[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-devel:12279] possible vulnerability (buffer overflow) in JP Packages? (Re: (draft) [SECURITY] New version of kon2 released)

From: Fumitoshi UKAI <ukai@debian.or.jp>
Subject: [debian-devel:12279] possible vulnerability (buffer overflow) in JP Packages? (Re: (draft) [SECURITY] New version of kon2 released)
Date: Tue, 9 May 2000 23:51:45 +0900
Organization: Debian JP Project
X-ml-info: If you have a question, send a mail with the body "# help" (without quotes) to the address debian-devel-ctl@debian.or.jp; help=<mailto:debian-devel-ctl@debian.or.jp?body=help>
X-ml-name: debian-devel
X-mlserver: fml [fml 2.2]; post only (only members can post)
Message-id: <87ya5jlqrj.wl@xxxxxxxxxxxxxxx>
X-mail-count: 12279
User-agent: Wanderlust/2.2.15 (More Than Words) EMIKO/1.13.9 (Euglena tripteris) FLIM/1.13.2 (Kasanui) APEL/10.2 Emacs/20.6 (i386-debian-linux-gnu) MULE/4.0 (HANANOEN)

At Mon, 8 May 2000 13:46:09 +0900,
NOKUBI Takatsugu <knok@xxxxxxxxxxxxx> wrote:
 
>   BUGTRAQ-JP の以下の記事にて、kon2 の buffer overflow が指摘されました。
> http://www.securityfocus.com/templates/archive.pike?list=79&date=2000-05-01&msg=3914CB13276.23FASHADOWPENGUIN@xxxxxxxxxxxxxxxxxxxxxx
> 
>   既に喜瀬さんがメンテナのむつみさんと BTS に報告をしていて、現在対処
> 中だそうですが、利用者は日本語圏での方がずっと多いと思われるので、こち
> らでも advisory を出した方が良いと思います。

ふと思いたって JP Packages (potato-jp)で setuid されてるものを
ちょっと見てみました。

suidregisterで rootに setuid してるのは、dviout と tcb なんですが、
どちらもsprintf(), strcpy(), strcat(), scanf()など危険な関数を
使ってますね。詳細に確認すべきだと思います。

ざっと見て直観ですが、
 dvioutのsprintf()は data sectionなのでそんなにあぶなくなさそう?
 strcpy()、strcat()もほとんどは大丈夫?
 linux.drvのsscanf()の vmode.type は writable な領域なんだろうか?

 tcbは sprintf(),strcpy(),strcat()がいっぱいあってなんか危険なかんじ。
 sscanf()はおおむね大丈夫?
というかんじです。

後は daemon系のパッケージもチェックすべきですね。

PS.
あと tcb は depends: man-db-ja ですね。これは不要(というか
むしろ recommends: か suggests: 程度?)のような…
-- 
鵜飼文敏

Follow-Ups:
- [debian-devel:12280] Re: possible vulnerability (buffer overflow) in JP Packages? (Re: (draft) [SECURITY] New version of kon2 released)
  - From: GOTO Masanori

Prev by Date: [debian-devel:12278] Re: (draft) [SECURITY] New version ofkon2released
Next by Date: [debian-devel:12280] Re: possible vulnerability (buffer overflow) in JP Packages? (Re: (draft) [SECURITY] New version of kon2 released)
Previous by thread: [debian-devel:12275] Unanswered problem reports by maintainer and package
Next by thread: [debian-devel:12280] Re: possible vulnerability (buffer overflow) in JP Packages? (Re: (draft) [SECURITY] New version of kon2 released)
Index(es):
- Date
- Thread