Subject: NetBSD Security Advisory 2002-019: Buffer overrun in talkd
To: None <netbsd-announce@netbsd.org>
From: NetBSD Security Officer <security-officer@netbsd.org>
List: netbsd-announce
Date: 10/08/2002 14:27:33
-----BEGIN PGP SIGNED MESSAGE-----
NetBSD Security Advisory 2002-019
=================================
Topic: Buffer overrun in talkd
Version: NetBSD-current: source prior to September 20, 2002
NetBSD 1.6: affected
NetBSD-1.5.3: affected
NetBSD-1.5.2: affected
NetBSD-1.5.1: affected
NetBSD-1.5: affected
Severity: Possible local root compromise (not confirmed)
Fixed: NetBSD-current: September 20, 2002
NetBSD-1.6 branch: October 3, 2002
(1.6.1 will include the fix)
NetBSD-1.5 branch: September 20, 2002
Abstract
========
Rogue talk client is able to cause talkd to overrun the buffer,
and could be able to compromise root privilege of the machine running talkd.
Actual attack script is yet to be found.
Technical Details
=================
talkd did not make proper check against inbound messages and can make
unbounded copy into a destination buffer.
Solutions and Workarounds
=========================
To remedy this problem, talkd binary has to be updated to the latest one.
The following instructions describe how to upgrade your talkd
binaries by updating your source tree and rebuilding and
installing a new version of talkd.
* NetBSD-current:
Systems running NetBSD-current dated from before 2002-09-20
should be upgraded to NetBSD-current dated 2002-09-20 or later.
The following directories need to be updated from the
netbsd-current CVS branch (aka HEAD):
libexec/talkd
To update from CVS, re-build, and re-install talkd:
# cd src
# cvs update -d -P libexec/talkd
# cd libexec/talkd
# make cleandir dependall
# make install
* NetBSD 1.6:
Systems running NetBSD 1.6 branch dated from before 2002-10-03
should be upgraded to NetBSD 1.6 branch dated 2002-10-03 or later.
The following directories need to be updated from the
netbsd-1-6 CVS branch:
libexec/talkd
To update from CVS, re-build, and re-install talkd:
# cd src
# cvs update -d -P -r netbsd-1-6 libexec/talkd
# cd libexec/talkd
# make cleandir dependall
# make install
* NetBSD 1.5, 1.5.1, 1.5.2, 1.5.3:
Systems running NetBSD 1.5 branch dated from before 2002-09-20
should be upgraded to NetBSD 1.5 branch dated 2002-09-20 or later.
The following directories need to be updated from the
netbsd-1-5 CVS branch:
libexec/talkd
To update from CVS, re-build, and re-install talkd:
# cd src
# cvs update -d -P -r netbsd-1-5 libexec/talkd
# cd libexec/talkd
# make cleandir dependall
# make install
Thanks To
=========
xs@kittenz.org
Revision History
================
2002-10-08 Initial release
More Information
================
Advisories may be updated as new information comes to hand. The most
recent version of this advisory (PGP signed) can be found at
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-019.txt.asc
Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.
Copyright 2002, The NetBSD Foundation, Inc. All Rights Reserved.
$NetBSD: NetBSD-SA2002-019.txt,v 1.6 2002/10/08 03:43:35 itojun Exp $
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBPaJUWj5Ru2/4N2IFAQHlxAP/cRktEeD1NK4UjLK3wFWcz+wdEWY6e1KM
s4DMRD0Jf123A4/yXEA7pzBImhP+guvJu5FE+AVEhLWozursc/0lhaBedl4pJXp5
dZjgaK+iE+EiVeXPZhNKquAYxO5dYFk0TS4MYUWtBh9DhgXYxtF08jTq0JMKuAGu
HGjCuPb8rvc=
=PZcD
-----END PGP SIGNATURE-----