Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FreeBSD Security Advisory: SA-96:21 - talkd

From: deraadt () theos com (Theo de Raadt)
Date: Mon, 20 Jan 1997 18:02:39 -0700


Topic:          unauthorized access via buffer overrun in talkd

Category:       core
Module:         talkd
Announced:      1997-01-18
Affects:        1.0, 1.1, 2.1.0, 2.1.5, 2.1.6, 2.1.6.1
Corrected:      2.2-current as of 1997-01-18
                2.1-stable  as of 1197-01-18
FreeBSD only:   no

Patches:        ftp://freebsd.org/pub/CERT/patches/SA-96:21/
References:     AUSCERT AA-97.01 (Australian CERT organization),
                SEI CERT VU#5942 (internal tracking reference only)

=============================================================================

I.   Background

     Buffer overrun (aka stack overflow) exploits in system
     supplied and locally installed utilities are commonly
     used by individuals wishing to obtain unauthorized access to
     computer systems.  The FreeBSD team has been reviewing and
     fixing the source code pool to eliminate potential exploits
     based on this technique.

     Recently, the Australian CERT organization received information
     of a buffer-overrun vulnerability in the talkd daemon shipped in
     most modern BSD based systems.


For the record... OpenBSD 2.0 shipped with this bug fixed, too.
Previous By Date Next
Previous By Thread Next

Current thread: