Date: Fri, 28 Mar 2003 12:30:25 +1030 From: Greg 'groggy' Lehey <grog@FreeBSD.org> To: Kris Kennaway <kris@obsecurity.org> Cc: dbader@eece.unm.edu Subject: Re: FORBIDDEN ports scheduled for removal Message-ID: <20030328020025.GN72254@wantadilla.lemis.com> In-Reply-To: <20030328014146.GK72254@wantadilla.lemis.com> References: <20030328013119.GA17944@rot13.obsecurity.org> <20030328014146.GK72254@wantadilla.lemis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--E0h0CbphJD8hN+Gf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Friday, 28 March 2003 at 12:11:46 +1030, Greg 'groggy' Lehey wrote: > On Thursday, 27 March 2003 at 17:31:19 -0800, Kris Kennaway wrote: >> Dear Port Maintainers, >> >> The following ports have been marked FORBIDDEN for at least 4 months >> and are scheduled for removal after May 1 2003. Please check for any >> updates to your ports and/or discuss the vulnerabilities with the >> developers. If I do not hear anything from you before May 1 these >> ports will be removed as scheduled. >> >> print/ghostview > > I wouldn't be happy to see this one go. If I could find the Bugtraq > report, I'd take a look at fixing it. OK, found it at http://www.securityfocus.com/bid/5808. Discussion says: gv is a freely available, open source Portable Document Format (PDF) and PostScript (PS) viewing utility. It is available for Unix and Linux operating systems. It has been reported that an insecure sscanf() function exists in gv. Due to this function, an attacker may be able to put malicious code in the %%PageOrder: portion of a file. When this malicious file is opened with gv, the code would be executed in the security context of the local user. Note that this refers to gv, not ghostview. It's also incorrect with ghostview 1.5. The binary doesn't contain a sscanf() function. I've tried the exploit, and it didn't work. I'll check further, but I think this one can be allowed again. Greg -- See complete headers for address and phone numbers --E0h0CbphJD8hN+Gf Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (FreeBSD) iD8DBQE+g6y5IubykFB6QiMRAqR3AKCyNk1i8g5x6z+t+mReZs3Bk4bhvQCgnThu 4EFpPsj4brluh4n8hZem7fk= =XtSb -----END PGP SIGNATURE----- --E0h0CbphJD8hN+Gf--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030328020025.GN72254>