Re: FreeBSD remote root exploit ?
From: Assar Westerlund (assar@FreeBSD.ORG)
Date: 07/19/01
- Next message: Assar Westerlund: "Re: FreeBSD remote root exploit ?"
- Previous message: Assar Westerlund: "Re: FreeBSD remote root exploit ?"
- Maybe in reply to: Mike Tancsa: "FreeBSD remote root exploit ?"
- Next in thread: Assar Westerlund: "Re: FreeBSD remote root exploit ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Matt Dillon <dillon@earth.backplane.com> From: Assar Westerlund <assar@FreeBSD.ORG> Date: 19 Jul 2001 19:03:50 +0200
Matt Dillon <dillon@earth.backplane.com> writes:
> Lets see... There are actually *FOUR* telnetd's in our source tree.
>
> /usr/src/crypto/telnet/telnetd VULNERABLE
> /usr/src/libexec/telnetd VULNERABLE
> /usr/src/crypto/heimdal/appl/telnet/telnetd NOT VULNERABLE
> /usr/src/crypto/kerberosIV/appl/telnet/telnetd/telnetd.c NOT VULNERABLE
The last two are actually the `same', just from different versions
from the same CVS tree.
> The heimdal and kerberosIV telnetd's call an output_data()
> function which does not allow the output buffer to overflow. The
> first two telnetd' just blindly copy the option data into the output
> buffer.
The heimdal/kerberosIV are possibly less bad, but not blame-less, see
further down in the thread.
/assar
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Assar Westerlund: "Re: FreeBSD remote root exploit ?"
- Previous message: Assar Westerlund: "Re: FreeBSD remote root exploit ?"
- Maybe in reply to: Mike Tancsa: "FreeBSD remote root exploit ?"
- Next in thread: Assar Westerlund: "Re: FreeBSD remote root exploit ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
