From owner-freebsd-security  Mon Sep 11 19:28:57 2000
Delivered-To: freebsd-security@freebsd.org
Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39])
	by hub.freebsd.org (Postfix) with ESMTP id 696A737B422
	for <freebsd-security@FreeBSD.ORG>; Mon, 11 Sep 2000 19:28:55 -0700 (PDT)
Received: (qmail 85350 invoked by uid 1000); 12 Sep 2000 02:28:56 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 12 Sep 2000 02:28:56 -0000
Date: Mon, 11 Sep 2000 21:28:56 -0500 (CDT)
From: Mike Silbersack <silby@silby.com>
To: "Andrey A. Chernov" <ache@nagual.pp.ru>
Cc: Kris Kennaway <kris@FreeBSD.ORG>,
	Szilveszter Adam <sziszi@petra.hos.u-szeged.hu>,
	freebsd-security@FreeBSD.ORG
Subject: Re: [paul@STARZETZ.DE: Breaking screen on BSD]
In-Reply-To: <20000912061357.A42654@nagual.pp.ru>
Message-ID: <Pine.BSF.4.21.0009112127170.85133-100000@achilles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On Tue, 12 Sep 2000, Andrey A. Chernov wrote:

> On Mon, Sep 11, 2000 at 05:57:07PM -0700, Kris Kennaway wrote:
> > I thought it was a technique for exploiting the known (and fixed)
> > vulnerability in the previous version of the screen port, not a new attack
> > in itself.
> 
> No, it is a new exploit based on execve behaviour and not related
> especially to screen, other programs can be affected too. We definitely
> need to fix execve.

If it's new, why does it rely on corrupting VBELL as the previous screen
exploit did?  Can this execve behavior be exploiting in a program which
wasn't broken by a buffer overflow or a format string bug?

Mike "Silby" Silbersack



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message