Your message dated Thu, 9 Mar 2006 12:14:12 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#352369: (no subject)
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Subject: buffer overflow in /usr/share/doc/netcat/examples/data/rservice.c
Package: netcat
Version: 1.10-29
Severity: minor
Hello,
I have found a buffer overflow in the file /usr/share/doc/netcat/examples/data/
rservice.c. It is included as source but not as a binary in the package.
If you copy it from that path, compile it and run it, you will find that
it will segfault when you give it long data on the command line:
[EMAIL PROTECTED]:~/netcat.data$ cp /usr/share/doc/netcat/examples/data/* .
[EMAIL PROTECTED]:~/netcat.data$ make
cc -s -O -o data data.c
data.c: In function 'main':
data.c:91: warning: incompatible implicit declaration of built-in function
'memset'
data.c:120: warning: pointer targets in assignment differ in signedness
data.c:158: warning: incompatible implicit declaration of built-in function
'exit'
data.c:166: warning: pointer targets in assignment differ in signedness
data.c:242: warning: pointer targets in assignment differ in signedness
data.c:262: warning: pointer targets in assignment differ in signedness
cc -s -O -o rservice rservice.c
rservice.c: In function 'main':
rservice.c:29: warning: incompatible implicit declaration of built-in function
'memset'
rservice.c:36: warning: incompatible implicit declaration of built-in function
'strlen'
rservice.c:37: warning: incompatible implicit declaration of built-in function
'memcpy'
rservice.c:63: warning: incompatible implicit declaration of built-in function
'exit'
cc -s -O -o xor xor.c
xor.c: In function 'main':
xor.c:52: warning: incompatible implicit declaration of built-in function
'memset'
xor.c:88: warning: incompatible implicit declaration of built-in function 'exit'
xor.c:90: warning: incompatible implicit declaration of built-in function 'exit'
[EMAIL PROTECTED]:~/netcat.data$ ./rservice a b c | cat -A
[EMAIL PROTECTED]@[EMAIL PROTECTED]@$
[EMAIL PROTECTED]:~/netcat.data$ ./rservice `perl -e 'print "U" x 1995;'` a b
Segmentation fault
[EMAIL PROTECTED]:~/netcat.data$
Feel free to patch it, remove the file from the package, or ignore this bug.
// Ulf Harnhammar, Debian Security Audit Project
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages netcat depends on:
ii libc6 2.3.5-8 GNU C Library: Shared libraries an
netcat recommends no packages.
-- no debconf information
--
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 8 at http://www.opera.com
Powered by Outblaze
--- End Message ---
--- Begin Message ---
Thanks. This was due to a dpatch error, so I took the opportunity to
switch to quilt which should reduce the likelihood of making such a
mistake in the future. -31 should hit dinstall this afternoon.
--
things change.
[EMAIL PROTECTED]
--- End Message ---
