Date: Mon, 11 Sep 2000 21:28:56 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: "Andrey A. Chernov" <ache@nagual.pp.ru> Cc: Kris Kennaway <kris@FreeBSD.ORG>, Szilveszter Adam <sziszi@petra.hos.u-szeged.hu>, freebsd-security@FreeBSD.ORG Subject: Re: [paul@STARZETZ.DE: Breaking screen on BSD] Message-ID: <Pine.BSF.4.21.0009112127170.85133-100000@achilles.silby.com> In-Reply-To: <20000912061357.A42654@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 12 Sep 2000, Andrey A. Chernov wrote: > On Mon, Sep 11, 2000 at 05:57:07PM -0700, Kris Kennaway wrote: > > I thought it was a technique for exploiting the known (and fixed) > > vulnerability in the previous version of the screen port, not a new attack > > in itself. > > No, it is a new exploit based on execve behaviour and not related > especially to screen, other programs can be affected too. We definitely > need to fix execve. If it's new, why does it rely on corrupting VBELL as the previous screen exploit did? Can this execve behavior be exploiting in a program which wasn't broken by a buffer overflow or a format string bug? Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0009112127170.85133-100000>