[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVS: cvs.openbsd.org: ports

To: source-changes_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org
Subject: CVS: cvs.openbsd.org: ports
From: Brad Smith <brad_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org>
Date: Wed, 13 Dec 2000 07:37:08 -0700 (MST)
Reply-to: Brad Smith <brad_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org>

CVSROOT:	/cvs
Module name:	ports
Changes by:	brad_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org	2000/12/13 07:37:08

Modified files:
	net/bitchx     : Makefile 
Added files:
	net/bitchx/patches: patch-source_misc.c 
	net/bitchx/pkg : SECURITY 

Log message:
Fix a buffer overflow in the DNS resolution code. A buffer overflow
within the resolver code makes it possible to overwrite stack
variables by generating a malformed DNS packet. This problem makes
it possible to create a situation where a malicious user may be
able to execute code remotely with the UID and GID of the BitchX
client. It is necessary for an attacker to control their own DNS
to exploit this bug.

Prev by Date: CVS: cvs.openbsd.org: ports
Next by Date: CVS: cvs.openbsd.org: ports
Previous by thread: CVS: cvs.openbsd.org: ports
Next by thread: CVS: cvs.openbsd.org: ports
Index(es):
- Date
- Thread

Visit your host, monkey.org