Date: Mon, 3 Feb 1997 12:02:56 -0500 (EST) From: "Peter C. Norton" <spacey@avsi.com> To: "Thomas H. Ptacek" <tqbf@enteract.com> Cc: best-of-security@suburbia.net, freebsd-security@freebsd.org Subject: Re: BoS: Critical Security Problem in 4.4BSD crt0 Message-ID: <Pine.SGI.3.95.970203120053.10464B-100000@ns1.avsi.com> In-Reply-To: <199702030554.XAA07517@enteract.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> There is a critically important security problem in FreeBSD 2.1.5's C > runtime support library that will enable anyone with control of the > environment of a process to cause it to execute arbitrary code. All > executable SUID programs on the system are vulnerable to this problem. It seems that this problem is evident in prior releases of freebsd, at least as far back as 2.0.5, maybe further. -Peter
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SGI.3.95.970203120053.10464B-100000>