Date: Mon, 5 Aug 1996 00:20:29 +0000 () From: "Sociedade Brasileira de Quimica/Admin" <sbqadm@sbq.org.br> To: security@freebsd.org Subject: rlogin vulnerability? Message-ID: <199608050020.AAA04628@www.sbq.org.br>
next in thread | raw e-mail | index | archive | help
Hello
Sorry if this is a very stupid question but someone from
the Linux camp told me FreeBSD may be vulnerable, also, to the following
Linux security hole:
>From: "Alexander O. Yuriev" <alex@bach.cis.temple.edu>
To: linux-security@tarsier.cv.nrao.edu
Cc: linux-alert@tarsier.cv.nrao.edu
Subject: [linux-alert] LSF Update#11: Vulnerability of rlogin
Date: Tue, 30 Jul 1996 18:11:00 -0400
[...]
=============================================================================
ABSTRACT
A vulnerability exists in the rlogin program of NetKitB-0.6
This vulnerability affects several widely used Linux
distributions, including RedHat Linux 2.0, 2.1 and derived
systems including Caldera Network Desktop, Slackware 3.0 and
others. This vulnerability is not limited to Linux or any
other free UNIX systems. Both the information about this
vulnerability and methods of its expolit were made available
on the Internet.
RISK ASSESMENT
Local and remote users could gain super-user priviledges
Looking the diff between the patched Netkit and the previous one the guy
found things like:
ping.c - pr_addr(l)
998c998
< (void)sprintf(buf, "%s", inet_ntoa(*(struct in_addr *)&l));
---
> (void)snprintf(buf, 75, "%s", inet_ntoa(*(struct in_addr
*)&l));1000c1000
< (void)sprintf(buf, "%s (%s)", hp->h_name,
---
> (void)snprintf(buf, 75, "%s (%s)", hp->h_name,
as FreeBSD (2.1.0 at least) has the same code for pr_addr(l) he concluded
it has the same vulnerability.
Thanks for any info on this
Pedro
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608050020.AAA04628>