From owner-freebsd-security Thu Jan 30 16:51:39 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id QAA17041 for security-outgoing; Thu, 30 Jan 1997 16:51:39 -0800 (PST) Received: from onyx.auscert.org.au (onyx0.auscert.org.au [203.5.112.10]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA17036 for ; Thu, 30 Jan 1997 16:51:35 -0800 (PST) Received: from amethyst.auscert.org.au (amethyst.auscert.org.au [203.5.112.218]) by onyx.auscert.org.au (8.8.5/8.8.4) with ESMTP id KAA02629 for ; Fri, 31 Jan 1997 10:51:28 +1000 (EST) Received: from localhost (localhost [127.0.0.1]) by amethyst.auscert.org.au (8.8.5/8.8.0) with SMTP id KAA02927; Fri, 31 Jan 1997 10:51:26 +1000 (EST) Message-Id: <199701310051.KAA02927@amethyst.auscert.org.au> X-Authentication-Warning: amethyst.auscert.org.au: localhost [127.0.0.1] didn't use HELO protocol From: auscert@auscert.org.au To: freebsd-security@freebsd.org Subject: Re: talkd? Cc: auscert@auscert.org.au Organization: AUSCERT (Australian Computer Emergency Response Team) Mime-Version: 1.0 Content-Type: text/plain; format=mime Content-Transfer-Encoding: 7bit Date: Fri, 31 Jan 1997 10:51:25 +1000 Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- Content-Type: text/plain; charset=us-ascii > What is the state of the talkd in the aftermath of the AUSCERT > advisory? > > Apologies in advance if this was discussed before; the mailing list > archives on www.freebsd.org are thoroughly hosed. The FreeBSD team supplied the following information to AUSCERT after the initial release of AA-97.01: FreeBSD versions 1.0, 1.1, 2.1.0, 2.1.5, 2.1.6, 2.1.6.1 are all affected by the talkd vulnerability described in this advisory. This has been fixed in version 2.2-current as of 1997-01-18 and 2.1-stable as of 1997-01-18. The FreeBSD Security Team have released an advisory and patch information for this talkd vulnerability. This advisory (FreeBSD-SA-96:21.talkd) is available from: ftp://freebsd.org/pub/CERT/advisories/FreeBSD-SA-96:21.talkd.asc Patches are available from: ftp://freebsd.org/pub/CERT/patches/SA-96:21/ We have since updated our advisory to contain this, and other vendor information. You can retrieve a copy of the updated talkd advisory from: ftp://ftp.auscert.org.au/pub/auscert/advisory/ AA-97.01.talkd.buffer.overrun.vul - -- regards, tony ========================================================================== Anthony Shepherd | Fax: +61 7 3365 4477 AUSCERT | Phone: +61 7 3365 4417 c/- Prentice Centre | (answered during business hours) The University of Queensland | (on call after hours for emergencies) Qld. 4072. Australia | Internet: auscert@auscert.org.au -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key iQCVAwUBMvHOqyh9+71yA2DNAQElEgQAkI0fv7a/W8yBX8E3OjFpqh6Rw/qfSX2G W4ZxNAGRiVhDqb11aXmDvXMcrFdxKyeCWdibwtVGpsmgqUHc/il6hABnn1GePWUy gwGtxGPwawn0t1BEAiynhmdJyWuzmtxcinBN7JCVN8JnWg/RrkeFwymzBMz8xOIM +6uY5nuCX1M= =6QH7 -----END PGP SIGNATURE-----