OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Przemyslaw Frasunek (venglinFREEBSD.LUBLIN.PL)
Date: Fri Jan 26 2001 - 15:55:19 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hello,

    Mars_nwe 0.99.pl19 is vulnerable to remote format string vulnerability,
    allowing to gain superuser privileges from DOS/Windows workstations
    attached to mars server.

    Here is the patch:

    --- tools.c.orig Fri Jan 26 22:46:34 2001
    +++ tools.c Fri Jan 26 22:46:59 2001
    -189,7 +189,7
             sprintf(identstr, "%s %d %3d", get_debstr(0),
                                act_connection, act_ncpsequence);
             openlog(identstr, LOG_CONS, LOG_DAEMON);
    - syslog(LOG_DEBUG, buf);
    + syslog(LOG_DEBUG, "%s", buf);
             closelog();
           } else {
             int l=strlen(buf);
    -249,7 +249,7
         }
         sprintf(identstr, "%s %d %3d", get_debstr(0), act_connection, act_ncpsequence);
         openlog(identstr, LOG_CONS, LOG_DAEMON);
    - syslog(prio, buf);
    + syslog(prio, "%s", buf);
         closelog();
         if (!mode) return;
         lologfile=stderr;

    --
    * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
    * Inet: przemyslawfrasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF *