Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 11 Jul 1996 22:23:07 -0600 (MDT)
From:      Nate Williams <nate@mt.sri.com>
To:        Brian Tao <taob@io.org>
Cc:        Dan Polivy <danp@carebase3.jri.org>, freebsd-security@freebsd.org
Subject:   Re: is FreeBSD's rdist vulnerable?
Message-ID:  <199607120423.WAA04487@rocky.mt.sri.com>
In-Reply-To: <Pine.NEB.3.92.960711235818.29155E-100000@zap.io.org>
References:  <Pine.BSF.3.91.960703191714.1090A-100000@carebase3.jri.org> <Pine.NEB.3.92.960711235818.29155E-100000@zap.io.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Brian Tao writes:
> On Wed, 3 Jul 1996, Dan Polivy wrote:
> >
> > Has anyone read 8lgm's rdist advisory and attempted to see whether or not
> > FreeBSD's rdist is vulnerable?  I use rdist to update various files here,
> > and so I suppose getting id of the setuid bit would break it?  Thanks...
> 
>     It is indeed vulnerable.  I've mailed security-officer@freebsd.org
> the exploit so someone can fix it right away.  2.1.0R and all the 2.2
> snapshots are vulnerable.  I haven't tried any of the 2.1.5 releases.

I *just* made some sprintf() -> snprintf() changes to current's rdist.
If I sent you the patches could you check them out and see if it fixes
the bug?  They are pretty innocuous patches, and could be brought into
-stable if it's not too late if it turns out they fix the bug.



Nate



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607120423.WAA04487>