[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
brief security audit of scli, a submitted port
- To: ports_(_at_)_openbsd_(_dot_)_org
- Subject: brief security audit of scli, a submitted port
- From: Jose Nazario <jose_(_at_)_monkey_(_dot_)_org>
- Date: Fri, 13 Sep 2002 18:54:12 -0400 (EDT)
- Cc: Margarida Sequeira <niness_(_at_)_devilness_(_dot_)_org>
as promised earlier in the day:
all paths relative to the port extraction directory. not all of these are
necessarily security holes but they are worth looking at. this is the
output of a small tool i was writing which just does lexical analysis of
the source code files (after preprocessing). incomplete, but more terse
output than rats, flawfinder, etc ...
scli/w-scli-0.2.12/scli-0.2.12/snmp
g_session.c ...
line 225: random used,cryptographically insecure random numbers.
scli/w-scli-0.2.12/scli-0.2.12/proc
disman-script-mib-proc.c ...
line 39: possible buffer overflow in strcpy
line 41: possible buffer overflow in strcpy
snmp-view-based-acm-mib-proc.c ...
line 90: possible buffer overflow in strcpy
line 92: possible buffer overflow in strcpy
scli/w-scli-0.2.12/scli-0.2.12/scli
basic.c ...
line 213: command passing, possibly unsafe: popen
cmds.c ...
line 82: possible buffer overflow in strcpy
entity.c ...
line 77: possible buffer overflow in strcpy
lint turns up a lot of stuff, most of it in the headers of dependent
files. glib needs to be cleaned up ... the output is a bit long to put in
here.
splint reports lots of potential memory leaks.
hope this helps. anyhow, the long and the short of it is that it could use
a brief audit. its a network tool, so these are potentially remote holes.
___________________________
jose nazario, ph.d. jose_(_at_)_monkey_(_dot_)_org
http://www.monkey.org/~jose/
Visit your host, monkey.org