From owner-freebsd-stable Sat Nov 9 13:22:16 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3166C37B401 for ; Sat, 9 Nov 2002 13:22:15 -0800 (PST) Received: from obsecurity.dyndns.org (adsl-63-207-60-146.dsl.lsan03.pacbell.net [63.207.60.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9FAF743E42 for ; Sat, 9 Nov 2002 13:22:14 -0800 (PST) (envelope-from kris@obsecurity.org) Received: from rot13.obsecurity.org (rot13.obsecurity.org [10.0.0.5]) by obsecurity.dyndns.org (Postfix) with ESMTP id 210B166B5E; Sat, 9 Nov 2002 13:22:14 -0800 (PST) Received: by rot13.obsecurity.org (Postfix, from userid 1000) id 0539F118B; Sat, 9 Nov 2002 13:23:59 -0800 (PST) Date: Sat, 9 Nov 2002 13:23:58 -0800 From: Kris Kennaway To: Dario Freni Cc: freebsd-stable@FreeBSD.ORG Subject: Re: Buffer overflow in /usr/bin/dialog Message-ID: <20021109212358.GE32110@rot13.obsecurity.org> References: <20021109200522.3a05171a.saturnero@freesbie.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="9crTWz/Z+Zyzu20v" Content-Disposition: inline In-Reply-To: <20021109200522.3a05171a.saturnero@freesbie.org> User-Agent: Mutt/1.4i Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --9crTWz/Z+Zyzu20v Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Nov 09, 2002 at 08:05:22PM +0100, Dario Freni wrote: > I've just reported the bug here: >=20 > http://www.freebsd.org/cgi/query-pr.cgi?pr=3D45168 >=20 > Please test and let me know if you have the same problem. Yes, it's a known problem. dialog (or libdialog) should never be used in privileged situations because it is chock full of buffer overflows. It would be a fairly large effort to fix all the problems. Nothing in the base system is affected by these problems. Kris --9crTWz/Z+Zyzu20v Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE9zXzuWry0BWjoQKURAk9FAKDNYZDA0YkVdkh0dluUO5mwoy3krwCgzMlO zSqd9egtPQ/dpMfuAPxej/w= =2wnt -----END PGP SIGNATURE----- --9crTWz/Z+Zyzu20v-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message