From: Mike '/m' 


Yeah, I saw that on the security-announce mailing list for OpenBSD late
this afternoon.  They are currently exploring the ramifications of it to
see it it is exploitable (especially if it is remotely exploitable).  My
DSL firewall has already been patched as of about 6pm this evening.

The proactive propolice work they did for version 3.3 may pay off for this one.

  /m


On Mon, 4 Aug 2003 21:58:35 -0400, "Geo."  wrote:

>this is rare, from the security lists:
>
>From the OpenBSD Security List:
>
>An off-by-one error exists in the C library function realpath(3).
>This is the same bug that was recently found in the wu-ftpd ftpd
>server by Janusz Niewiadomski and Janusz Niewiadomski.
>
>The OpenBSD ftp daemon does not use realpath(3) in a way that could
>be exploited, however a number of other system binaries also use
>the function.  It is not currently known whether or not this bug
>results in an exploitable security hole on OpenBSD.  Since the bug
>led to an exploitable hole in wu-ftpd, it is entirely possible that
>some program using realpath(3) under OpenBSD may be vulnerable to
>attack.  For OpenBSD 3.3 and higher, the ProPolice stack protector
>should provide some protection from this bug, but this cannot be
>guaranteed.
>
>This bug has been fixed in OpenBSD-current as well as the 3.2 and
>3.3 stable branches.  Patches are available for OpenBSD 3.2 and 3.3.
>
>Patch for OpenBSD 3.2:
>ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.2/common/015_realpath.patch
>
>Patch for OpenBSD 3.3:
>ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.3/common/001_realpath.patch
>
>For versions of OpenBSD prior to 3.2, users may simply fetch
>the current revision of realpath.c from:
>    ftp://ftp.OpenBSD.org/pub/OpenBSD/src/lib/libc/stdlib/realpath.c
>then rebuild and install libc with the new realpath.c.
>
>For more details, see the description of the wu-ftpd fp_realpath bug:
>    http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt
>

--- BBBS/NT v4.01 Flag-5