From owner-freebsd-security  Tue Oct 10 18:17:28 2000
Delivered-To: freebsd-security@freebsd.org
Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139])
	by hub.freebsd.org (Postfix) with ESMTP id A28C337B66D
	for <freebsd-security@FreeBSD.ORG>; Tue, 10 Oct 2000 18:17:23 -0700 (PDT)
Received: (qmail 4642 invoked by uid 1000); 11 Oct 2000 01:20:49 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 11 Oct 2000 01:20:49 -0000
Date: Tue, 10 Oct 2000 20:20:49 -0500 (CDT)
From: Mike Silbersack <silby@silby.com>
To: Steve Reid <sreid@sea-to-sky.net>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: ncurses buffer overflows (fwd)
In-Reply-To: <20001010175835.E9112@grok>
Message-ID: <Pine.BSF.4.21.0010102017500.4625-100000@achilles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On Tue, 10 Oct 2000, Steve Reid wrote:

> BTW, the above is relative to the exploit Przemyslaw Frasunek posted to
> bugtraq. The one he posted to freebsd-security, the line was:
> 
> /usr/sbin/chgrp kmem /tmp/csh
> 
> Which also doesn't work because chgrp is in /usr/bin, not /usr/sbin.
> 
> This just goes to show, that just because an exploit script doesn't
> work for you, doesn't mean that you are not vulnerable. Assume the
> worst!

Damn, it works now.  Thanks for the heads up.

(I can't actually get /tmp/csh to execute, but that seems unimportant at
this point.)

Mike "Silby" Silbersack




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message