From owner-freebsd-security  Wed Jul 25 13:58:33 2001
Delivered-To: freebsd-security@freebsd.org
Received: from obsecurity.dyndns.org (adsl-64-169-104-149.dsl.lsan03.pacbell.net [64.169.104.149])
	by hub.freebsd.org (Postfix) with ESMTP id ED57437B401
	for <security@FreeBSD.org>; Wed, 25 Jul 2001 13:58:23 -0700 (PDT)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 31B7966E04; Wed, 25 Jul 2001 13:58:23 -0700 (PDT)
Date: Wed, 25 Jul 2001 13:58:22 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: security@FreeBSD.org
Subject: [venglin@freebsd.lublin.pl: Re: top format string bug exploit code (exploitable)]
Message-ID: <20010725135822.D57915@xor.obsecurity.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="mJm6k4Vb/yFcL9ZU"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--mJm6k4Vb/yFcL9ZU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

To the person who asked about current exploitability of this.

Kris

----- Forwarded message from Przemyslaw Frasunek <venglin@freebsd.lublin.pl=
> -----

Delivered-To: kkenn@localhost.obsecurity.org
Delivered-To: kris@freebsd.org
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
From: "Przemyslaw Frasunek" <venglin@freebsd.lublin.pl>
To: "SeungHyun Seo" <s1980914@inhavision.inha.ac.kr>,
	<bugtraq@securityfocus.com>
Subject: Re: top format string bug exploit code (exploitable)
Date: Wed, 25 Jul 2001 18:15:15 +0200
Organization: babcia padlina ltd.
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
X-UIDL: f70f3afb4816a63ef72be9f0b9bd764f

> It still seems to be affected under 3.5beta9 (including this version)
> someone said it's not the problem of exploitable vulnerability about 8
month ago ,

FreeBSD is not affected. Problem was fixed 9 months ago and advisory was
issued. See:

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:62.top.v1.1.
asc

--
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
* Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF *



----- End forwarded message -----

--mJm6k4Vb/yFcL9ZU
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7XzLtWry0BWjoQKURAuz5AJ9BLwLE+y6ZnX2p5VNrzqMZVNurPQCg+IfF
H6wBP2WkoeTVcIKLKXnbUAY=
=98ml
-----END PGP SIGNATURE-----

--mJm6k4Vb/yFcL9ZU--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message