Date: Mon, 5 Aug 1996 00:20:29 +0000 () From: "Sociedade Brasileira de Quimica/Admin" <sbqadm@sbq.org.br> To: security@freebsd.org Subject: rlogin vulnerability? Message-ID: <199608050020.AAA04628@www.sbq.org.br>
next in thread | raw e-mail | index | archive | help
Hello Sorry if this is a very stupid question but someone from the Linux camp told me FreeBSD may be vulnerable, also, to the following Linux security hole: >From: "Alexander O. Yuriev" <alex@bach.cis.temple.edu> To: linux-security@tarsier.cv.nrao.edu Cc: linux-alert@tarsier.cv.nrao.edu Subject: [linux-alert] LSF Update#11: Vulnerability of rlogin Date: Tue, 30 Jul 1996 18:11:00 -0400 [...] ============================================================================= ABSTRACT A vulnerability exists in the rlogin program of NetKitB-0.6 This vulnerability affects several widely used Linux distributions, including RedHat Linux 2.0, 2.1 and derived systems including Caldera Network Desktop, Slackware 3.0 and others. This vulnerability is not limited to Linux or any other free UNIX systems. Both the information about this vulnerability and methods of its expolit were made available on the Internet. RISK ASSESMENT Local and remote users could gain super-user priviledges Looking the diff between the patched Netkit and the previous one the guy found things like: ping.c - pr_addr(l) 998c998 < (void)sprintf(buf, "%s", inet_ntoa(*(struct in_addr *)&l)); --- > (void)snprintf(buf, 75, "%s", inet_ntoa(*(struct in_addr *)&l));1000c1000 < (void)sprintf(buf, "%s (%s)", hp->h_name, --- > (void)snprintf(buf, 75, "%s (%s)", hp->h_name, as FreeBSD (2.1.0 at least) has the same code for pr_addr(l) he concluded it has the same vulnerability. Thanks for any info on this Pedro
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608050020.AAA04628>