Date: 30 Jan 2001 10:49:52 -0000 From: venglin@freebsd.lublin.pl To: FreeBSD-gnats-submit@freebsd.org Subject: ports/24733: mars_nwe remote format string vulnerability Message-ID: <20010130104952.17913.qmail@riget.scene.pl>
next in thread | raw e-mail | index | archive | help
>Number: 24733
>Category: ports
>Synopsis: mars_nwe remote format string vulnerability
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Jan 30 03:00:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator: Przemyslaw Frasunek
>Release: FreeBSD 4.2-STABLE i386
>Organization:
ISMEDIA
>Environment:
/usr/ports/net/mars_nwe/ as of 30 Jan 2001
>Description:
mars_nwe contains remote format string vulnerability, allowing
to gain superuser privileges from DOS/Windows workstation.
Author of Mars was notified, but didn't released any official
patches yet.
>How-To-Repeat:
Fully exploitable, but no working exploits yet.
>Fix:
Incorporate following patch into ports collection, issue an
advisory.
--- mars_nwe/tools.c.orig Fri Jan 26 22:46:34 2001
+++ mars_nwe/tools.c Fri Jan 26 22:46:59 2001
@@ -189,7 +189,7 @@
sprintf(identstr, "%s %d %3d", get_debstr(0),
act_connection, act_ncpsequence);
openlog(identstr, LOG_CONS, LOG_DAEMON);
- syslog(LOG_DEBUG, buf);
+ syslog(LOG_DEBUG, "%s", buf);
closelog();
} else {
int l=strlen(buf);
@@ -249,7 +249,7 @@
}
sprintf(identstr, "%s %d %3d", get_debstr(0), act_connection, act_ncpsequence);
openlog(identstr, LOG_CONS, LOG_DAEMON);
- syslog(prio, buf);
+ syslog(prio, "%s", buf);
closelog();
if (!mode) return;
lologfile=stderr;
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010130104952.17913.qmail>