Date: Sun, 2 Mar 2008 08:59:53 +0300 From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: Dan Lukes <dan@obluda.cz> Cc: freebsd-security@freebsd.org, sipherr@gmail.com Subject: Re: *BSD user-ppp local root (when conditions permit) Message-ID: <KLpb4j3%2BLD85o3V0gHGybAUP%2Bwo@nE9n69L2PrcQKa%2Be6OgU6kZtlVg> In-Reply-To: <47C9F951.3090408@obluda.cz> References: <20080229163903.3680.qmail@securityfocus.com> <eJwztaR4hgj0LBOZtN1f3kC2qd8@49l6neKHPg6j4SHeejH198Klzys> <47C9F951.3090408@obluda.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
Dan, good day. Sun, Mar 02, 2008 at 01:48:17AM +0100, Dan Lukes wrote: > Eygene Ryabinkin napsal/wrote, On 03/02/08 00:06: >>> 1. Run ppp >>> 2. type the following (or atleat some variation of) > ... > >> Yes, good catch: looks like stack-based buffer overflow > >> Could you please test the following rough patch > > It seems you are going to cut of part of line silently. > > IMHO - the line shall be rejected as invalid at all or warning needs to be > issued at least ... Yes, I will add the neccessary statements. But first I want to verify that the exploitation path is not available anymore. > Someone may create so long line (unintentionally), it will not work for him > with no hint why - it's not so polite ... May be the buffer should even be dynamically resized -- will look into it. Thanks! -- Eygene
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?KLpb4j3%2BLD85o3V0gHGybAUP%2Bwo>