From owner-freebsd-audit Fri Dec 8 16:10:44 2000 From owner-freebsd-audit@FreeBSD.ORG Fri Dec 8 16:10:42 2000 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139]) by hub.freebsd.org (Postfix) with ESMTP id 19AA037B400 for ; Fri, 8 Dec 2000 16:10:42 -0800 (PST) Received: (qmail 24646 invoked by uid 1000); 9 Dec 2000 00:10:40 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 9 Dec 2000 00:10:40 -0000 Date: Fri, 8 Dec 2000 18:10:39 -0600 (CST) From: Mike Silbersack To: Will Andrews Cc: freebsd-audit@FreeBSD.ORG Subject: Re: bitchx/ircd DNS overflow demonstration (fwd) In-Reply-To: <20001208190004.S572@puck.firepipe.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 8 Dec 2000, Will Andrews wrote: > Err, this is out of the list's charter IMO. We're only here to audit > code in FreeBSD itself. > > Anyone want to clarify the charter? Actually, I don't see any charter > anywhere.. I was motivated to send this over to -audit due to the format string problem. Soon after the first one was exploited in BitchX (or was it something else?), it was found that a bunch were present in the base system as well. I figure that such DNS problems could be present in the base system as well, hence the info contained in the advisory would be useful to auditers. In any case, if you've already audited the handling of DNS in programs in the FreeBSD base system, I apologize. The info the advisory is clearly useless to you. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message