[gopher] [comp.infosystems.gopher] Re: UMN gopherd exploits
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
FYI, if you are running UMN gopherd and have not upgraded, you may
find this useful:
-- Attached file included as plaintext by Ecartis --
Path:
heinrich.complete.org!newsx!uni-berlin.de!fu-berlin.de!feed.news.nacamar.de!news100.image.dk!news010.worldonline.dk.POSTED!not-for-mail
From: "Jacob Dahl Pind" <rachael_@xxxxxxx>
Subject: Re: UMN gopherd exploits
References: <561.365T1050T2052494rachael_@xxxxxxx> <87oey9ok10.fsf@xxxxxxxxxxxx>
Message-ID: <2001.371T1100T953184rachael_@xxxxxxx>
Newsgroups: comp.infosystems.gopher
Lines: 70
X-Newsreader: THOR 2.6a (Amiga;TCP/IP)
Date: 29 Aug 2003 1:35:22 +0100
NNTP-Posting-Host: 213.237.16.246
X-Complaints-To: news-abuse@xxxxxx
X-Trace: news010.worldonline.dk 1062113871 213.237.16.246 (Fri, 29 Aug 2003
01:37:51 MET DST)
NNTP-Posting-Date: Fri, 29 Aug 2003 01:37:51 MET DST
Organization: Customer of Tiscali A/S
Xref: heinrich.complete.org comp.infosystems.gopher:32
MIME-Version: 1.0
on 28-Aug-03 16:54:03, John Goerzen wrote:
>"Jacob Dahl Pind" <rachael_@xxxxxxx> writes:
>> Hello
>>
>> As it seems support for UMN gopherd has been stopped, and the two
>> lates security holes wont be fixed, I have tried to patch them.
>>
>> The small patch can be found at gopher://rachael.dyndns.org/11/gopher/
>I could not resolve that hostname. Can you post a new URL?
have included it instead.
if fixed the GSisText()/view buffer overflow , remote "ftp gateway" buffer
overflow,
and do_command bufferoverflow.
It also changes some tempnam to mkstemp, but those are gnu glibc specefic.
-- UMN_gopherd_patch.txt
diff -adr misc/gopher-3.0.5/gopher-3.0.5/gopherd/ftp.c
software/gopher-3.0.5/gopher-3.0.5/gopherd/ftp.c
1810,1811c1810,1811
<
< strcpy(tmpName, buf);
---
> if (strlen(buf) > 256) last=256;
> strncpy(tmpName, buf,last);
diff -adr misc/gopher-3.0.5/gopher-3.0.5/gopherd/gopherd.c
software/gopher-3.0.5/gopher-3.0.5/gopherd/gopherd.c
1279,1280c1279,1280
< ASKfile = tempnam(NULL, "gdata");
< Debug("HTTP POST data is in %s\n", ASKfile);
---
> ASKfile = mkstemp("gdata");
> Debug("HTTP POST data is in %s\n", ASKfile);
1482c1482
<
---
> int authlen;
1488c1488,1491
< strcpy(cleartext, authuser);
---
> authlen = strlen(authuser);
> /* its 64 because cleartext has just been declared 64 above */
>
> if (authlen > 64 ) authlen = 64;
> strncpy(cleartext, authuser,authlen);
1590c1593
< ASKfile = tempnam(NULL, "gdata");
---
> ASKfile = mkstemp("gdata");
diff -adr misc/gopher-3.0.5/gopher-3.0.5/object/GSgopherobj.c
software/gopher-3.0.5/gopher-3.0.5/object/GSgopherobj.c
2090c2090,2091
< {
---
> { int pos;
>
2107c2108,2112
<
---
> if (strlen(view) > 64) {
> pos = 64;
> } else {
> pos = strlen(view);
> }
regards Jacob Dahl Pind
--
CBM, Amiga,Vintage hardware collector
Email: rachael@xxxxxxxxxxxxxxxxxx
url: http://rachael.dyndns.org
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [gopher] [comp.infosystems.gopher] Re: UMN gopherd exploits,
John Goerzen <=
|
|
