Date: Tue, 10 Oct 2000 20:20:49 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Steve Reid <sreid@sea-to-sky.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: ncurses buffer overflows (fwd) Message-ID: <Pine.BSF.4.21.0010102017500.4625-100000@achilles.silby.com> In-Reply-To: <20001010175835.E9112@grok>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 10 Oct 2000, Steve Reid wrote: > BTW, the above is relative to the exploit Przemyslaw Frasunek posted to > bugtraq. The one he posted to freebsd-security, the line was: > > /usr/sbin/chgrp kmem /tmp/csh > > Which also doesn't work because chgrp is in /usr/bin, not /usr/sbin. > > This just goes to show, that just because an exploit script doesn't > work for you, doesn't mean that you are not vulnerable. Assume the > worst! Damn, it works now. Thanks for the heads up. (I can't actually get /tmp/csh to execute, but that seems unimportant at this point.) Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010102017500.4625-100000>