Bug 106594 - ftp/tnftpd - fix critical bug
Summary: ftp/tnftpd - fix critical bug
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Martin Wilke
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-12-11 04:30 UTC by Sergey N. Voronkov
Modified: 2006-12-13 07:30 UTC (History)
0 users

See Also:


Attachments
file.diff (1.07 KB, patch)
2006-12-11 04:30 UTC, Sergey N. Voronkov
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sergey N. Voronkov 2006-12-11 04:30:04 UTC
	Fix a root exploit:

	http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051009.html

How-To-Repeat: 	See above URL.
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2006-12-11 04:30:17 UTC
State Changed
From-To: open->feedback

Awaiting maintainers feedback
Comment 2 Sergey N. Voronkov 2006-12-11 05:22:40 UTC
Sorry, forgot to put reference to original patch at NetBSD pgksrc:

http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/net/tnftpd/patches/patch-aa

Serg.
Comment 3 Rudolf Čejka 2006-12-11 11:00:44 UTC
Edwin Groothuis wrote (2006/12/11):
> Maintainer of ftp/tnftpd,
> Please note that PR ports/106594 has just been submitted.
> If it contains a patch for an upgrade, an enhancement or a bug fix
> you agree on, reply to this email stating that you approve the patch
> and a committer will take care of it.
> 
> The full text of the PR can be found at:
>     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/106594

Hello, yes, please commit it and close the PR, so that there is
a version, which is believed that fixes tnftpd-20040810.

I hope that I will prepare patches for tnftpd upgrade from 20040810
to 20061204, so that both the problem is fixed and there is a new
version of tnftpd.

Thanks.

-- 
Rudolf Cejka <cejkar at fit.vutbr.cz> http://www.fit.vutbr.cz/~cejkar
Brno University of Technology, Faculty of Information Technology
Bozetechova 2, 612 66  Brno, Czech Republic
Comment 4 Martin Wilke freebsd_committer freebsd_triage 2006-12-11 12:04:46 UTC
Responsible Changed
From-To: freebsd-ports-bugs->miwi

I'll take it.
Comment 5 dfilter service freebsd_committer freebsd_triage 2006-12-13 07:21:40 UTC
miwi        2006-12-13 07:21:34 UTC

  FreeBSD ports repository

  Modified files:
    ftp/tnftpd           Makefile 
  Added files:
    ftp/tnftpd/files     patch-libnetbsd-glob.c 
  Log:
  - Fix root exploid
  
  PR:             ports/106594
  Submitted by:   Sergey N. Voronkov <serg@tmn.ru>
  Approved by:    maintainer
  Security:       http://www.vuxml.org/freebsd/e969e6cb-8911-11db-9d01-0016179b2dd5.html
  
  Revision  Changes    Path
  1.10      +1 -0      ports/ftp/tnftpd/Makefile
  1.1       +12 -0     ports/ftp/tnftpd/files/patch-libnetbsd-glob.c (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 6 Martin Wilke freebsd_committer freebsd_triage 2006-12-13 07:22:01 UTC
State Changed
From-To: feedback->closed

Committed. Thanks!