Date: Sat, 13 Jan 2001 15:41:44 -0800 From: Kris Kennaway <kris@FreeBSD.ORG> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: freebsd-security@FreeBSD.ORG Subject: Re: [!H] Tcpdump 3.5.2 remote root vulnerability (fwd) Message-ID: <20010113154144.A2379@citusc.usc.edu> In-Reply-To: <200101131323.f0DDNX518734@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Sat, Jan 13, 2001 at 05:23:22AM -0800 References: <20010112184529.B25168@citusc.usc.edu> <200101131323.f0DDNX518734@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--BXVAT5kNtrzKuDFl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jan 13, 2001 at 05:23:22AM -0800, Cy Schubert - ITSD Open Systems G= roup wrote: > I do recall the advisory which mainly patches some calls from sprintf()= =20 > to snprintf(), however the advisory from BUGTRAQ that I had forwarded=20 > to this list patches two calls to sscanf(). Are you saying that we=20 > tackled the same problem differently or did we just fix a different=20 > buffer overrun condition? I believe it attempts to fix one of the problems we fixed (but does it incorrectly, by truncating a string to 127 bytes which may legitimately be up to 2048 bytes long in the real world) > If this is a different problem, there are two other sscanf's in=20 > print-atalk.c that were not discussed in the advisory that need fixing. These are not exploitable: they read from /etc/atalk.names which is root-owned, and even then the buffers are sized such that they can't be overflowed. Kris --BXVAT5kNtrzKuDFl Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6YOe4Wry0BWjoQKURAmQvAKDFVlatc2lnhhB5N1MKJ0lotOGK0gCgkQap THxRSuUnDQJU3l/3EdNS3H8= =Pk3b -----END PGP SIGNATURE----- --BXVAT5kNtrzKuDFl-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010113154144.A2379>