Bugtraq mailing list archives
Vulnerability in Elm-ME+
From: jgoerzen () HAPPY CS TWSU EDU (John Goerzen)
Date: Thu, 15 May 1997 11:54:17 -0500
Hello, I have confirmed that the recently-reported vulnerability in Elm is also present in Elm-ME+ and thus also in Debian GNU/Linux version 1.2, prerelease version 1.3, and development tree "unstable". Below is a short diff to correct the problem. Debian GNU/Linux 1.2.x uses stock Elm 2.4pl25. Users of that version of Elm should upgrade to Elm-ME+ as detailed below. Debian 1.3 (currently in prerelease) will come with Elm-ME+. You should upgrade to the latest Elm-ME+. You can download the binary package immediately from: ftp://happy.cs.twsu.edu/pub/Debian/binaries/elm-me+_2.4pl25ME+31-5_i386.deb Updated source packages and diffs are under /pub/Debian/sources on the same server. I have released the updated package to Debian's master server, and should show up in distributions shortly. John Goerzen --- elm-me+-2.4pl25ME+31.orig/src/curses.c +++ elm-me+-2.4pl25ME+31/src/curses.c @@ -131,7 +131,7 @@ if ((termenv = getenv("TERM")) == NULL) return(-1); - if (strcpy(termname, termenv) == NULL) + if (strncpy(termname, termenv, sizeof(termname)) == NULL) return(-1); if ((err = tgetent(_terminal, termname)) != 1)
Current thread:
- Reminder for irix ppl Nafees Bin Zafar (May 14)
- Re: Reminder for irix ppl Mike Neuman (May 15)
- Vulnerability in Elm-ME+ John Goerzen (May 15)
- Re: Vulnerability in Elm-ME+ Kari E. Hurtta (May 17)
- Finally, most of an exploit for Solaris 2.5.1's ps. Joe Zbiciak (May 17)
- Re: Finally, most of an exploit for Solaris 2.5.1's ps. Adam Morrison (May 19)
- Re: Finally, most of an exploit for Solaris 2.5.1's ps. Joe Zbiciak (May 19)
- Interim solution for ps Joe Zbiciak (May 19)
- Re: Interim solution for ps Steven Kirby (May 19)
- The rest of the exploit is here! Solaris 2.5.1 ps! Joe Zbiciak (May 18)