Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 10 Jul 1996 02:05:12 -0400 (EDT)
From:      Patrick <patrick@chloe.dmv.com>
To:        Gary Palmer <gpalmer@freebsd.org>
Cc:        cschuber@orca.gov.bc.ca, freebsd-security@freebsd.org
Subject:   Re: CERT Advisory CA-96.13 - Vulnerability in the dip program 
Message-ID:  <Pine.BSF.3.91.960710020214.399A-100000@chloe.dmv.com>
In-Reply-To: <29141.836950855@palmer.demon.co.uk>

next in thread | previous in thread | raw e-mail | index | archive | help

I tried to use the code that I have that exploits the bug in the linux 
version, and it fails.  The code takes advantage of overrunning the 
buffer in do_chatkey().  I looked through the BSD source and couldn't 
find a reference to do_chatkey().

------------------------------------------------------------------------------
Patrick          - Systems Administrator                      patrick@dmv.com
DelMarVa OnLine! - Salisbury, MD

On Tue, 9 Jul 1996, Gary Palmer wrote:

> Cy Schubert - ITSD Open Systems Group wrote in message ID
> <199607092134.OAA16884@passer.osg.gov.bc.ca>:
> > I believe that the dip program used under FreeBSD is the same program as 
> > described below.  We're probably vulnerable.
> 
> Apparently not. We don't have `dip' in our base system (we use `tip'
> and `cu', the more traditional (if they could be called that)
> interfaces. The `dip' port isn't based on the linux one, and from the
> package that was on the 2.1.0-RELEASE CDROM:
> 
> -r-xr-xr-x bin/bin       36864 Oct  7 00:33 1995 sbin/dip
> -r-xr-xr-x bin/bin           0 Oct  7 00:33 1995 sbin/diplogin link to sbin/dip
> 
>    ^  ^
> Note the distinct lack of SUID bits ...
> 
> Gary
> --
> Gary Palmer                                          FreeBSD Core Team Member
> FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info
> 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960710020214.399A-100000>