Hello,
I failed concentrating on my university essay ;) I've done some work on it, but I've
also audited more stuff, resulting in DSA-700 and DSA-706. Number 700 is an XSS bug
in mailreader, that occurs because it uses spaces at the end of tags to signify that
they're OK but it forgets to remove tags that come in from the network with spaces
at the end. Number 706 is a stack-based remote buffer overflow in axel when handling
redirects. (More details can be found in my Advogato diary at
http://advogato.org/person/metaur/ .) Neither mailreader nor axel look especially secure,
so I'm sure someone who spends more time auditing them will find other vulnerabilities.
I have also found and filed some bugs:
#302273 (format strings cause crashes in didiwiki)
#302454 (trackballs follows symlinks as gid games)
#304525 (ilohamail has multiple XSS bugs)
#305255 (gzip (!!) has a directory traversal bug when using "gunzip -N")
The new OpenBSD song is out now BTW ;)
http://www.openbsd.org/lyrics.html#37
// Ulf Härnhammar
Received on Wed Apr 20 2005 - 16:43:27 BST