Date: Wed, 30 Jun 1999 09:23:58 -0700 From: Matthew Hunt <mph@astro.caltech.edu> To: Bill Fumerola <billf@chc-chimes.com> Cc: "David O'Brien" <obrien@FreeBSD.ORG>, Bill Fumerola <billf@jade.chc-chimes.com>, hackers@FreeBSD.ORG Subject: Re: tcpdump(1) additions. Message-ID: <19990630092358.A51584@wopr.caltech.edu> In-Reply-To: <Pine.HPP.3.96.990630055143.23532N-100000@hp9000.chc-chimes.com>; from Bill Fumerola on Wed, Jun 30, 1999 at 05:53:41AM -0400 References: <19990630011532.A97926@dragon.nuxi.com> <Pine.HPP.3.96.990630055143.23532N-100000@hp9000.chc-chimes.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 30, 1999 at 05:53:41AM -0400, Bill Fumerola wrote: > > I should warn you though that there are some security issues with my > > tcpdump-smb patches. It is possible for a malicious user to put > > packets on the wire that will cause a buffer overflow in the SMB > > parser in that code. That could lead to a root exploit. > > > > I just haven't got around to fixing it yet. > > Hmmm.. but a non-superuser never sees any of those malicious packets, and > the program is not installed suid, so how would that happen? I think the point is that when root is running tcpdump on host A, a bad guy on host B can create a packet which makes tcpdump on A execute his code (as root, since that's who's running it). This is not desirable. -- Matthew Hunt <mph@astro.caltech.edu> * Stay close to the Vorlon. http://www.pobox.com/~mph/ * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990630092358.A51584>