Date: Sat, 9 Nov 2002 13:23:58 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Dario Freni <saturnero@freesbie.org> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: Buffer overflow in /usr/bin/dialog Message-ID: <20021109212358.GE32110@rot13.obsecurity.org> In-Reply-To: <20021109200522.3a05171a.saturnero@freesbie.org> References: <20021109200522.3a05171a.saturnero@freesbie.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--9crTWz/Z+Zyzu20v Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Nov 09, 2002 at 08:05:22PM +0100, Dario Freni wrote: > I've just reported the bug here: >=20 > http://www.freebsd.org/cgi/query-pr.cgi?pr=3D45168 >=20 > Please test and let me know if you have the same problem. Yes, it's a known problem. dialog (or libdialog) should never be used in privileged situations because it is chock full of buffer overflows. It would be a fairly large effort to fix all the problems. Nothing in the base system is affected by these problems. Kris --9crTWz/Z+Zyzu20v Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE9zXzuWry0BWjoQKURAk9FAKDNYZDA0YkVdkh0dluUO5mwoy3krwCgzMlO zSqd9egtPQ/dpMfuAPxej/w= =2wnt -----END PGP SIGNATURE----- --9crTWz/Z+Zyzu20v-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021109212358.GE32110>