Re: [RHSA-1999:017-01] Potential security problem in Red Hat 6.0 net-tools. (fwd)

[daw () CS BERKELEY EDU (David Wagner)]

In article <m3iu8coudx.fsf () soma andreas org>,
Andreas Bogk  <andreas () ANDREAS ORG> wrote:
> Raymond Dijkxhoorn <raymond () THRIJSWIJK NL> writes:
>
> > 7. Problem description:
> >
> > Several potential buffer overruns have been corrected within the net-tools
> > package.
>
> Could someone from RedHat please identify the programs in
> question, their version numbers, the history of the code or something
> else which allows me to find out whether I'm affected or not?

I'm not from RedHat.  But maybe I can try to help a little, since I think I
was the one who reported these vulnerabilities.

I think the problem is present in nettools-1.52 and prior versions.  There
were a number of buffer overruns.  To see an example of one, try grepping for
strcpy in lib/inet.c; if you see something like ``strcpy(name, hp->h_name);''
you might have the vulnerable version; if you see lots of safe_strncpy()'s,
you probably have the safe version.  (I think.)

Maybe this is enough to get you started.

But please take this with a grain of salt.  I am an outsider.  For official
answers, you'd do better to ask RedHat or the code maintainers.

Credits: These buffer overruns were found with the help of an automated code
auditing tool which was developed in collaboration with Jeff Foster, Eric
Brewer, and Alex Aiken (also at Berkeley).