0200, Roman Shterenzon wrote: > Hi, > > Yesterday, running sockstat I noticed that openicu listens on TCP port 4000. > I was curious so I fed it with some zeroes from /dev/zero, and, it crashed > like a charm. I'm suspecting buffer overflow which may allow an intruder > to receive a shell on victim's machine. > Looking at code advises that the port can be chosen from 4000-4100 range. > I believe it needs to be checked and the port marked as FORBIDDEN meanwhile. > Sorry if it's false alarm. > > --Roman Shterenzon, UNIX System Administrator and Consultant > [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ports" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message