Re: *BSD user-ppp local root (when conditions permit)



Dan, good day.

Sun, Mar 02, 2008 at 01:48:17AM +0100, Dan Lukes wrote:
Eygene Ryabinkin napsal/wrote, On 03/02/08 00:06:
1. Run ppp
2. type the following (or atleat some variation of)
...

Yes, good catch: looks like stack-based buffer overflow

Could you please test the following rough patch

It seems you are going to cut of part of line silently.

IMHO - the line shall be rejected as invalid at all or warning needs to be
issued at least ...

Yes, I will add the neccessary statements. But first I want to
verify that the exploitation path is not available anymore.

Someone may create so long line (unintentionally), it will not work for him
with no hint why - it's not so polite ...

May be the buffer should even be dynamically resized -- will look
into it.

Thanks!
--
Eygene
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: *BSD user-ppp local root (when conditions permit)
    ... Eygene Ryabinkin napsal/wrote, On 03/02/08 00:06: ... type the following (or atleat some variation of) ... IMHO - the line shall be rejected as invalid at all or warning needs to be issued at least ... ...
    (FreeBSD-Security)
  • Re: Stress test: what to expect?
    ... variation and a coefficient bouncing around. ... him, not to worry :-) ...
    (rec.running)
  • Jousting
    ... Anyone on the group do any variation of this sport? ... Dan ... Prev by Date: ...
    (rec.equestrian)