Date: Thu, 11 Jul 1996 22:23:07 -0600 (MDT) From: Nate Williams <nate@mt.sri.com> To: Brian Tao <taob@io.org> Cc: Dan Polivy <danp@carebase3.jri.org>, freebsd-security@freebsd.org Subject: Re: is FreeBSD's rdist vulnerable? Message-ID: <199607120423.WAA04487@rocky.mt.sri.com> In-Reply-To: <Pine.NEB.3.92.960711235818.29155E-100000@zap.io.org> References: <Pine.BSF.3.91.960703191714.1090A-100000@carebase3.jri.org> <Pine.NEB.3.92.960711235818.29155E-100000@zap.io.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Brian Tao writes: > On Wed, 3 Jul 1996, Dan Polivy wrote: > > > > Has anyone read 8lgm's rdist advisory and attempted to see whether or not > > FreeBSD's rdist is vulnerable? I use rdist to update various files here, > > and so I suppose getting id of the setuid bit would break it? Thanks... > > It is indeed vulnerable. I've mailed security-officer@freebsd.org > the exploit so someone can fix it right away. 2.1.0R and all the 2.2 > snapshots are vulnerable. I haven't tried any of the 2.1.5 releases. I *just* made some sprintf() -> snprintf() changes to current's rdist. If I sent you the patches could you check them out and see if it fixes the bug? They are pretty innocuous patches, and could be brought into -stable if it's not too late if it turns out they fix the bug. Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607120423.WAA04487>