Date: Thu, 26 Jan 2006 13:46:56 +0200 From: "Ion-Mihai "IOnut" Tetcu" <itetcu@people.tecnik93.com> To: "FreeBSD gnats submit" <FreeBSD-gnats-submit@FreeBSD.org> Subject: ports/92359: [MAINTAINER] net-im/kpopup: FORBIDDEN (local root exploit); contains the VuXML entry Message-ID: <1138276016.43542@it.buh.tecnik93.com> Resent-Message-ID: <200601261150.k0QBoAud099590@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 92359
>Category: ports
>Synopsis: [MAINTAINER] net-im/kpopup: FORBIDDEN (local root exploit); contains the VuXML entry
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Thu Jan 26 11:50:09 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Ion-Mihai "IOnut" Tetcu
>Release: FreeBSD 6.0-STABLE i386
>Organization:
Tecnik'93
>Environment:
System: FreeBSD 6.0-STABLE #1: Mon Jan 23 00:45:10 EET 2006
>Description:
Mark FORBIDDEN due to local root exploit and local denial of service until I
have time to upgrade it.
The VuXML diff is attached.
Drop USE_REINPLACE while I'm here.
>How-To-Repeat:
>Fix:
--- kpopup.diff begins here ---
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/net-im/kpopup/Makefile,v
retrieving revision 1.1.1.2
retrieving revision 1.6
diff -u -r1.1.1.2 -r1.6
--- Makefile 26 Jan 2006 11:32:02 -0000 1.1.1.2
+++ Makefile 26 Jan 2006 11:36:07 -0000 1.6
@@ -4,7 +4,7 @@
#
# $FreeBSD: ports/net-im/kpopup/Makefile,v 1.10 2006/01/26 10:34:27 garga Exp $
#
-# $Tecnik: ports/net-im/kpopup/Makefile,v 1.2 2006/01/25 23:29:03 itetcu Exp $
+# $Tecnik: ports/net-im/kpopup/Makefile,v 1.6 2006/01/26 11:36:07 itetcu Exp $
#
PORTNAME= kpopup
@@ -18,11 +18,12 @@
RUN_DEPENDS= smbclient:${PORTSDIR}/net/samba
+FORBIDDEN= http://vuxml.freebsd.org/1613db79-8e52-11da-8426-000fea0a9611.html
+
USE_KDELIBS_VER=3
USE_GMAKE= yes
GNU_CONFIGURE= yes
CONFIGURE_TARGET=
-USE_REINPLACE= yes
post-patch:
@${REINPLACE_CMD} -e 's,malloc.h,stdlib.h,' ${WRKSRC}/kpopup/misc.cpp \
--- kpopup.diff ends here ---
--- vuln.xml.diff begins here ---
--- vuln.xml.cvs Thu Jan 26 11:40:13 2006
+++ vuln.xml Thu Jan 26 12:44:27 2006
@@ -34,6 +34,43 @@
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
+ <vuln vid="1613db79-8e52-11da-8426-000fea0a9611">
+ <topic> kpopup -- local root exploit and local denial of service</topic>
+ <affects>
+ <package>
+ <name>kpopup</name>
+ <range><ge>0.9.1</ge><le>0.9.5</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">;
+ <p>Mitre CVE reports:</p>
+ <blockquote cite="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1170">;
+ <p>Format string vulnerability in main.cpp in kpopup 0.9.1-0.9.5pre2
+ allows local users to cause a denial of service (segmentation fault)
+ and possibly execute arbitrary code via format string specifiers in
+ command line arguments.
+ misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall,
+ which allows local users to elevate their privileges by modifying the
+ PATH variable to reference a malicious killall program.
+ SecurityFocus credits "b0f" b0fnet@yahoo.com</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2003-1170</cvename>
+ <bid>8918</bid>
+ <cvename>CVE-2003-1167</cvename>
+ <bid>8915</bid>
+ <url>http://www.securityfocus.com/archive/1/342736</url>;
+ <url>http://www.henschelsoft.de/kpopup_en.html</url>;
+ </references>
+ <dates>
+ <discovery>2003-10-28</discovery>
+ <entry>2006-01-26</entry>
+ </dates>
+ </vuln>
+
<vuln vid="57a0242d-8c4e-11da-8ddf-000ae42e9b93">
<topic>sge -- local root exploit in bundled rsh executable</topic>
<affects>
--- vuln.xml.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1138276016.43542>