Re: FreeBSD remote root exploit ?
From: Assar Westerlund (assar@FreeBSD.ORG)
Date: 07/19/01
- Next message: Assar Westerlund: "Re: FreeBSD remote root exploit ?"
- Previous message: Assar Westerlund: "Re: FreeBSD remote root exploit ?"
- Maybe in reply to: Mike Tancsa: "FreeBSD remote root exploit ?"
- Next in thread: Matt Dillon: "Re: FreeBSD remote root exploit ?"
- Reply: Matt Dillon: "Re: FreeBSD remote root exploit ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Matt Dillon <dillon@earth.backplane.com> From: Assar Westerlund <assar@FreeBSD.ORG> Date: 19 Jul 2001 19:05:51 +0200
Matt Dillon <dillon@earth.backplane.com> writes:
> Oh joy. Hmm. Then I don't know... it calls output_data() to generate
> the AYT answer, I don't see anything particularly wrong with the code
> unless nfrontp exceeds BUFSIZ. That's fragile, it could be that something
> else is causing nfrontp to exceed BUFSIZ and breaks the snprintf()
> 'remaining' calculation in output_data().
output_data adds the result from vsnprintf() to nfrontp. If there's
not enough room for the formatted string in `remaining', vsnprintf()
returns the size that would be required. Bad me, no cookie.
/assar
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Assar Westerlund: "Re: FreeBSD remote root exploit ?"
- Previous message: Assar Westerlund: "Re: FreeBSD remote root exploit ?"
- Maybe in reply to: Mike Tancsa: "FreeBSD remote root exploit ?"
- Next in thread: Matt Dillon: "Re: FreeBSD remote root exploit ?"
- Reply: Matt Dillon: "Re: FreeBSD remote root exploit ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
