Mamnuts 1.8.3
WARNING:
A SECURITY BUG was found in Amnuts and Mamnuts. That bug exists in EVERY version of Amnuts and Mamnuts (before 1.8.3). So, if you don't want your talker compromised and the account where it is running, upgrade to Mamnuts 1.8.3.
posted by Mind Booster Noori @ 11:05 AM
2 Comments:
And I wonder which security bug this is...I guess I shall do a diff and find out though.
"SECURITY FIX: avoided a buffer overflow on .wizlist by removing it. Take in consideration that this bug puts your talker (and talker account) security in risk, and is present in ANY VERSION of Amnuts and Mamnuts!!! More information about this bug will be given by request."
Um--OK I am requesting this. I see no real buffer overflow unless you mean writing to fixed size stack allocated character arrays in a loop. Writing to such arrays is done all over the code (so you would be better to start over if you want to remove all those bugs)--take a look at almost every use of "ARR_SIZE" (and that is only some of them). Also remember normal users have no access to creating users that will be listed on the wizlist (so one untrusted user cannot make that list big enough to overflow the fixed stack variables). I noticed this patch mostly removed wizlist retire and unretire.
This is why my suggestion was to get a secure string handling library for a new talker development base (among other basic libraries). Using <string.h> and traditional C strings just opens up piles of security issues.
Post a Comment
<< Home