Bug 40492

Summary:

Buffer overflow in /usr/src/usr.sbin/vipw/pw_util.c [changed servity to critical]

Product:

Base System

Reporter:

Pawel Jakub Dawidek <nick>

Component:

bin

Assignee:

Dag-Erling Smørgrav <des>

Status:

Closed FIXED

Severity:

Affects Only Me

CC:

nick

Priority:

Normal

Version:

1.0-RELEASE

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
file.diff	none

Description Pawel Jakub Dawidek 2002-07-12 19:30:01 UTC

 	Many set-uid-root applications use this function:
 	/usr/bin/passwd
 	/usr/bin/chsh
 	/usr/bin/chpass
 	/usr/bin/chfn

Fix: Here You got a little patch:


12 Lip 12:07 2002 diff -lu pw_util.c.orig pw_util.c Page 1

Comment 1 Giorgos Keramidas freebsd_committer

2002-07-13 22:44:05 UTC

Responsible Changed
From-To: gnats-admin->freebsd-bugs

This belongs to freebsd-bugs.

Comment 2 Dag-Erling Smørgrav freebsd_committer

2002-07-13 22:47:06 UTC

Responsible Changed
From-To: freebsd-bugs->des

My rutf.

Comment 3 des 2002-07-14 14:00:23 UTC

It's not a buffer overflow, and it's not exploitable, but thanks
anyway for bringing this to our attention.  I'll commit a similar
patch to -STABLE later today.

DES
-- 
Dag-Erling Smorgrav - des@ofug.org

Comment 4 Dag-Erling Smørgrav freebsd_committer

2002-07-14 14:12:13 UTC

State Changed
From-To: open->closed

Fixed.