From owner-freebsd-security Fri Sep 8 13: 7:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 857A937B43E; Fri, 8 Sep 2000 13:07:31 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id NAA39283; Fri, 8 Sep 2000 13:07:31 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Fri, 8 Sep 2000 13:07:31 -0700 (PDT) From: Kris Kennaway To: Gabor Zahemszky Cc: freebsd-security@freebsd.org Subject: Re: UNIX locale format string vulnerability (fwd) In-Reply-To: <20000908144707.F682@zg.CoDe.hu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 8 Sep 2000, Gabor Zahemszky wrote: > On Thu, Sep 07, 2000 at 02:53:51AM -0700, Kris Kennaway wrote: > > HOWEVER: no program shipped in the FreeBSD base system is believed to be > > vulnerable to either of these problems. > > > > They both affect catopen(), and we don't use that function at all except > > in tcsh, which is non-privileged. We don't even have any code which has > > Oops! > > On my 3.4R system, there is a little utility, named: ee (and ree), and it > is using catopen(). I don't think it changed in 4.x, is it? They are not privileged applications. You won't get anywhere but back where you started by exploiting them. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message