4.4-stable honeyd security update

Sun, 14 Dec 2008 06:56:28 -0800 

Security update for CVE-2008-3928.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3928

http://secunia.com/advisories/31658
Most advisories I have read on this one only talk about the file 'scripts/test.sh'. 'scripts/web.sh' seems vulnerable too, so I have patched for that case accordingly. 

Ian McWilliam
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/honeyd/Makefile,v
retrieving revision 1.21
diff -u -r1.21 Makefile
--- Makefile    14 Feb 2008 21:36:27 -0000      1.21
+++ Makefile    13 Dec 2008 01:26:24 -0000
@@ -4,7 +4,7 @@
 
 COMMENT=       utility to create virtual hosts on a network
 DISTNAME=      honeyd-1.5c
-PKGNAME=       ${DISTNAME}p2
+PKGNAME=       ${DISTNAME}p3
 CATEGORIES=    net
 MASTER_SITES=  http://www.citi.umich.edu/u/provos/honeyd/ \
                http://niels.xtdnet.nl/honeyd/
Index: patches/patch-scripts_test_sh
===================================================================
RCS file: patches/patch-scripts_test_sh
diff -N patches/patch-scripts_test_sh
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-scripts_test_sh       13 Dec 2008 01:26:24 -0000
@@ -0,0 +1,19 @@
+$OpenBSD$
+--- scripts/test.sh.orig       Sat Dec 13 11:52:43 2008
++++ scripts/test.sh    Sat Dec 13 12:05:09 2008
+@@ -1,8 +1,13 @@
+ DATE=`date`
+-echo "$DATE: Started From $1 Port $2" >> /tmp/log
++TMPFILE=`mktemp -q -t honeyd_test_log.XXXXXXXXXX`
++if [ $? -ne 0 ]; then
++      echo "test.sh: Unable to create log file. mktemp failed: $?"
++      exit 1;
++fi
++echo "$DATE: Started From $1 Port $2" >> $TMPFILE
+ echo SSH-1.5-2.40
+ while read name
+ do
+-      echo "$name" >> /tmp/log
++      echo "$name" >> $TMPFILE
+         echo "$name"
+ done
Index: patches/patch-scripts_web_sh
===================================================================
RCS file: patches/patch-scripts_web_sh
diff -N patches/patch-scripts_web_sh
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-scripts_web_sh        13 Dec 2008 01:26:24 -0000
@@ -0,0 +1,23 @@
+$OpenBSD$
+--- scripts/web.sh.orig        Sat Dec 13 12:06:02 2008
++++ scripts/web.sh     Sat Dec 13 12:08:17 2008
+@@ -1,5 +1,10 @@
+ #!/bin/sh
+ REQUEST=""
++TMPFILE=`mktemp -q -t honeyd_web_log.XXXXXXXXXX`
++if [ $? -ne 0 ]; then
++      echo "web.sh: Unable to create log file. mktemp failed: $?"
++      exit 1;
++fi
+ while read name
+ do
+       LINE=`echo "$name" | egrep -i "[a-z:]"`
+@@ -7,7 +12,7 @@ do
+       then
+               break
+       fi
+-      echo "$name" >> /tmp/log
++      echo "$name" >> $TMPFILE
+       NEWREQUEST=`echo "$name" | grep "GET .scripts.*cmd.exe.*dir.* HTTP/1.0"`
+       if [ ! -z "$NEWREQUEST" ] ; then
+               REQUEST=$NEWREQUEST

Reply via email to