Date: Tue, 3 Nov 1998 12:47:41 +1300 (NZDT) From: Andrew McNaughton <andrew@squiz.co.nz> To: Warner Losh <imp@village.org> Cc: bow <bow@bow.net>, FreeBSD-security@FreeBSD.ORG Subject: Re: [rootshell] Security Bulletin #25 (fwd) Message-ID: <Pine.BSF.4.01.9811031239510.8161-100000@aniwa.sky> In-Reply-To: <199811022237.PAA16222@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2 Nov 1998, Warner Losh wrote: > Just so everyone knows, this advisory was only a draft advisory and > was cancelled over the weekend. I saw the original advisory and > checked stuff in based on it, since generally changes like this are > good and can't hurt anything. After I checked in the fixes to ssh, I > discovered that it had been determined that there was no way of > exploiting this buffer call because all the places that called it had > bounds checking. I had a brief look over the ssh code some months ago. I didn't find anything exploitable, but I did find things that made me uncomfortable, like the logging routine that uses vsprintf (or something similarly lacking in bounds checking) and expected all the places it was checked to do the bounds checking. As far as I looked, they pretty much did, though in one place I noted that it was dependent on the length of a domain name returned from a reverse lookup. Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.01.9811031239510.8161-100000>