Date: Mon, 23 Oct 1995 16:57:41 -0600 From: Warner Losh <imp@village.org> To: peter@haywire.dialix.com (Peter Wemm) Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: (fwd) CERT Advisory CA-95:13 - Syslog Vulnerability (with sendmail workaround) Message-ID: <199510232257.QAA19117@rover.village.org> In-Reply-To: Your message of 24 Oct 1995 02:14:48 %2B0800
next in thread | raw e-mail | index | archive | help
: FreeBSD has fixed the hole, IMHO better than the others, but it used : one of the advanced 4.4BSD stdio features to do it more securely : (fwopen()/vfprintf() instead of umpteen strlen()/snprintf()). : : They covered FreeBSD/NetBSD (not by name) by saying: there are : different patches available for other operating systems, but these : have not been evaluated by cert, blah, blah. Both Free/NetBSD did it : their own way. Does somebody have just this patch? I must have missed it as it went by. I know that it is in current, but I need to patch a 1.1.5.1R router.... Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199510232257.QAA19117>