From owner-freebsd-security  Tue Jul  9 23:05:55 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id XAA13076
          for security-outgoing; Tue, 9 Jul 1996 23:05:55 -0700 (PDT)
Received: from chloe.dmv.com (root@chloe.dmv.com [206.30.64.31])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id XAA13071;
          Tue, 9 Jul 1996 23:05:51 -0700 (PDT)
Received: (from patrick@localhost) by chloe.dmv.com (8.6.12/8.6.12) id CAA00518; Wed, 10 Jul 1996 02:05:13 -0400
Date: Wed, 10 Jul 1996 02:05:12 -0400 (EDT)
From: Patrick <patrick@chloe.dmv.com>
To: Gary Palmer <gpalmer@freebsd.org>
cc: cschuber@orca.gov.bc.ca, freebsd-security@freebsd.org
Subject: Re: CERT Advisory CA-96.13 - Vulnerability in the dip program 
In-Reply-To: <29141.836950855@palmer.demon.co.uk>
Message-ID: <Pine.BSF.3.91.960710020214.399A-100000@chloe.dmv.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


I tried to use the code that I have that exploits the bug in the linux 
version, and it fails.  The code takes advantage of overrunning the 
buffer in do_chatkey().  I looked through the BSD source and couldn't 
find a reference to do_chatkey().

------------------------------------------------------------------------------
Patrick          - Systems Administrator                      patrick@dmv.com
DelMarVa OnLine! - Salisbury, MD

On Tue, 9 Jul 1996, Gary Palmer wrote:

> Cy Schubert - ITSD Open Systems Group wrote in message ID
> <199607092134.OAA16884@passer.osg.gov.bc.ca>:
> > I believe that the dip program used under FreeBSD is the same program as 
> > described below.  We're probably vulnerable.
> 
> Apparently not. We don't have `dip' in our base system (we use `tip'
> and `cu', the more traditional (if they could be called that)
> interfaces. The `dip' port isn't based on the linux one, and from the
> package that was on the 2.1.0-RELEASE CDROM:
> 
> -r-xr-xr-x bin/bin       36864 Oct  7 00:33 1995 sbin/dip
> -r-xr-xr-x bin/bin           0 Oct  7 00:33 1995 sbin/diplogin link to sbin/dip
> 
>    ^  ^
> Note the distinct lack of SUID bits ...
> 
> Gary
> --
> Gary Palmer                                          FreeBSD Core Team Member
> FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info
>