[FreeVMS] Potential Security Bugs in Freevms
Roar Thronæs
roart at nvg.ntnu.no
Mer 16 Mai 10:04:23 CEST 2007
On Mon, May 14, 2007 at 09:12:10AM +0200, BERTRAND Joël wrote:
> george john a écrit :
> > 1.
> >
> > /backup/src/vmsbackup.c 241 gets()
> >
> > Does not check for buffer overflows.
>
> This patch should fix this buffer overflow.
Thanks, I will apply this one.
> > 2.
> >
> > /cmuip/ipacp/src/nfs.c : 788 chown
> > projects/freevms/cmuip/ipacp/src/nfs.c:813: [5] (race) chmod:
> > projects/freevms/cmuip/ipacp/src/nfs.c:1629: [5] (race) chown:
> >
> > This accepts filename arguments; if an attacker can move those files, a race condition results.
>
> True. We have to fix this.
Maybe some time later.
The NFS part is not currently used, and it was allegedly not working
according to the CMUIP FAQ.
Thanks for your interest in the project.
--
Regards,
Roar Thronæs
Plus d'informations sur la liste de diffusion FreeVMS