Date: Mon, 5 Aug 1996 06:58:08 +0200 From: roberto@keltia.freenix.fr (Ollivier Robert) To: sbqadm@sbq.org.br (Sociedade Brasileira de Quimica/Admin) Cc: security@freebsd.org Subject: Re: rlogin vulnerability? Message-ID: <199608050458.GAA08545@keltia.freenix.fr> In-Reply-To: <199608050020.AAA04628@www.sbq.org.br>; from Sociedade Brasileira de Quimica/Admin on Aug 5, 1996 0:20:29 %2B0000 References: <199608050020.AAA04628@www.sbq.org.br>
next in thread | previous in thread | raw e-mail | index | archive | help
According to Sociedade Brasileira de Quimica/Admin: > ping.c - pr_addr(l) Interestingly enough, the diff is about pin, not rlogin. Anyway, it was fixed a while ago in 2.2-CURRENT: ---------------------------- revision 1.6 date: 1996/07/28 20:29:10; author: peter; state: Exp; lines: +3 -2 Limit the risk of `buf' overrun in ping.c when printing hostnames. Note, this is not really a security risk, because the buffer in question is a static variable in the data segment and not on the stack, and hence cannot subert the flow of execution in any way. About the worst case was that if you pinged a long hostname, ping could coredump. Pointed out on: bugtraq (listserv@netspace.org) ---------------------------- -- Ollivier ROBERT -=- The daemon is FREE! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 2.2-CURRENT #17: Fri Aug 2 20:40:17 MET DST 1996
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608050458.GAA08545>