Bug 111363

Summary: CVE-2007-1719 - mcweject buffer overflow
Product: Ports & Packages Reporter: Jeff Forsythe <tornandfilthy2006>
Component: Individual Port(s)Assignee: freebsd-ports-bugs (Nobody) <ports-bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Jeff Forsythe 2007-04-08 02:10:01 UTC 
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1719


Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD, and possibly other versions, allows local users to execute arbitrary code via a long command line argument, possibly involving the device name.


----

Didn't see any bug reports or responses from FreeBSD, thought I'd check if this was known, and if a fix is in place.

How-To-Repeat: Exploit: http://milw0rm.com/exploits/3578
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2007-04-08 02:47:26 UTC 
State Changed
From-To: open->closed

Duplicate of ports/111365.
Comment 2 Mark Linimon freebsd_committer freebsd_triage 2007-04-08 02:47:54 UTC 
Responsible Changed
From-To: freebsd-bugs->freebsd-ports-bugs

Fix assignment.