Date: Tue, 7 Dec 1999 12:05:53 -0500 (EST) From: tstromberg@rtci.com To: freebsd-audit@freebsd.org Subject: 10 more overflows (minor) Message-ID: <84723845.944586353513.JavaMail.chenresig@karma>
next in thread | raw e-mail | index | archive | help
I found another 10 minor overflows today. I'm about to put up a webpage with a nice table as far as what's been discovered/fixed/etc, hope to have it up by tommorow. If you have fixed an exploit I have found, please tell me so I can do a retest on it and mark it off as fixed. Many of these programs are bound to have multiple overflows, so I'll have to retest them later. I'm reposting all of them for some people new to the list. 38 overflows now. If that doesn't make you want to move forward with the FreeBSD-audit project, I don't know what will! Binaries Tested: 405 Binaries Total: 763 Binaries Left: 358 * = setuid/sgid, + = fixed 07DEC99 /usr/sbin/fsinfo fsinfo -D [3000] 07DEC99 /usr/bin/tconv set $TERMCAP to [2000], tconv -D blah 07DEC99 /usr/libexec/f771 stdin overflow, echo [2000] | f771 -G 07DEC99 /usr/bin/rs stdin overflow, echo [1000] | rs (handled) 07DEC99 /usr/libexec/getty stdin overflow, echo [2000] | getty -x 07DEC99 /usr/libexec/elf/as as [65000] 07DEC99 /usr/libexec/aout/as as [65000] 07DEC99 /usr/bin/rpcgen rpcgen -Y [8192] 07DEC99 /usr/bin/jot jot -w [8192] (all args) 07DEC99 /usr/bin/indent set $HOME to [8192] Older Ones: ----------- 03DEC99 /usr/bin/error error -I [16384] 03DEC99 /usr/bin/fsplit fsplit -e [16384] 03DEC99 /usr/bin/grops grops -c blah [16384] 03DEC99 /usr/bin/patch patch -r [16384] 03DEC99 /usr/bin/pr+ pr -s [16384] 03DEC99 /usr/bin/ypcat+ ypcat -d [16384] blah <libc!> 03DEC99 /usr/libexec/aout/as stdin overflow, echo [16384] | as -I 30NOV99 /usr/bin/awk awk -f [8192] 30NOV99 /usr/bin/ee set $NLSPATH to [32769] 30NOV99 /usr/bin/doscmd doscmd [4000] 30NOV99 /usr/bin/dnsquery dnsquery [4000] 30NOV99 /usr/bin/dig dig -k [16000] 30NOV99 /usr/bin/crunchgen crunchgen [8192] 30NOV99 /usr/bin/colldef colldef -I [8192] 30NOV99 /usr/bin/captoinfo set $TERMCAP to [32769] 30NOV99 /usr/bin/banner+ banner [8192] 30NOV99 /usr/bin/as as [8192] 30NOV99 /usr/bin/apply startslip -d [8192] -c [8192] 30NOV99 /usr/bin/Mail set $HOME to [32769] 30NOV99 /sbin/startslip startslip -d [8192] -c [8192] 30NOV99 /sbin/natd natd -w [16384] blah 30NOV99 /sbin/mount_mfs mount_mfs [8192] [8192] 30NOV99 /sbin/dhclient dhclient [40000] 30NOV99 /bin/red red [40000] 30NOV99 /bin/ed ed [40000] 15NOV99 /usr/bin/systat* race condition with bad exit 10NOV99 /sbin/rdump*+ dump -0 [1024] <libc!> 10NOV99 /sbin/dump*+ dump -0 [1024] <libc!> PS. Sorry for the bad pasting ============================================================================ Thomas R. Stromberg Asst. IS Manager / Systems Guru FreeBSD Contrib, BeOS Dev, Security Geek Research Triangle Commerce, Inc. http://www.afterthought.org/ http://www.rtci.com/ thomas@stromberg.org tstromberg@rtci.com =======================================================================<eof> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?84723845.944586353513.JavaMail.chenresig>