Date: Fri, 12 Jul 1996 18:24:57 -0400 (EDT) From: Brian Tao <taob@io.org> To: Nate Williams <nate@mt.sri.com> Cc: Dan Polivy <danp@carebase3.jri.org>, freebsd-security@freebsd.org Subject: Re: is FreeBSD's rdist vulnerable? Message-ID: <Pine.NEB.3.92.960712182350.27070J-100000@zap.io.org> In-Reply-To: <199607120423.WAA04487@rocky.mt.sri.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 11 Jul 1996, Nate Williams wrote:
>
> I *just* made some sprintf() -> snprintf() changes to current's rdist.
> If I sent you the patches could you check them out and see if it fixes
> the bug? They are pretty innocuous patches, and could be brought into
> -stable if it's not too late if it turns out they fix the bug.
Sure, fire 'em over. I suspect there are a lot of other programs
that may also have this type of vulnerability. It's already been
exploited for syslog and rdist, but there are a hell of a lot of other
binaries that ship setuid root by default.
--
Brian Tao (BT300, taob@io.org, taob@ican.net)
Senior Systems and Network Administrator, Internet Canada Corp.
"Though this be madness, yet there is method in't"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.92.960712182350.27070J-100000>