From owner-freebsd-security Tue Oct 10 17:38:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from green.dyndns.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 64E7837B502; Tue, 10 Oct 2000 17:38:28 -0700 (PDT) Received: from localhost (8nurpp@localhost [127.0.0.1] (may be forged)) by green.dyndns.org (8.11.0/8.11.0) with ESMTP id e9B0cH562984; Tue, 10 Oct 2000 20:38:20 -0400 (EDT) (envelope-from green@FreeBSD.org) Message-Id: <200010110038.e9B0cH562984@green.dyndns.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: Peter Pentchev Cc: achilov@granch.ru, Przemyslaw Frasunek , freebsd-security@FreeBSD.org Subject: Re: ncurses buffer overflows (fwd) In-Reply-To: Message from Peter Pentchev of "Wed, 11 Oct 2000 03:02:34 +0300." <20001011030234.B28063@ringwraith.office1.bg> From: "Brian F. Feldman" Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 10 Oct 2000 20:38:16 -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Peter Pentchev wrote: > On Tue, Oct 10, 2000 at 09:50:28PM +0700, Rashid N. Achilov wrote: > > Przemyslaw Frasunek wrote: > > > > > > On Tue, Oct 10, 2000 at 07:02:30AM -0700, Cy Schubert - ITSD Open Systems Group wrote: > > > > For those of you who don't subscribe to BUGTRAQ, here's a heads up. > > > > > > And the exploit (in attachment). > > > > > > > Press any key to continue...sentry:[shelton] 150>sh systat.sh > > setenv: not found > > systat.sh: 69: Syntax error: Bad fd number > > Press any key to continue... > > Uhm.. it explicitly says '#!/bin/csh' at the start; why are you running > it with 'sh'? The canonical lazy person's execution method for scripts is "shell script.shell", because it is easier than "chmod +x script.shell; ./ script.shell". C shell scripts are supposed to be named .csh for consistency, or nothing at all. -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message