[Midnightbsd-cvs] [MidnightBSD/src] 1f3f08: The passive mode in FTP communication allows an ou...
Lucas Holt
noreply at github.com
Wed Aug 25 01:19:14 EDT 2021
Branch: refs/heads/master
Home: https://github.com/MidnightBSD/src
Commit: 1f3f084d5773953ae225b464cf4c6cf4f52b04f9
https://github.com/MidnightBSD/src/commit/1f3f084d5773953ae225b464cf4c6cf4f52b04f9
Author: Lucas Holt <luke at foolishgames.com>
Date: 2021-08-25 (Wed, 25 Aug 2021)
Changed paths:
M lib/libfetch/ftp.c
Log Message:
-----------
The passive mode in FTP communication allows an out of boundary read while
libfetch uses strtol to parse the relevant numbers into address bytes. It
does not check if the line ends prematurely. If it does, the for-loop
condition checks for *p == '\0' one byte too late because p++ was already
performed.
Obtained from: FreeBSD
Commit: c03d4b73af81735368f378cf9e2f89d5aaae9223
https://github.com/MidnightBSD/src/commit/c03d4b73af81735368f378cf9e2f89d5aaae9223
Author: Lucas Holt <luke at foolishgames.com>
Date: 2021-08-25 (Wed, 25 Aug 2021)
Changed paths:
M sbin/ggate/ggatec/ggatec.c
Log Message:
-----------
The ggatec(8) daemon does not validate the size of a response before writing
it to a fixed-sized buffer. This allows to overwrite the stack of ggatec(8).
Obtained from: FreeBSD
Commit: 2290ee3ef241b6ac310d4f8e3bc1b57b69bd1648
https://github.com/MidnightBSD/src/commit/2290ee3ef241b6ac310d4f8e3bc1b57b69bd1648
Author: Lucas Holt <luke at foolishgames.com>
Date: 2021-08-25 (Wed, 25 Aug 2021)
Changed paths:
M usr.sbin/bhyve/pci_virtio_console.c
M usr.sbin/bhyve/pci_virtio_rnd.c
Log Message:
-----------
Certain VirtIO-based device models failed to handle errors when fetching
I/O descriptors. Such errors could be triggered by a malicious guest.
As a result, the device model code could be tricked into operating on
uninitialized I/O vectors, leading to memory corruption.
Obtained from: FreeBSD
Compare: https://github.com/MidnightBSD/src/compare/1a9ca4cefaed...2290ee3ef241
More information about the Midnightbsd-cvs
mailing list