Bug 43437 - Update port irc/ezbounce Security Fix
Summary: Update port irc/ezbounce Security Fix
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Tilman Keskinoz
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-09-27 22:00 UTC by Tilman Linneweh
Modified: 2002-11-18 23:23 UTC (History)
1 user (show)

See Also:

Attachments
ezbounce.diff (1.43 KB, patch)
2002-09-27 22:00 UTC, Tilman Linneweh 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tilman Linneweh 2002-09-27 22:00:13 UTC 
From ezbounce's Homepage:

July 21, 2002

Security update: patch against 1.02

A small problem exists in 1.02 that can be exploited remotely. It is an "off-by-two" error that can be exploited ONLY by users with admin privileges. Specifically, it is caused by an incorrect usage of strncat() in the "DIE" command handler. Therefore, it is not a serious security hole, but the patch is available for those uber-serious about their system safety.
Comment 1 Oliver Braun freebsd_committer freebsd_triage 2002-10-19 23:01:31 UTC 
Responsible Changed
From-To: freebsd-ports->arved

Submitter is committer now.
Comment 2 Tilman Keskinoz freebsd_committer freebsd_triage 2002-11-18 23:22:52 UTC 
State Changed
From-To: open->closed

Committed thanks