Bugtraq mailing list archives
Re: bootpd remote vulnerability
From: irwin () PHOENIX PRINCETON EDU (Irwin Tillman)
Date: Fri, 4 Dec 1998 15:50:52 -0500
John McDonald <jmcdonal () UNF EDU> wrote:
I've discovered a remote buffer overflow in the bootpd daemon that, to my knowledge, is distributed with most linuxs and bsds. ... I have not attempted to determine if Solaris, Irix, Digital Unix, or any other OS's are vulnerable. ... The problem is that we can specify a htype that is past the end of the hwinfolist table. ...
Unpatched CMU dhcpd 3.3.7 (which traces its roots to the old bootpd) was also vulnerable. Princeton patch 6 (the most recent patch, released July 1998) fixed it. The PU patches are at http://www.princeton.edu/~irwin/dhcpd.html. /ist
Current thread:
- bootpd remote vulnerability John McDonald (Dec 04)
- hping, a tcp pinger antirez (Nov 30)
- Re: bootpd remote vulnerability Irwin Tillman (Dec 04)
- <Possible follow-ups>
- Re: bootpd remote vulnerability Crispin Cowan (Dec 05)
- Cheops Mark Spencer (Dec 07)
- Re: bootpd remote vulnerability John McDonald (Dec 07)
- Security Bulletins Digest (fwd) Patrick Oonk (Dec 07)