Date: Wed, 5 Feb 1997 14:58:52 -0800 (PST) From: Joe Greco <jgreco> To: CVS-committers, cvs-all, cvs-usrbin Subject: cvs commit: src/usr.bin/modstat Makefile modstat.c Message-ID: <199702052258.OAA19868@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
jgreco 97/02/05 14:58:51 Branch: usr.bin/modstat RELENG_2_1_0 Modified: usr.bin/modstat Makefile modstat.c Log: Fix an exploitable buffer overflow condition. From l0pht: Modstat is sgid kmem which is really handy to become if you feel like looking through /dev/mem and /dev/kmem (gee, wonder what you might want to do that for ). Like just about everything else under the sun it has a buffer overflow problem. The problem exists in the dostat() routine where an arbitrary sized string is shoved into sbuf.name through a strcpy(). <http://www.l0pht.com/advisories.html>; This change was committed to 2.2 as rev. 1.4 of modstat.c by joerg, and is being duplicated verbatim in 2.1-STABLE -JG Revision Changes Path 1.1.6.3 +1 -3 src/usr.bin/modstat/Makefile 1.3.4.1 +3 -2 src/usr.bin/modstat/modstat.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702052258.OAA19868>