From owner-freebsd-security Tue Oct 10 17: 2:24 2000 Delivered-To: freebsd-security@freebsd.org Received: from sentinel.office1.bg (sentinel.office1.bg [195.24.48.182]) by hub.freebsd.org (Postfix) with SMTP id 50DE137B66D for ; Tue, 10 Oct 2000 17:02:19 -0700 (PDT) Received: (qmail 28267 invoked by uid 1001); 11 Oct 2000 00:02:34 -0000 Date: Wed, 11 Oct 2000 03:02:34 +0300 From: Peter Pentchev To: achilov@granch.ru Cc: Przemyslaw Frasunek , freebsd-security@FreeBSD.ORG Subject: Re: ncurses buffer overflows (fwd) Message-ID: <20001011030234.B28063@ringwraith.office1.bg> References: <200010101403.e9AE3Ir08713@cwsys.cwsent.com> <20001010160736.N94343@riget.scene.pl> <39E32CB4.651CAE3F@sentry.granch.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <39E32CB4.651CAE3F@sentry.granch.ru>; from shelton@sentry.granch.ru on Tue, Oct 10, 2000 at 09:50:28PM +0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Oct 10, 2000 at 09:50:28PM +0700, Rashid N. Achilov wrote: > Przemyslaw Frasunek wrote: > > > > On Tue, Oct 10, 2000 at 07:02:30AM -0700, Cy Schubert - ITSD Open Systems Group wrote: > > > For those of you who don't subscribe to BUGTRAQ, here's a heads up. > > > > And the exploit (in attachment). > > > > Press any key to continue...sentry:[shelton] 150>sh systat.sh > setenv: not found > systat.sh: 69: Syntax error: Bad fd number > Press any key to continue... Uhm.. it explicitly says '#!/bin/csh' at the start; why are you running it with 'sh'? G'luck, Peter -- No language can express every thought unambiguously, least of all this one. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message