|
Vulnerability mars_nwe Affected mars_nwe 0.99pl19 Description Przemyslaw Frasunek posted following. Mars_nwe 0.99.pl19 is vulnerable to remote format string vulnerability, allowing to gain superuser privileges from DOS/Windows workstations attached to mars server. Solution Here is the patch: --- tools.c.orig Fri Jan 26 22:46:34 2001 +++ tools.c Fri Jan 26 22:46:59 2001 @@ -189,7 +189,7 @@ sprintf(identstr, "%s %d %3d", get_debstr(0), act_connection, act_ncpsequence); openlog(identstr, LOG_CONS, LOG_DAEMON); - syslog(LOG_DEBUG, buf); + syslog(LOG_DEBUG, "%s", buf); closelog(); } else { int l=strlen(buf); @@ -249,7 +249,7 @@ } sprintf(identstr, "%s %d %3d", get_debstr(0), act_connection, act_ncpsequence); openlog(identstr, LOG_CONS, LOG_DAEMON); - syslog(prio, buf); + syslog(prio, "%s", buf); closelog(); if (!mode) return; lologfile=stderr; For FreeBSD: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/mars_nwe-0.99.b19_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/mars_nwe-0.99.b19_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/mars_nwe-0.99.b19_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/mars_nwe-0.99.b19_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/mars_nwe-0.99.b19_1.tgz