First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 159178
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Tavis Ormandy (RETIRED) <taviso@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
oftpd.diff lprt assertion patch patch Tavis Ormandy (RETIRED) 2006-12-27 03:40 0000 550 bytes Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 159178 depends on: Show dependency tree
Bug 159178 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-12-26 17:30 0000 
If you send an LPRT with an address family that is != 4 or 6, oftpd will die.

$ nc localhost 21 <<< "LPRT
1,16,63,254,47,0,0,32,0,0,0,0,0,0,32,254,143,205,2,141,176"
220 Service ready for new user.
521 Only IPv4 supported, address family (4)
$ nc localhost 21 
localhost [127.0.0.1] 21 (ftp) : Connection refused

------- Comment #1 From Tavis Ormandy (RETIRED) 2006-12-27 03:40:58 0000 ------- 
Created an attachment (id=104795) [details]
lprt assertion patch

simple patch that ssolves this problem for me.

------- Comment #2 From Tavis Ormandy (RETIRED) 2006-12-29 02:58:18 0000 ------- 
eradicator: please provide an updated ebuild

------- Comment #3 From Roy Marples (RETIRED) 2007-01-04 04:39:18 0000 ------- 
-r3 added to portage with attached patch. Thanks.

------- Comment #4 From Tavis Ormandy (RETIRED) 2007-01-04 04:49:24 0000 ------- 
Arches: please test and mark stable net-ftp/oftpd-0.3.7-r3

target KEYWORDS="amd64 arm ppc64 sh sparc x86"

------- Comment #5 From Timothy Redaelli 2007-01-04 06:00:39 0000 ------- 
nothing to do

------- Comment #6 From Gustavo Zacarias (RETIRED) 2007-01-04 11:22:54 0000 ------- 
sparc stable.

------- Comment #7 From Tom Gall 2007-01-04 21:18:29 0000 ------- 
stable on ppc64

------- Comment #8 From Christian Faulhammer 2007-01-05 00:30:37 0000 ------- 
x86 stable

------- Comment #9 From Steve Dibb 2007-01-05 06:18:18 0000 ------- 
amd64 stable

------- Comment #10 From Raphael Marichez 2007-01-14 20:47:00 0000 ------- 
I vote for a GLSA.

------- Comment #11 From Raphael Marichez 2007-01-14 23:03:42 0000 ------- 
tavis votes yes

------- Comment #12 From Raphael Marichez 2007-01-15 23:03:57 0000 ------- 
GLSA 200701-09, thanks everybody
First Last Prev Next    No search results available      Search page      Enter new bug