Date: Thu, 17 Jan 2002 11:30:55 +0900 (JST) From: Koga Youichirou <y-koga@jp.FreeBSD.org> To: freebsd-security@FreeBSD.ORG Subject: at command heap corruption vuln. Message-ID: <20020117.113055.130199478.y-koga@jp.FreeBSD.org>
next in thread | raw e-mail | index | archive | help
Debian and SuSE announced that "at" command leads into a heap corruption. Does anyone know if this problem affects FreeBSD? Debian: http://www.debian.org/security/2002/dsa-102 SuSE: http://www.linuxsecurity.com/advisories/suse_advisory-1817.html Debian's patch: http://security.debian.org/dists/stable/updates/main/source/at_3.1.8-10.1.diff.gz Debian's at seems to be same origin with FreeBSD, and free() part in this patch (about check_for_user()) is identical with FreeBSD. -- Koga, Youichirou PS There are other problems, I think creat() and open() in at.c should be exclusive. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020117.113055.130199478.y-koga>