Bugtraq mailing list archives
Linux NetKit-B update.
From: dholland () hcs HARVARD EDU (David Holland)
Date: Wed, 24 Jul 1996 01:41:12 -0400
Linux NetKit-B-0.07 has been released (check comp.os.linux.announce for details). This fixes the following security problems/hazards: 1. Possible overrun copying DNS results into a buffer on the stack in fingerd while processing the linux-specific -w ("welcome banner") option. Patch: convert sprintf to snprintf. 2. Possible overrun copying DNS results into a buffer on the stack in talkd. This affected FreeBSD, NetBSD, and OpenBSD as well; all have integrated a fix into the current development tree. It may affect vendors... Patch: convert sprintf to snprintf in announce.c. 3. Possible overrun copying $TERM into a buffer on the stack in rlogin. This affects lots of platforms, but has been mentioned here before I think. Patch: use snprintf or strncpy. 4. Suspicious (but not necessarily exploitable) handling of buffers on the stack in rshd. Patch: convert sprintf to snprintf. 5. rsh didn't drop root before execing rlogin. This is not a big deal except in conjunction with (3) -- chmod -s on rlogin is *not* sufficient. 6. Buffer overflow in ping mentioned yesterday, but it's not on the stack and consequently probably not exploitable. Patch: use snprintf. 7. Integrated a fix for the telnetd environment bug (old news, but it hadn't got into the standard linux sources yet.) Also, there was a bug in sliplogin where it did "setuid(0); system()" without clearing the environment. A fixed version has been available for Linux and FreeBSD for some time, but the news had not reached NetBSD until last week. Vendor versions could be vulnerable. -- - David A. Holland | Number of words in the English language that dholland () hcs harvard edu | exist because of typos or misreadings: 381
Current thread:
- Re: quotas? maybe you're not seeing all of it Mark E. Mallett (Jul 22)
- <Possible follow-ups>
- Re: quotas? maybe you're not seeing all of it Don Lewis (Jul 22)
- Linux NetKit-B update. David Holland (Jul 23)
- BSDI sniffer Parthiv Shah (Jul 24)
- Bug in SunOS 5.4? Nicholas Blasgen (Jul 24)
- Re: BSDI sniffer Evil Pete (Jul 24)
- Re: BSDI sniffer Jared Mauch (Jul 24)
- Re: BSDI sniffer DevilBunny (Jul 25)
- Linux NetKit-B update. David Holland (Jul 23)
- Re: quotas? maybe you're not seeing all of it Tom Bowman (Jul 23)