From owner-freebsd-security  Sun Feb  2 23:07:22 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id XAA12530
          for security-outgoing; Sun, 2 Feb 1997 23:07:22 -0800 (PST)
Received: from roundtable.cif.rochester.edu (sadmin@roundtable.cif.rochester.edu [128.151.220.14])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id XAA12524
          for <freebsd-security@freebsd.org>; Sun, 2 Feb 1997 23:07:19 -0800 (PST)
Received: (from sadmin@localhost) by roundtable.cif.rochester.edu (8.8.5/8.8.3) id CAA07764 for freebsd-security@freebsd.org; Mon, 3 Feb 1997 02:06:56 -0500 (EST)
From: Security Administrator <sadmin@roundtable.cif.rochester.edu>
Message-Id: <199702030706.CAA07764@roundtable.cif.rochester.edu>
Subject: Re: Critical Security Problem in 4.4BSD crt0
To: freebsd-security@freebsd.org (FreeBSD Security)
Date: Mon, 3 Feb 1997 02:06:55 -0500 (EST)
In-Reply-To: <199702030554.XAA07517@enteract.com> from "Thomas H. Ptacek" at Feb 2, 97 11:54:54 pm
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

2-3-97

Question: Does this problem in 2.1.5 appear in 2.1.6 or 2.1.6.1?  Since the 
libraries are similar, my guess without comparing code is that the bug
is there.

Could you post an example of the exploit that you wrote for 2.1.5?

Thanks,
Josh Pincus
-- 
System Security Administrator
Computer Interest Floor
University of Rochester
Rochester, NY 14627
sadmin@roundtable.cif.rochester.edu