From owner-FreeBSD-users-jp@jp.freebsd.org  Tue Mar 21 11:50:56 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id LAA64240;
	Tue, 21 Mar 2000 11:50:56 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from sraigw.sra.co.jp (sraigw.sra.co.jp [202.32.10.2])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id LAA64225;
	Tue, 21 Mar 2000 11:50:54 +0900 (JST)
	(envelope-from m-kasahr@sra.co.jp)
Received: from srapc517.sra.co.jp (srapc517 [133.137.20.77])
	by sraigw.sra.co.jp (8.8.7/3.7W-sraigw) with ESMTP id LAA16795;
	Tue, 21 Mar 2000 11:50:54 +0900 (JST)
Received: from localhost (localhost [127.0.0.1])
	by srapc517.sra.co.jp (Postfix) with ESMTP
	id 9BC7519327; Tue, 21 Mar 2000 11:50:53 +0900 (JST)
To: ports-jp@jp.freebsd.org
Cc: FreeBSD-users-jp@jp.freebsd.org
In-Reply-To: <20000317101413.B18885@amalthea.phys.s.u-tokyo.ac.jp>
References: <90722.953184656@ideon.st.ryukoku.ac.jp>
	<200003161240.VAA93177@sakura.mk.bsdclub.org>
	<20000317101413.B18885@amalthea.phys.s.u-tokyo.ac.jp>
X-Mailer: Mew version 1.94.1 on Emacs 20.4 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <20000321115053Q.m-kasahr@srapc517.sra.co.jp>
Date: Tue, 21 Mar 2000 11:50:53 +0900 (JST)
From: Motoyuki Kasahara <m-kasahr@sra.co.jp>
X-Dispatcher: imput version 990905(IM130)
Lines: 60
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: FreeBSD-users-jp 50667
Subject: [FreeBSD-users-jp 50667] Re: [ports-jp 9107] delegate (was Re: japanese/mh
 =?ISO-2022-JP?B?GyRCJVElQyUxITwlOCRIGyhC?=
 FreeBSD Security Advisory:  FreeBSD-SA-00:07.mh)
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: m-kasahr@sra.co.jp

$B3^86$G$9!#(B
$B:G6a$N(B FreeBSD SA $B$NH/9TIQEY$r$_$k$H!"L@F|$O2f$,?H$+(B...$B$H$A$g$C(B
$B$H%S%S$C$F$^$9!#(B

* From: Kawaguti Ginga <ginga@amalthea.phys.s.u-tokyo.ac.jp>
* Date: Fri, 17 Mar 2000 10:14:13 +0900

> port $B$N(B net/delegate $B$b$A$g$C$H0JA0$N(B "security advisory" $B$G(B
> $B4m81$N_`0u$r2!$5$l$F$7$^$C$F$$$F8=:_$b$=$N$^$^$N$h$&$J$N$G$9$,(B
> delegate ML $B$K$=$l$K4X$9$k<ALd$,$$$/$D$+$G$F(B
> $B:n<T$N:4F#$5$s$N8+2r$H$7$F$O!"6qBNE*$J;XE&$,$J$K$b$J$$$N$G(B
> $BNI$/J,$+$i$J$$$,!"$3$N(B SA $B$,$b$H%M%?$K$7$F$$$k>pJs$O$*$=$i$/(B
> $B$@$$$V0JA0$K(B(version 5.9.x $B$N:"(B?; $B8=:_$O(B 6.1.2) 
> debian $B$J$I$G;XE&$5$l$?$b$N$G=$@5:Q$N$b$N$@$m$&!"$H$$$&$3$H$G$7$?!#(B

DeleGate $B$rHsFq$9$k$D$b$j$O$J$$$N$G$9$,!"%=!<%9%3!<%I$r(B ($B$8$C$/$j(B
$BFI$s$@$o$1$8$c$J$$$s$G$9$,(B) $BD/$a$F$$$k$H5$$E$/$N$O(B

        char forwarded[256],received_by[256];
        char *auth,atype[128],genauth[256];
        char buf[1024],buf2[1024];

$B$N$h$&$J!"D9$5$r7h$aBG$A$7$?J8;zNsMQNN0h$rMQ0U$7$F$$$k$3$H$,<B$K(B
$BB?$/!"$=$N0lIt$O(B sprintf() $B$J$I$G(B

	sprintf(genauth,"%s %s",atype,buf);

$B$H$$$C$?=q$-9~$_$r$7$F$$$k$3$H$G$9!#(B
($B$3$NNc$O(B genProxyReqFields() $B$h$j!#JL$KA0$+$i$3$NItJ,$r5?Ld$K;W$C(B
$B$F$?$o$1$8$c$J$/$F!"E,Ev$JNc$O$J$$$+$HC5$7$?$i$[$I$J$/$7$F8+$D$+$j(B
$B$^$7$?!#(B)

$B$?$H$($3$&$7$?5-=R$rB?MQ$7$F$$$F$b!"%*!<%P!<%i%sBP:v$O%-%C%A%j$d$C(B
$B$F$*$i$l$k$N$+$bCN$l$^$;$s$,!"FI$`<T$rIT0B$K$5$;$k$K$O==J,$J0u>](B
$B$rM?$($k$N$G$O$J$$$+$H;W$$$^$9!#(B

$B$?$H$($P>e$NNc$J$i!"(Bgenauth[] $B$O:GBg(B 256 $B%P%$%H$J$N$K!"(Bbuf[] $B$O(B
1024 $B%P%$%HMQ0U$7$F$$$k$s$G$9$h$M!#D9$5$O2?=h$+$G%A%'%C%/$7$F$$$k(B
$B$N$+$J$!$H;W$$$D$D!"4JC1$K$OJ,$+$j$=$&$b$J$$$7!";~4V$+$1$FD4$Y$k(B
$BM>M5$b$J$$$N$G!"(B

		  $B8+$J$+$C$?$3$H$K$7$^$9(B....$B!#(B(--;)

Security Advisory $B$NI.<T$,<!$N$h$&$J5-=R$r$7$F$$$k$N$b!"FCDj$NLd(B
$BBjE@$K$D$$$F$G$O$J$/!"$3$&$7$?%=!<%9%3!<%I$NJ70O5$$rSL$.$H$C$?$+(B
$B$i$G$O$J$$$+$H;W$($?$N$G$9$,!"$=$&$8$c$"$J$$$s$G$7$g$&$+!#(B

| Unfortunately it is
| written in a very insecure style, with potentially dozens of different
| exploitable buffer overflows (including several demonstrated ones),

| Unfortunately no simple fix is available - the problems with the delegate
| software are too endemic to be fixed by a simple patch.

$B$H$O$$$(!"(BSecurity Advisory $B=q$$$F@$3&Cf$K%"%J%&%s%9$9$k$+$i$K$O!"(B
$B!VIT0B$@$+$i!W$8$c$J$/$F$A$c$s$H8!>Z$7$J$$$H$$$1$J$$$H$O;W$$$^$9(B
$B$1$I!#(B
________________________________________________________________
                                    $B3^86(B $B4pG7(B($B$+$5$O$i(B $B$b$H$f$-(B)

