lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20030804145256.32c74fd5.list@hardlined.com>
From: list at hardlined.com (Shanphen Dawa)
Subject: off-by-one error in realpath(3)

>From the OpenBSD Security List:

An off-by-one error exists in the C library function realpath(3).
This is the same bug that was recently found in the wu-ftpd ftpd
server by Janusz Niewiadomski and Janusz Niewiadomski.

The OpenBSD ftp daemon does not use realpath(3) in a way that could
be exploited, however a number of other system binaries also use
the function.  It is not currently known whether or not this bug
results in an exploitable security hole on OpenBSD.  Since the bug
led to an exploitable hole in wu-ftpd, it is entirely possible that
some program using realpath(3) under OpenBSD may be vulnerable to
attack.  For OpenBSD 3.3 and higher, the ProPolice stack protector
should provide some protection from this bug, but this cannot be
guaranteed.

This bug has been fixed in OpenBSD-current as well as the 3.2 and
3.3 stable branches.  Patches are available for OpenBSD 3.2 and 3.3.

Patch for OpenBSD 3.2:
ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.2/common/015_realpath.patch

Patch for OpenBSD 3.3:
ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.3/common/001_realpath.patch

For versions of OpenBSD prior to 3.2, users may simply fetch
the current revision of realpath.c from:
    ftp://ftp.OpenBSD.org/pub/OpenBSD/src/lib/libc/stdlib/realpath.c
then rebuild and install libc with the new realpath.c.

For more details, see the description of the wu-ftpd fp_realpath bug:
    http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030804/8749f0f9/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ