From owner-freebsd-security Sat Jan 13 5:24:32 2001 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 3D3E537B404; Sat, 13 Jan 2001 05:24:10 -0800 (PST) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id FAA21993; Sat, 13 Jan 2001 05:24:09 -0800 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda21991; Sat Jan 13 05:24:03 2001 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.2/8.9.1) id f0DDNwJ46085; Sat, 13 Jan 2001 05:23:58 -0800 (PST) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdX46083; Sat Jan 13 05:23:33 2001 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.2/8.9.1) id f0DDNX518734; Sat, 13 Jan 2001 05:23:33 -0800 (PST) Message-Id: <200101131323.f0DDNX518734@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdu18730; Sat Jan 13 05:23:24 2001 X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.2-RELEASE X-Sender: cy To: Kris Kennaway Cc: Cy Schubert - ITSD Open Systems Group , freebsd-security@FreeBSD.ORG Subject: Re: [!H] Tcpdump 3.5.2 remote root vulnerability (fwd) In-reply-to: Your message of "Fri, 12 Jan 2001 18:45:29 PST." <20010112184529.B25168@citusc.usc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 13 Jan 2001 05:23:22 -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <20010112184529.B25168@citusc.usc.edu>, Kris Kennaway writes: > > --dc+cDN39EJAMEtIO > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > > On Fri, Jan 12, 2001 at 12:57:57PM -0800, Cy Schubert - ITSD Open Systems Gro > up wrote: > > This affects our tcpdump. > > Well..it affects old versions of tcpdump before we patched the > vulnerability (which I discovered and which we initially publicized, > BTW), and released the advisory describing it. All this post is is a > canned exploit for the known, long fixed problem..nothing to worry > about unless you don't act on the security advisories which are > released. > > Kris I do recall the advisory which mainly patches some calls from sprintf() to snprintf(), however the advisory from BUGTRAQ that I had forwarded to this list patches two calls to sscanf(). Are you saying that we tackled the same problem differently or did we just fix a different buffer overrun condition? If this is a different problem, there are two other sscanf's in print-atalk.c that were not discussed in the advisory that need fixing. If this is the same problem fixed differently, my apologies to the list for wasting everyone's time. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message