lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <BAY8-F6ekGaLVMoROmq0001b5d6@hotmail.com>
From: downbload at hotmail.com (DownBload / Illegal Instruction Labs)
Subject: LOL, stupid calife maintainer - this can't be true

Hi,

This can't be true...
Imagine this - there is one programmer who doesn't know how to write a 
secure code (in fact, there are many of them, but I will give you just one 
example).
He doesn't know anything about security, so he decided to write a suid-root 
application (good choice).
Name of that app. is calife (http://www.freshports.org/security/calife/).
Name of that "programmer" is  Ollivier Robert.
After few minutes of code audit, I found a simple-plain-stupid strcpy() in 
authentication process (check vuln-description here: 
http://www.securityfocus.com/archive/1/355510/2004-02-25/2004-03-02/0).
I didn't contact him before bugtraq and now he is mad on me...and he said 
this:

roberto:
-------------------------------------------------------------------------------------
Fix a potential security problem on Linux/glibc whose getpass(3) apparently
fails with very long passwords leading to a segfault. It may be exploitable.

FreeBSD is *not* vulnerable.

No thanks to: the jerk who posted on bugtraq w/o mailing me beforehand.
-------------------------------------------------------------------------------------

STFU!!!
That isn't linux glibc security problem, there is nothing wrong with 
getpass().
DON'T BLAME LINUX GLIBC FOR YOUR LAME PROGRAMMING AND LACK OF SECURITY 
KNOWLEDGE.
BTW: I wouldn't allow you to code even hello world program.

Vulnerable code ("glibc problem" ;-) ->
/root/calife-2.8.4c/db.c
------------------------
        ...
        char    got_pass = 0;
        char    * pt_pass, * pt_enc,
                * user_pass, * enc_pass, salt [10];

        user_pass = (char *) xalloc (l_size);
        enc_pass = (char *) xalloc (l_size);
        ...
        for ( i = 0; i < 3; i ++ )
        {
            pt_pass = (char *) getpass ("Password:");
            memset (user_pass, '\0', l_size);
            strcpy (user_pass, pt_pass); // <- BAD CODE
            pt_enc = (char *) crypt (user_pass, calife->pw_passwd);
            memset (enc_pass, '\0', l_size);
            strcpy (enc_pass, pt_enc);
        }
        ...
        free (user_pass);    // <-  FUN CODE ;-)
        free (enc_pass);     // <-  FUN CODE ;-)
        ...

------------------------


My advise - DON'T USE CALIFE - it is VERY buggy - use sudo or super insted.

Bye.

_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ