by redmail.netbsd.org with SMTP; 8 Dec 1999 09:34:06 -0000
	by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id SAA03695;
	Wed, 8 Dec 1999 18:33:58 +0900 (JST)
To: tech-security@netbsd.org, tech-pkg@netbsd.org
Subject: buffer overflow in some of pkgsrc
From: itojun@iijlab.net
Date: Wed, 08 Dec 1999 18:33:58 +0900
Message-ID: <3693.944645638@coconut.itojun.org>

	(it may have been resent by security-officier, but just in case it
	was not)

	There were buffer overflow possibility in some of pkgsrc collection
	we support.  They used old uucplock() function, which used sprintf()
	with short buffer.  Local user may be able to gain a shell with
	"uucp" uid.  Affected pkgsrc are:
		pkgsrc/x11/xmindpath
		pkgsrc/graphics/camediaplay
		pkgsrc/misc/snooper

	Also, "dc3play" (DC-3 digital camera downloading tool) and "docomodoki"
	(phonebook downloader for Japanese cellphones) are affected (they are
	not in NetBSD pkgsrc).

	pkgsrc are already fixed by using the latest version of original
	distribution, or by including specific patch for it.
	Please upgrade to latest version, like:
		xmindpath-1.06a
		camdiaplay-19991202
		snooper-19991202
	by using latest pkgsrc tree.  (or you can disable setuid bit on
	installed binary and run them as privileged user)

itojun