Date: Mon, 5 Aug 1996 16:00:05 -0400 (EDT) From: Brian Mitchell <brian@saturn.net> To: Ollivier Robert <roberto@keltia.freenix.fr> Cc: Sociedade Brasileira de Quimica/Admin <sbqadm@sbq.org.br>, security@freebsd.org Subject: Re: rlogin vulnerability? Message-ID: <Pine.LNX.3.91.960805155920.59A-100000@tcpip> In-Reply-To: <199608050458.GAA08545@keltia.freenix.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 5 Aug 1996, Ollivier Robert wrote: > According to Sociedade Brasileira de Quimica/Admin: > > ping.c - pr_addr(l) > > Interestingly enough, the diff is about pin, not rlogin. Anyway, it was > fixed a while ago in 2.2-CURRENT: > > ---------------------------- > revision 1.6 > date: 1996/07/28 20:29:10; author: peter; state: Exp; lines: +3 -2 > Limit the risk of `buf' overrun in ping.c when printing hostnames. > > Note, this is not really a security risk, because the buffer in question > is a static variable in the data segment and not on the stack, and hence > cannot subert the flow of execution in any way. About the worst case was > that if you pinged a long hostname, ping could coredump. This is not true, the function is not used when you enter a hostname. It is used when you get a non-echoreply packet when you are in -v mode, thats the only time it is called. Brian Mitchell brian@saturn.net "I never give them hell. I just tell the truth and they think it's hell" - H. Truman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.91.960805155920.59A-100000>