copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » ESB-2001.326 -- FreeBSD-SA-01:50.windowmaker -- wind...
 

ESB-2001.326 -- FreeBSD-SA-01:50.windowmaker -- windowmaker contains possibly exploitable buffer overflow
Date: 30 July 2001

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----

===========================================================================
             AUSCERT External Security Bulletin Redistribution

               ESB-2001.326 -- FreeBSD-SA-01:50.windowmaker
         windowmaker contains possibly exploitable buffer overflow
                               30 July 2001

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:                windowmaker
                        windowmaker-i18n
Vendor:                 FreeBSD Ports Collection
Operating System:       FreeBSD
Platform:               i386
                        Alpha
Impact:                 Execute Arbitrary Code/Commands
                        Denial of Service
Access Required:        Remote

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----

=============================================================================
FreeBSD-SA-01:50                                           Security Advisory
                                                                FreeBSD, Inc.

Topic:          windowmaker contains possibly exploitable buffer overflow

Category:       ports
Module:         windowmaker/windowmaker-i18n
Announced:      2001-07-27
Credits:        Robert Marshall <robert@chezmarshall.freeserve.co.uk>
Affects:        Ports collection prior to the correction date.
Corrected:      2001-07-24
Vendor status:  Updated version released
FreeBSD only:   NO

I.   Background

Windowmaker is a GNUstep-compliant X11 window manager which emulates
the NeXTSTEP interface.

II.  Problem Description

The windowmaker ports, versions prior to windowmaker-0.65.0_2 and
windowmaker-i18n-0.65.0_1, contain a potentially exploitable buffer
overflow when displaying a very long window title in the window list
menu.  Since programs such as web browsers will include the contents
of a webpage's title tag in window titles, this problem may allow
authors of malicious webpages to cause windowmaker to crash and
potentially execute arbitrary code as the user running windowmaker.

The windowmaker ports are not installed by default, nor are they
"part of FreeBSD" as such: they are part of the FreeBSD ports
collection, which contains over 5500 third-party applications in
a ready-to-install format. The ports collection shipped with FreeBSD
4.3 is vulnerable to this problem since it was discovered after
its release.

FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security
audit of the most security-critical ports.

III. Impact

Under certain circumstances, remote webservers may cause windowmaker
to crash and potentially execute arbitrary code as the user running
windowmaker.

If you have not chosen to install the windowmaker port/package,
then your system is not vulnerable to this problem.

IV.  Workaround

Deinstall the windowmaker package if you have installed it.

V.   Solution

One of the following:

1) Upgrade your entire ports collection and rebuild the windowmaker
or windowmaker-i18n port.

2) Deinstall the old package and install a new package dated after the
correction date, obtained from the following directories:

[i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/x11-wm/windowmaker-0.65.1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/x11-wm/windowmaker-0.65.1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/x11-wm/windowmaker-i18n-0.65.0_1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/x11-wm/windowmaker-i18n-0.65.0_1.tgz

[alpha]
Packages are not automatically generated for the alpha architecture at
this time due to lack of build resources.

3) download a new port skeleton for the windowmaker or windowmaker-i18n
port from:

http://www.freebsd.org/ports/

and use it to rebuild the port.

4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iQCVAwUBO2HM5VUuHi5z0oilAQH8ZAP9GibPUuDW96J9ylQs/V3aoTblSlw3zaXX
8EkouFxYEDTk0LBJfwyq343z4OfrM21A8gxlQiW+b620JkNkL795zkRQ01DxbQle
bDaOOICvXpVmHyI0Xxn3qLCeQJpuNhJkT5kvf+49q4ldljsIiHNc6FFTOpcA0SlW
NKPR3OpUy+o=
=A5Cb
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content.  The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

	http://www.auscert.org.au/Information/advisories.html

If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).

Internet Email: auscert@auscert.org.au
Facsimile:	(07) 3365 7031
Telephone:	(07) 3365 4417 (International: +61 7 3365 4417)
		AusCERT personnel answer during Queensland business hours
		which are GMT+10:00 (AEST).
		On call after hours for emergencies.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key

iQCVAwUBO2VwFSh9+71yA2DNAQFEPQP+OAwlw8BizzkAGgsk8s2WCP/ZViuyosDy
X9B6L6ttVfydMxem/6OIP2x24YVak1S4oG6X2kulmu0vik5v9OirdF4wxwFqJJ26
QXpwcVDK1IZfZ/7AZ1xQzleugIF3B9lGcSDEGY5u8DIiRfvPl68AOcnDLMPzmKP0
rXBOeICJOvQ=
=k+YV
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/render.html?cid=1&it=1436