Bugtraq mailing list archives
Re: bootpd remote vulnerability
From: jmcdonal () UNF EDU (John McDonald)
Date: Mon, 7 Dec 1998 09:43:42 -0500
On Sat, 5 Dec 1998, Crispin Cowan wrote:
Is Linux not vulnerable for some systemic reason, or because the distributed bootp doesn't have the vulnerability? Thanks, Crispin
I looked at Linux a while ago, so this is a somewhat vague memory. I believe I looked at a stable debian release (non-glibc), an older slackware version, freebsd 2.2.5, and freebsd 2.2.2. I apologize for my lack of memory. Anyway, I believe in all of these systems, the vulnerability was present, but it was not exploitable. The values in memory after the hwinfolist table were either too small to overwrite enough of the stack, or so large that they caused a seg fault. I remember there were some appropriate values in some cases, but they were over 255, and the value in memory that would correspond with their description was not a valid deferencable pointer. Thus, the warning that bootpd prints out would cause a bus error. horizon
Current thread:
- bootpd remote vulnerability John McDonald (Dec 04)
- hping, a tcp pinger antirez (Nov 30)
- Re: bootpd remote vulnerability Irwin Tillman (Dec 04)
- <Possible follow-ups>
- Re: bootpd remote vulnerability Crispin Cowan (Dec 05)
- Cheops Mark Spencer (Dec 07)
- Re: bootpd remote vulnerability John McDonald (Dec 07)
- Security Bulletins Digest (fwd) Patrick Oonk (Dec 07)