Date: Sat, 10 Jan 1998 23:11:44 +0100 (MET) From: Guido van Rooij <guido@gvr.org> To: wollman@khavrinen.lcs.mit.edu (Garrett Wollman) Cc: igor@alecto.physics.uiuc.edu, security@freebsd.org Subject: Re: riptrace.c (fwd) Message-ID: <199801102211.XAA21563@gvr.gvr.org> In-Reply-To: <199801091619.LAA08275@khavrinen.lcs.mit.edu> from Garrett Wollman at "Jan 9, 98 11:19:48 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Garrett Wollman wrote: > <<On Thu, 8 Jan 1998 16:51:45 -0600 (CST), igor@alecto.physics.uiuc.edu (Igor Roshchin) said: > > > I probably should have tested it myself, > > but don't have possibility at the moment. > > So, the question is: > > Is FreeBSD vulnerable to this or to a modified exploit ? > > No. FreeBSD's routed will only permit remote control of tracing under > the following conditions: > > 1) A trace file was specified on the routed command line. > 2) The requested trace file is the same as the one specified in (1). > > See routed/trace.c for details. More correctly: freeBSD versions 2.2.* are not vulnerable. 2.1.* and earlier are vulnerable. -Guido
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199801102211.XAA21563>