diff options
| author | tez <tez@pkgsrc.org> | 2011-12-23 16:44:24 +0000 |
|---|---|---|
| committer | tez <tez@pkgsrc.org> | 2011-12-23 16:44:24 +0000 |
| commit | d5a189e54f8c92262d9aea1d0a1da2cddf4a7ddc (patch) | |
| tree | 7635aa7ca955186affcc721e402e5783da609b88 /security/mit-krb5-appl | |
| parent | e10f0abe58f8a2df758a86f09089546a24c1ae7a (diff) | |
| download | pkgsrc-d5a189e54f8c92262d9aea1d0a1da2cddf4a7ddc.tar.gz | |
Fix for CVE-2011-4862 from FreeBSD
When an encryption key is supplied via the TELNET protocol, its length
is not validated before the key is copied into a fixed-size buffer.
This is a remote root exploit that is being actively exploited in the wild.
Diffstat (limited to 'security/mit-krb5-appl')
| -rw-r--r-- | security/mit-krb5-appl/Makefile | 4 | ||||
| -rw-r--r-- | security/mit-krb5-appl/distinfo | 3 | ||||
| -rw-r--r-- | security/mit-krb5-appl/patches/patch-telnet_libtelnet_encrypt.c | 19 |
3 files changed, 23 insertions, 3 deletions
diff --git a/security/mit-krb5-appl/Makefile b/security/mit-krb5-appl/Makefile index 23b0985be03..9aa53a4e656 100644 --- a/security/mit-krb5-appl/Makefile +++ b/security/mit-krb5-appl/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.3 2011/12/17 10:16:36 sbd Exp $ +# $NetBSD: Makefile,v 1.4 2011/12/23 16:44:24 tez Exp $ DISTNAME= krb5-appl-1.0.1 PKGNAME= mit-${DISTNAME} -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/krb5-appl/1.0/ DISTFILES= ${DISTNAME}-signed${EXTRACT_SUFX} diff --git a/security/mit-krb5-appl/distinfo b/security/mit-krb5-appl/distinfo index 59bef9e71a7..bf67beeebcb 100644 --- a/security/mit-krb5-appl/distinfo +++ b/security/mit-krb5-appl/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.3 2011/12/18 18:05:13 dholland Exp $ +$NetBSD: distinfo,v 1.4 2011/12/23 16:44:24 tez Exp $ SHA1 (2011-005-patch.txt) = 5e52a66b299407f54038fc287732160aabce51ff RMD160 (2011-005-patch.txt) = 780d9769e3b2661b927b26295f14a31dee314213 @@ -8,3 +8,4 @@ RMD160 (krb5-appl-1.0.1-signed.tar) = ca0668b623dcf4dc5a0699fa47d86660aac5544a Size (krb5-appl-1.0.1-signed.tar) = 645120 bytes SHA1 (patch-ab) = 4522fcdb396d2079ac6405926a64f907d94a2593 SHA1 (patch-gssftp_ftp_cmds_c) = 24942a2bcfc0cb0ce3045da5468d315c5b1bfadb +SHA1 (patch-telnet_libtelnet_encrypt.c) = 26e21d72c6f5bad4af2c733c2fe63fdc65a78bf2 diff --git a/security/mit-krb5-appl/patches/patch-telnet_libtelnet_encrypt.c b/security/mit-krb5-appl/patches/patch-telnet_libtelnet_encrypt.c new file mode 100644 index 00000000000..726da519efe --- /dev/null +++ b/security/mit-krb5-appl/patches/patch-telnet_libtelnet_encrypt.c @@ -0,0 +1,19 @@ +$NetBSD: patch-telnet_libtelnet_encrypt.c,v 1.1 2011/12/23 16:44:24 tez Exp $ + +Fix for CVE-2011-4862 from FreeBSD + +When an encryption key is supplied via the TELNET protocol, its length +is not validated before the key is copied into a fixed-size buffer. + +--- telnet/libtelnet/encrypt.c.orig 2011-12-23 10:14:18.191614600 -0600 ++++ telnet/libtelnet/encrypt.c 2011-12-23 10:15:26.640275300 -0600 +@@ -757,6 +757,9 @@ + int dir = kp->dir; + register int ret = 0; + ++ if (len > MAXKEYLEN) ++ len = MAXKEYLEN; ++ + if (!(ep = (*kp->getcrypt)(*kp->modep))) { + if (len == 0) + return; |