Casinos Not On Gamstop Non Gamstop Casinos Casinos Not On Gamstop Online Casinos UK Non Gamstop Casino
28th Aug 2000 [SBWID-169]
COMMAND
	    mopd
SYSTEMS AFFECTED
	    OpenBSD 2.7, NetBSD 1.4.2, FreeBSD
PROBLEM
	    Matt  Power  found  following.   The  mopd (Maintenance Operations
	    Protocol loader daemon) implementation  in OpenBSD 2.7 and  NetBSD
	    1.4.2 includes  a step  in which  the daemon  receives a file name
	    from a client elsewhere on the  network.  Matt found one point  at
	    which the client can overflow a buffer in the server by sending  a
	    long file name.   Also, he found  two points at  which the  server
	    uses the client-supplied  file name directly  as part of  a format
	    string  in  a  syslog(3)   function  call  (this  is   potentially
	    problematic if the file name contains any % characters).
	    Matt  reported  these  issues  to  the OpenBSD and NetBSD security
	    contact addresses at  00:04 UTC on  29 June 2000.   He received  a
	    reply from  the OpenBSD  project at  00:15 UTC  on 29  June, and a
	    reply from the NetBSD Project at 03:05 UTC on 29 June.
	    There are other versions of mopd that you might possibly be using.
	    Download locations include
	
	        ftp://ftp.redhat.com/pub/redhat/powertools/6.2/i386/SRPMS/mopd-linux-2.5.3-4.src.rpm
	        ftp://ftp.stacken.kth.se/pub/OS/NetBSD/mopd/mopd-linux-2.5.3.tar.gz
	        ftp://linux-vax.sourceforge.net/pub/linux-vax/tools/misc/mopd-linux.tar.gz
	
	    Matt suspects that currently all of these are vulnerable versions.
	    To check  for the  buffer-overflow problem  yourself, look  at the
	    function mopProcessDL in  the file process.c.   Older versions  of
	    the  code  declare  a  17-character  buffer  named pfile, and rely
	    directly on a value of tmpc (an unsigned char value obtained  over
	    the network from the client)  to determine how much data  to write
	    into  this  buffer,  regardless  of  whether the buffer is smaller
	    than  tmpc.    To  check   for  the   syslog  problem,   look  for
	    "syslog(LOG_INFO, line);".
SOLUTION
	    An OpenBSD 2.7 security advisory was issued on 5 July - see
	
	        http://www.openbsd.org/security.html#27
	        http://www.openbsd.org/errata.html#mopd
	
	    Patches for NetBSD have also been written -- you may wish to  look
	    at
	
	        http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c
	
	    For FreBSD, deinstall  the old package  and install a  new package
	    dated after the correction date, obtained from:
	
	        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/mopd-1.2b.tgz
	        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/mopd-1.2b.tgz
	        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/mopd-1.2b.tgz
	        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/mopd-1.2b.tgz
	        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/mopd-1.2b.tgz
	
	    For RedHat:
	
	        ftp://updates.redhat.com/powertools/6.2/sparc/mopd-linux-2.5.3-15.sparc.rpm
	        ftp://updates.redhat.com/powertools/6.2/alpha/mopd-linux-2.5.3-15.alpha.rpm
	        ftp://updates.redhat.com/powertools/6.2/i386/mopd-linux-2.5.3-15.i386.rpm
	        ftp://updates.redhat.com/powertools/6.2/SRPMS/mopd-linux-2.5.3-15.src.rpm
	
	    Conectiva Linux does not ship mopd.
Internet highlights

Casino Not On Gamstop