Subject: buffer overflow in some of pkgsrc
To: None <email@example.com, firstname.lastname@example.org>
From: None <email@example.com>
Date: 12/08/1999 18:33:58
(it may have been resent by security-officier, but just in case it
There were buffer overflow possibility in some of pkgsrc collection
we support. They used old uucplock() function, which used sprintf()
with short buffer. Local user may be able to gain a shell with
"uucp" uid. Affected pkgsrc are:
Also, "dc3play" (DC-3 digital camera downloading tool) and "docomodoki"
(phonebook downloader for Japanese cellphones) are affected (they are
not in NetBSD pkgsrc).
pkgsrc are already fixed by using the latest version of original
distribution, or by including specific patch for it.
Please upgrade to latest version, like:
by using latest pkgsrc tree. (or you can disable setuid bit on
installed binary and run them as privileged user)