Summary: | net/mDNSResponder resolv.conf parsing has a buffer overflow, also leaks fd | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Juli Mallett <jmallett> | ||||
Component: | Individual Port(s) | Assignee: | Rene Ladan <rene> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Only Me | CC: | bsdashsan | ||||
Priority: | Normal | ||||||
Version: | Latest | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
Juli Mallett
2010-05-26 06:07:50 UTC
Responsible Changed From-To: freebsd-ports-bugs->rene Grab, superseeded by ports/147657 ? The problem report is still valid. Can you point to a CVE entry so that I can write a VuXML entry? I didn't find any at entries relating to this problem at http://web.nvd.nist.gov/view/vuln/search-results?cid=3 Rene State Changed From-To: open->feedback Waiting for CVE entry, not in the National Vulnerability Database. rene 2010-06-27 21:14:28 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: Document mDNSResponder -- corrupted stack crash when parsing bad resolv.conf This only happens on a system where one has a system where resolv.conf is writable by an untrusted user or where mdnsd is setuid and can be tricked into opening an alternate resolv.conf. PR: ports/147007 Submitted by: jmallett@ Approved by: tabthorpe (mentor) Feature safe: yes Revision Changes Path 1.2174 +32 -1 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org" rene 2010-08-01 19:12:18 UTC FreeBSD ports repository Modified files: net/mDNSResponder Makefile distinfo Added files: net/mDNSResponder/files mdnsd.in patch-mDNSPosix_mDNSPosix.c Removed files: net/mDNSResponder/files mdnsd.sh.in Log: - Fix a potential buffer overflow and file descriptor leak. [1] - Update to 214.3 [2] - Rename mdnsd.sh to mdnsd [2] - Remove duplicate MAKE_JOBS_UNSAFE [2] - Simplify manpage installation [2] - Pass maintainership to submitter [2] PR: ports/147007 [1] ports/147657 [2] Submitted by: jmallett [1] Sunpoet Po-Chuan Hsieh [sunpoet sunpoet.net] [2] Approved by: tabthorpe (mentor) Security: ports/147007 Revision Changes Path 1.26 +16 -25 ports/net/mDNSResponder/Makefile 1.8 +3 -3 ports/net/mDNSResponder/distinfo 1.1 +22 -0 ports/net/mDNSResponder/files/mdnsd.in (new) 1.7 +0 -19 ports/net/mDNSResponder/files/mdnsd.sh.in (dead) 1.1 +19 -0 ports/net/mDNSResponder/files/patch-mDNSPosix_mDNSPosix.c (new) _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org" State Changed From-To: feedback->closed Committed, thanks |