ports/106594: ftp/tnftpd - fix critical bug
Sergey N. Voronkov
serg at tmn.ru
Mon Dec 11 04:30:07 UTC 2006
>Number: 106594
>Category: ports
>Synopsis: ftp/tnftpd - fix critical bug
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Mon Dec 11 04:30:04 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Sergey N. Voronkov
>Release: FreeBSD 6.2-RC1 i386
>Organization:
Sibitex Ltd.
>Environment:
System: FreeBSD sv.tech.sibitex.tmn.ru 6.2-RC1 FreeBSD 6.2-RC1 #1: Fri Dec 8 12:12:23 YEKT 2006 serg at sv.tech.sibitex.tmn.ru:/usr/obj/usr/src/sys/SV i386
>Description:
Fix a root exploit:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051009.html
>How-To-Repeat:
See above URL.
>Fix:
diff -ruN tnftpd.orig/Makefile tnftpd/Makefile
--- tnftpd.orig/Makefile Sun May 7 17:09:21 2006
+++ tnftpd/Makefile Mon Dec 11 09:16:48 2006
@@ -7,6 +7,7 @@
PORTNAME= tnftpd
PORTVERSION= 20040810
+PORTREVISION= 1
CATEGORIES= ftp ipv6
MASTER_SITES= ftp://ftp.netbsd.org/pub/NetBSD/misc/tnftp/
diff -ruN tnftpd.orig/files/patch-libnetbsd-glob.c
tnftpd/files/patch-libnetbsd-glob.c
--- tnftpd.orig/files/patch-libnetbsd-glob.c Thu Jan 1 05:00:00 1970
+++ tnftpd/files/patch-libnetbsd-glob.c Mon Dec 11 09:16:19 2006
@@ -0,0 +1,13 @@
+--- libnetbsd/glob.c-orig Mon Dec 11 09:13:10 2006
++++ libnetbsd/glob.c Mon Dec 11 09:14:16 2006
+@@ -497,7 +497,9 @@
+ * we save one character so that we can use ptr >= limit,
+ * in the general case when we are appending non nul chars only.
+ */
+- return(glob2(pathbuf, pathbuf, pathbuf + sizeof(pathbuf) - 1,
pattern,
++ return(glob2(pathbuf, pathbuf,
++ pathbuf + (sizeof(pathbuf) / sizeof(*pathbuf)) - 1,
++ pattern,
+ pglob, limit));
+ }
+
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list