Bugtraq mailing list archives

Re: patch for qpopper remote exploit bug

From: deraadt () CVS OPENBSD ORG (Theo de Raadt)
Date: Sat, 27 Jun 1998 16:50:40 -0600


 Yeah, but what about systems that do _not_ have vsnprintf()?
 Using calls without bounds checks can be justified as long
 as it is made dead sure that no bounds would be ever exceeded.

You complain to your vendors.

This is a function which every vendor should have in their libraries.
If they don't, I can promise you that OS has not been audited, and
that 10 or so bugs in libc exist which will bite you.

Today, snprintf and vsnprintf are required.  Without them, there's
some code in the libraries which cannot be written safely.

ie:

gen/syslog.c:   prlen = vsnprintf(p, tbuf_left, fmt_cpy, ap);

Hmm.

Current thread:

!!! FLASH TRAFFIC !!! QPOPPER REMOTE ROOT EXPLOIT Seth McGann (Jun 26)
- Re: !!! FLASH TRAFFIC !!! QPOPPER REMOTE ROOT EXPLOIT Theo de Raadt (Jun 27)
- patch for qpopper remote exploit bug Roy Hooper (Jun 27)
  - Re: patch for qpopper remote exploit bug Andres Kroonmaa (Jun 27)
    - Re: patch for qpopper remote exploit bug Theo de Raadt (Jun 27)
    - Re: patch for qpopper remote exploit bug Jon Lusky (Jun 27)
    - Re: patch for qpopper remote exploit bug Benjamin J Stassart (Jun 27)
    - Users can view script source from Win WebServers Aleph One (Jun 27)
- Re: QPOPPER problem.... ONE crude patch... Tom Brown (Jun 27)
  - Re: QPOPPER problem.... ONE crude patch... Daniel Ryde (Jun 27)
    - Re: QPOPPER problem.... ONE crude patch... Marco S Hyman (Jun 27)
  - Re: QPOPPER problem.... Jason Ackley (Jun 27)
    - Re: QPOPPER problem.... Bruno Lopes F. Cabral (Jun 27)
    - patch: qpopper (plugs another hole too) Miquel van Smoorenburg (Jun 27)
    - Re: QPOPPER problem.... Marco S Hyman (Jun 27)

(Thread continues...)