zebra port (net/zebra) has vtysh buffer overflow and requires patch Fix: Patch 1: How-To-Repeat: See Zebra Mailing list archives
Responsible Changed From-To: freebsd-ports->andreas Over to maintainer; this might be moderately urgent, and it might also merit a PORTREVISION bump, as per our Security Officer's recommendations for security fixes. It might also have to be run by SO for audit, and/or a security advisory :)
On Tue, Dec 26, 2000 at 04:18:19AM -1000, Vincent Poy wrote: > On Tue, 26 Dec 2000 roam@FreeBSD.ORG wrote: > > > Synopsis: buffer flow in zebra port > > > > Responsible-Changed-From-To: freebsd-ports->andreas > > Responsible-Changed-By: roam > > Responsible-Changed-When: Tue Dec 26 06:12:38 PST 2000 > > Responsible-Changed-Why: > > Over to maintainer; this might be moderately urgent, and it might also > > merit a PORTREVISION bump, as per our Security Officer's recommendations > > for security fixes. It might also have to be run by SO for audit, > > and/or a security advisory :) > > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=23856 > > Just in case, here are links to the Zebra mailing list: > > http://marc.theaimsgroup.com/?l=zebra&m=97772483632199&w=2 > http://marc.theaimsgroup.com/?l=zebra&m=97773263304303&w=2 Btw, have you *tested* this patch? Does zebra compile with it? I admin I have not tried, but the last line - vty-_clear_buf(vty) - looks a bit suspicious to me; could it be a typo, meant for, say, vty_clear_buf(vty) ? G'luck, Peter PS. Note that I'm CC'ing this to freebsd-gnats-submit@FreeBSD.org, not to -ports; when GNATS receives a message with this subject line, it forwards it to -ports, and also saves it to the problem report audit trail - useful for future reference :) Messages to -ports go to -ports only, and are only saved in the list archives. Also, when a message is CC'ed to GNATS, there's no need to send it to the person resposible for the PR - GNATS sends it his way too. -- If this sentence didn't exist, somebody would have invented it.
On Tue, 26 Dec 2000, Peter Pentchev wrote: Greetings Peter: > On Tue, Dec 26, 2000 at 04:18:19AM -1000, Vincent Poy wrote: > > On Tue, 26 Dec 2000 roam@FreeBSD.ORG wrote: > > > > > Synopsis: buffer flow in zebra port > > > > > > Responsible-Changed-From-To: freebsd-ports->andreas > > > Responsible-Changed-By: roam > > > Responsible-Changed-When: Tue Dec 26 06:12:38 PST 2000 > > > Responsible-Changed-Why: > > > Over to maintainer; this might be moderately urgent, and it might also > > > merit a PORTREVISION bump, as per our Security Officer's recommendations > > > for security fixes. It might also have to be run by SO for audit, > > > and/or a security advisory :) > > > > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=23856 > > > > Just in case, here are links to the Zebra mailing list: > > > > http://marc.theaimsgroup.com/?l=zebra&m=97772483632199&w=2 > > http://marc.theaimsgroup.com/?l=zebra&m=97773263304303&w=2 > > Btw, have you *tested* this patch? Does zebra compile with it? > I admin I have not tried, but the last line - vty-_clear_buf(vty) - > looks a bit suspicious to me; could it be a typo, meant for, say, > vty_clear_buf(vty) ? Haven't yet but I'll test it now since I know they added it to the latest cvs of zebra. I added the patch under patch-aa in /usr/ports/net/zebra/files. I'll do a make now and it does patch. It finishes building and here I go with installing it. Now just for the test: root@oahu [4:43am][/usr/ports/net/zebra] >> zebractl start zebra ripd bgpdroot@oahu [4:43am][/usr/ports/net/zebra] >> root@oahu [4:43am][/usr/ports/net/zebra] >> telnet localhost 2601 Trying 127.0.0.1... Connected to localhost.WURLDLINK.NET. Escape character is '^]'. Hello, this is zebra (version 0.89a) Copyright 1996-2000 Kunihiro Ishiguro User Access Verification Password: FreeBSD0-atm-us-hnl> en Password: FreeBSD0-atm-us-hnl# show version Zebra 0.89a (i386--freebsd4.1). Copyright 1996-2000, Kunihiro Ishiguro. FreeBSD0-atm-us-hnl# So it does work. > G'luck, > Peter > > PS. Note that I'm CC'ing this to freebsd-gnats-submit@FreeBSD.org, > not to -ports; when GNATS receives a message with this subject line, > it forwards it to -ports, and also saves it to the problem report > audit trail - useful for future reference :) Messages to -ports go > to -ports only, and are only saved in the list archives. > > Also, when a message is CC'ed to GNATS, there's no need to send it > to the person resposible for the PR - GNATS sends it his way too. Thanks... I guess I'll remember to reply to -gnats rather than -ports directly. Thanks for the tip and a belated Merry Christmas! Cheers, Vince - vince@WURLDLINK.NET - Vice President ________ __ ____ Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] WurldLink Corporation / / / / | / | __] ] San Francisco - Honolulu - Hong Kong / / / / / |/ / | __] ] HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____] Almighty1@IRC - oahu.DAL.NET Hawaii's DALnet IRC Network Server Admin
On Tue, Dec 26, 2000 at 06:13:42AM -0800, roam@FreeBSD.org wrote: > Synopsis: buffer flow in zebra port > > Responsible-Changed-From-To: freebsd-ports->andreas > Responsible-Changed-By: roam > Responsible-Changed-When: Tue Dec 26 06:12:38 PST 2000 > Responsible-Changed-Why: > Over to maintainer; this might be moderately urgent, and it might also > merit a PORTREVISION bump, as per our Security Officer's recommendations > for security fixes. It might also have to be run by SO for audit, > and/or a security advisory :) > > http://www.freebsd.org/cgi/query-pr.cgi?pr=23856 I grabbed the patch from the zebra CVS repository and contacted Kris as "Security Officer" as well as Kunihiro from zebra to review the patch. Andreas /// -- Andreas Klemm Powered by FreeBSD SMP Songs from our band >>64Bits<<............http://www.apsfilter.org/64bits.html My homepage................................ http://people.FreeBSD.ORG/~andreas Please note: Apsfilter got a NEW HOME................http://www.apsfilter.org/
State Changed From-To: open->closed patch is o.k. additionally a new zebra release is on its way ...