From owner-freebsd-current  Thu Aug  8 15:07:44 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id PAA18862
          for current-outgoing; Thu, 8 Aug 1996 15:07:44 -0700 (PDT)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id PAA18856
          for <freebsd-current@FreeBSD.ORG>; Thu, 8 Aug 1996 15:07:40 -0700 (PDT)
Received: from rover.village.org (localhost [127.0.0.1]) by rover.village.org (8.7.5/8.6.6) with ESMTP id QAA05623; Thu, 8 Aug 1996 16:05:30 -0600 (MDT)
Message-Id: <199608082205.QAA05623@rover.village.org>
To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
Subject: Re: exploitable security risk 
Cc: freebsd-current@FreeBSD.ORG (FreeBSD-current users)
In-reply-to: Your message of Thu, 08 Aug 1996 08:19:40 +0200
Date: Thu, 08 Aug 1996 16:05:29 -0600
From: Warner Losh <imp@village.org>
Sender: owner-current@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

You might want to look at the OpenBSD CVS tree.  They have been fixing
a whole boatload of "oflow" cases in the BSD sources.  I don't know if
all of them are exploitable security holes or not, but they are likely
bugs and should likely be looked at.

Warner