From nobody@FreeBSD.org  Sun Apr  8 01:07:48 2007
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 40A7A16A403
	for <freebsd-gnats-submit@FreeBSD.org>; Sun,  8 Apr 2007 01:07:48 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [69.147.83.33])
	by mx1.freebsd.org (Postfix) with ESMTP id 192C313C455
	for <freebsd-gnats-submit@FreeBSD.org>; Sun,  8 Apr 2007 01:07:48 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id l3817lqJ034105
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 8 Apr 2007 01:07:47 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id l3812kUo032520;
	Sun, 8 Apr 2007 01:02:46 GMT
	(envelope-from nobody)
Message-Id: <200704080102.l3812kUo032520@www.freebsd.org>
Date: Sun, 8 Apr 2007 01:02:46 GMT
From: Jeff Forsythe<tornandfilthy2006@yahoo.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: CVE-2007-1719 - mcweject buffer overflow
X-Send-Pr-Version: www-3.0

>Number:         111363
>Category:       ports
>Synopsis:       CVE-2007-1719 - mcweject buffer overflow
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Apr 08 01:10:01 GMT 2007
>Closed-Date:    Sun Apr 08 01:47:50 GMT 2007
>Last-Modified:  Sun Apr 08 01:48:14 GMT 2007
>Originator:     Jeff Forsythe
>Release:        6.2
>Organization:
>Environment:
>Description:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1719


Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD, and possibly other versions, allows local users to execute arbitrary code via a long command line argument, possibly involving the device name.


----

Didn't see any bug reports or responses from FreeBSD, thought I'd check if this was known, and if a fix is in place.
>How-To-Repeat:
Exploit: http://milw0rm.com/exploits/3578
>Fix:

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: linimon 
State-Changed-When: Sun Apr 8 01:47:26 UTC 2007 
State-Changed-Why:  
Duplicate of ports/111365. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=111363 
Responsible-Changed-From-To: freebsd-bugs->freebsd-ports-bugs 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sun Apr 8 01:47:54 UTC 2007 
Responsible-Changed-Why:  
Fix assignment. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=111363 
>Unformatted:
