Bugtraq mailing list archives
Re: FreeBSD Security Advisory: SA-96:21 - talkd
From: deraadt () theos com (Theo de Raadt)
Date: Mon, 20 Jan 1997 18:02:39 -0700
Topic: unauthorized access via buffer overrun in talkd Category: core Module: talkd Announced: 1997-01-18 Affects: 1.0, 1.1, 2.1.0, 2.1.5, 2.1.6, 2.1.6.1 Corrected: 2.2-current as of 1997-01-18 2.1-stable as of 1197-01-18 FreeBSD only: no Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:21/ References: AUSCERT AA-97.01 (Australian CERT organization), SEI CERT VU#5942 (internal tracking reference only) ============================================================================= I. Background Buffer overrun (aka stack overflow) exploits in system supplied and locally installed utilities are commonly used by individuals wishing to obtain unauthorized access to computer systems. The FreeBSD team has been reviewing and fixing the source code pool to eliminate potential exploits based on this technique. Recently, the Australian CERT organization received information of a buffer-overrun vulnerability in the talkd daemon shipped in most modern BSD based systems.
For the record... OpenBSD 2.0 shipped with this bug fixed, too.
Current thread:
- Re: BoS: serious security bug in wu-ftpd v2.4 Dave Kinchlea (Jan 05)
- BoS: serious security bug in wu-ftpd v2.4 -- PATCH Dave Kinchlea (Jan 05)
- Re: BoS: serious security bug in wu-ftpd v2.4 -- PATCH Henrik P Johnson (Jan 12)
- Stronghold v1.3.3: Security Release Sean B. Hamor (Jan 13)
- [linux-security] SECURITY: Important bug fix for /sbin/login Erik Troan (Jan 16)
- Smashing the stack on a DEC Alpha Lamont Granquist (Jan 16)
- Re: Smashing the stack on a DEC Alpha Digital Dreamer (Jan 16)
- Re: Smashing the stack on a DEC Alpha Julian Assange (Jan 16)
- FreeBSD Security Advisory: SA-96:21 - talkd FreeBSD Security Officer (Jan 18)
- Re: FreeBSD Security Advisory: SA-96:21 - talkd Theo de Raadt (Jan 20)
- talkd problem Theo de Raadt (Jan 20)
- Re: talkd problem David Holland (Jan 20)
- Smashing the stack Zygo Blaxell (Jan 20)
- Re: Smashing the stack David Holland (Jan 20)
- Re: Smashing the stack Bill Sommerfeld (Jan 21)
- BoS: serious security bug in wu-ftpd v2.4 -- PATCH Dave Kinchlea (Jan 05)
- [linux-security] write(1) leak David Holland (Jan 19)
- [linux-security] write(1) leak David Holland (Jan 20)