The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #360 [Returned mail: User unknown] (1 message, 1811 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/360.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: Mailer-Daemon
To: [not phage]
Date: Wed 17:26:32 21/12/1988 EST
Subject: Returned mail: User unknown
References: [Thread Prev: 359] [Thread Next: 361] [Message Prev: 359] [Message Next: 361]

   ----- Transcript of session follows -----
550 qfAA05968: line 29: phage-global@uther... User unknown: Invalid argument
550 qfAA05968: line 51: phage-archive@uther... User unknown: Invalid argument

   ----- Unsent message follows -----
Received: by uther.cs.purdue.edu (3.2/SMI-4.0)
	id AA05968; Wed, 21 Dec 88 17:24:27 EST
Resent-Date: Wed, 21 Dec 88 16:43:41 EST
Resent-From: spaf (Gene Spafford)
Resent-Message-Id: <8812212224.AA05968@uther.cs.purdue.edu>
Resent-To: phage-people
Return-Path: poepping@cert.sei.cmu.edu
Return-Path: <poepping@cert.sei.cmu.edu>
Received: from arthur.cs.purdue.edu by uther.cs.purdue.edu (3.2/SMI-4.0)
	id AA05929; Wed, 21 Dec 88 17:18:46 EST
Received: from cert.sei.cmu.edu by arthur.cs.purdue.edu; (5.54/3.16)
	id AA03703; Wed, 21 Dec 88 17:18:38 EST
Received: by cert.sei.cmu.edu (5.54/2.3)
        id AA07992; Wed, 21 Dec 88 16:43:43 EST
Message-Id: <8812212143.AA07992@cert.sei.cmu.edu>
To: cert-contact@cert.sei.cmu.edu
Cc: cert@cert.sei.cmu.edu
Subject: V1.74 (security problem in passwd)
Date: Wed, 21 Dec 88 16:43:41 EST
From: Mark Poepping <poepping@cert.sei.cmu.edu>
Reply-To: Mark Poepping <poepping@cert.sei.cmu.edu>
Send-Submissions-To: phage@cs.purdue.edu
Send-Requests-To: phage-request@cs.purdue.edu


The CERT center received the following information from Keith Bostic
at the Computer Systems Research Group at UC-Berkeley shortly after
noon EST today (12/21).  This note has also been posted to
comp.bugs.4bsd.ucb-fixes.

cert@sei.cmu.edu

------------------

Subject: security problem in passwd
Index: bin/passwd.c 4.3BSD

Description:
	There's a security problem associated with the passwd(1)
	program in all known Berkeley systems.  This problem is
	also in most Berkeley derived systems, see your vendor
	for more information.

Fix:
	Apply the following patch to the file src/bin/passwd.c and
	recompile/reinstall it.

*** passwd.c.orig	Wed Dec 21 08:57:41 1988
--- passwd.c	Wed Dec 21 09:00:25 1988
***************
*** 332,337 ****
--- 332,339 ----
  	return (crypt(pwbuf, saltc));
  }
 
+ #define	STRSIZE	100
+
  char *
  getloginshell(pwd, u, arg)
  	struct passwd *pwd;
***************
*** 338,344 ****
  	int u;
  	char *arg;
  {
! 	static char newshell[BUFSIZ];
  	char *cp, *valid, *getusershell();
 
  	if (pwd->pw_shell == 0 || *pwd->pw_shell == '\0')
--- 340,346 ----
  	int u;
  	char *arg;
  {
! 	static char newshell[STRSIZE];
  	char *cp, *valid, *getusershell();
 
  	if (pwd->pw_shell == 0 || *pwd->pw_shell == '\0')
***************
*** 415,423 ****
  getfingerinfo(pwd)
  	struct passwd *pwd;
  {
! 	char in_str[BUFSIZ];
  	struct default_values *defaults, *get_defaults();
! 	static char answer[4*BUFSIZ];
 
  	answer[0] = '\0';
  	defaults = get_defaults(pwd->pw_gecos);
--- 417,425 ----
  getfingerinfo(pwd)
  	struct passwd *pwd;
  {
! 	char in_str[STRSIZE];
  	struct default_values *defaults, *get_defaults();
! 	static char answer[4*STRSIZE];
 
  	answer[0] = '\0';
  	defaults = get_defaults(pwd->pw_gecos);
***************
*** 429,435 ****
  	 */
  	do {
  		printf("\nName [%s]: ", defaults->name);
! 		(void) fgets(in_str, BUFSIZ, stdin);
  		if (special_case(in_str, defaults->name))
  			break;
  	} while (illegal_input(in_str));
--- 431,437 ----
  	 */
  	do {
  		printf("\nName [%s]: ", defaults->name);
! 		(void) fgets(in_str, STRSIZE, stdin);
  		if (special_case(in_str, defaults->name))
  			break;
  	} while (illegal_input(in_str));
***************
*** 440,446 ****
  	do {
  		printf("Room number (Exs: 597E or 197C) [%s]: ",
  			defaults->office_num);
! 		(void) fgets(in_str, BUFSIZ, stdin);
  		if (special_case(in_str, defaults->office_num))
  			break;
  	} while (illegal_input(in_str) || illegal_building(in_str));
--- 442,448 ----
  	do {
  		printf("Room number (Exs: 597E or 197C) [%s]: ",
  			defaults->office_num);
! 		(void) fgets(in_str, STRSIZE, stdin);
  		if (special_case(in_str, defaults->office_num))
  			break;
  	} while (illegal_input(in_str) || illegal_building(in_str));
***************
*** 452,458 ****
  	do {
  		printf("Office Phone (Ex: 6426000) [%s]: ",
  			defaults->office_phone);
! 		(void) fgets(in_str, BUFSIZ, stdin);
  		if (special_case(in_str, defaults->office_phone))
  			break;
  		remove_hyphens(in_str);
--- 454,460 ----
  	do {
  		printf("Office Phone (Ex: 6426000) [%s]: ",
  			defaults->office_phone);
! 		(void) fgets(in_str, STRSIZE, stdin);
  		if (special_case(in_str, defaults->office_phone))
  			break;
  		remove_hyphens(in_str);
***************
*** 464,470 ****
  	 */
  	do {
  		printf("Home Phone (Ex: 9875432) [%s]: ", defaults->home_phone);
! 		(void) fgets(in_str, BUFSIZ, stdin);
  		if (special_case(in_str, defaults->home_phone))
  			break;
  		remove_hyphens(in_str);
--- 466,472 ----
  	 */
  	do {
  		printf("Home Phone (Ex: 9875432) [%s]: ", defaults->home_phone);
! 		(void) fgets(in_str, STRSIZE, stdin);
  		if (special_case(in_str, defaults->home_phone))
  			break;
  		remove_hyphens(in_str);
***************
*** 501,507 ****
  	if (input_str[length-1] != '\n') {
  		/* the newline and the '\0' eat up two characters */
  		printf("Maximum number of characters allowed is %d\n",
! 			BUFSIZ-2);
  		/* flush the rest of the input line */
  		while (getchar() != '\n')
  			/* void */;
--- 503,509 ----
  	if (input_str[length-1] != '\n') {
  		/* the newline and the '\0' eat up two characters */
  		printf("Maximum number of characters allowed is %d\n",
! 			STRSIZE-2);
  		/* flush the rest of the input line */
  		while (getchar() != '\n')
  			/* void */;

END OF DOCUMENT