Bug 33236

Summary: Buffer Overflow in rwhoisd
Product: Ports & Packages Reporter: Christophe Bailleux <cb>
Component: Individual Port(s)Assignee: freebsd-ports (Nobody) <ports>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Christophe Bailleux 2001-12-27 10:20:01 UTC 
Buffer overflow in rwhoisd. 
If in rwhoisd.conf, the option use-syslog: YES is enable, it's possbile to
create a buffer overflow and gain a remote shell.

Fix: 

Upgrade the rwhoisd port with the lastest version.
How-To-Repeat: In rwhoisd.conf: use-syslog: YES

bash-2.05# telnet localhost 4321
Trying 127.0.0.1...
Connected to localhost.admin.clubint.net.
Escape character is '^]'.
%rwhois V-1.5:003fff:00 sandrine.admin.clubint.net (by Network Solutions, Inc. V-1.5.7)
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Gdb output:

Attaching to program: /usr/local/lib/rwhois/sbin/rwhoisd, process 15185
Reading symbols from /usr/lib/libwrap.so.3...(no debugging symbols found)...
done.
Reading symbols from /usr/lib/libcrypt.so.2...(no debugging symbols found)...
done.
Reading symbols from /usr/lib/libc.so.4...(no debugging symbols found)...done.
Reading symbols from /usr/libexec/ld-elf.so.1...(no debugging symbols found)...
done.
0x2812efcc in read () from /usr/lib/libc.so.4
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x41414141 in ?? ()
(gdb)
Comment 1 dirk freebsd_committer freebsd_triage 2001-12-27 15:52:05 UTC 
State Changed
From-To: open->closed

rwhois upgraded to 1.5.7.3.