FreeBSD Security Advisories
2003-Apr-08 05:12 UTC
FreeBSD Security Notice FreeBSD-SN-03:02
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================FreeBSD-SN-03:02 Security Notice The FreeBSD Project Topic: security issue in SETI@home client Announced: 2003-04-08 I. Introduction A port in the FreeBSD Ports Collection is affected by a security issue. Summary information is given below with references and affected versions. All versions given refer to the FreeBSD port/package version numbers. The listed vulnerabilities are not specific to FreeBSD unless otherwise noted. This port is not installed by default, nor is it ``part of FreeBSD'' as such. The FreeBSD Ports Collection contains thousands of third-party applications in a ready-to-install format. FreeBSD makes no claim about the security of these third-party applications. See <URL:http://www.freebsd.org/ports/> for more information about the FreeBSD Ports Collection. II. Ports +------------------------------------------------------------------------+ Port name: astro/setiathome Affected: All versions Status: Not fixed Excerpt from Berend-Jan Wever a.k.a. SkyLined's advisory: ``There is a bufferoverflow in the server responds handler. Sending an overly large string followed by a newline ('\n') character to the client will trigger this overflow. This has been tested with various versions of the client. All versions are presumed to have this flaw in some form.'' Example exploits for FreeBSD and other systems exist. A new version of SETI@home for FreeBSD is not available at the time of this security notice. <URL: http://spoor12.edup.tudelft.nl/ > <URL: http://setiathome.berkeley.edu/version308.html > +------------------------------------------------------------------------+ FreeBSD Security Notices are communications from the Security Officer intended to inform the user community about potential security issues, such as bugs in the third-party applications found in the Ports Collection, which will not be addressed in a FreeBSD Security Advisory. Feedback on Security Notices is welcome at <security-team@FreeBSD.org>. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+kruuFdaIBMps37IRAksIAKCXua4QQz3P3Y4qysYW8/ftjQhozQCfVnNw PZAo0yzuFpYydTgYrodW+4Q=DQki -----END PGP SIGNATURE-----
Apparently Analagous Threads
- FreeBSD Security Notice FreeBSD-SN-03:02
- Fwd: sn package - skew t - code for analytical expressions for first 4 moments
- How to prevent /var/log/samba/log.[sn]mbd creation?
- sn package - skew t - code for analytical expressions for first 4 moments
- Incomplete output with `sn' library package