COMMAND

    mars_nwe

SYSTEMS AFFECTED

    mars_nwe 0.99pl19

PROBLEM

    Przemyslaw  Frasunek  posted  following.   Mars_nwe  0.99.pl19  is
    vulnerable to remote format string vulnerability, allowing to gain
    superuser  privileges  from  DOS/Windows  workstations attached to
    mars server.

SOLUTION

    Here is the patch:

    --- tools.c.orig	Fri Jan 26 22:46:34 2001
    +++ tools.c	Fri Jan 26 22:46:59 2001
    @@ -189,7 +189,7 @@
             sprintf(identstr, "%s %d %3d", get_debstr(0),
                                act_connection, act_ncpsequence);
             openlog(identstr, LOG_CONS, LOG_DAEMON);
    -        syslog(LOG_DEBUG, buf);
    +        syslog(LOG_DEBUG, "%s", buf);
             closelog();
           } else {
             int l=strlen(buf);
    @@ -249,7 +249,7 @@
         }
         sprintf(identstr, "%s %d %3d", get_debstr(0), act_connection, act_ncpsequence);
         openlog(identstr, LOG_CONS, LOG_DAEMON);
    -    syslog(prio, buf);
    +    syslog(prio, "%s", buf);
         closelog();
         if (!mode) return;
         lologfile=stderr;

    For FreeBSD:

        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/mars_nwe-0.99.b19_1.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/mars_nwe-0.99.b19_1.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/mars_nwe-0.99.b19_1.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/mars_nwe-0.99.b19_1.tgz
        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/mars_nwe-0.99.b19_1.tgz