Bugtraq mailing list archives
Babcia Padlina Ltd. security advisory: mars_nwe buffer overf
From: venglin () FREEBSD LUBLIN PL (Przemyslaw Frasunek)
Date: Mon, 30 Aug 1999 14:31:46 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Babcia Padlina Ltd. Security Advisory (BP-9908:01) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Synopsis: Babcia Padlina Ltd. has discovered many buffer overruns in running with superuser priviliges parts of mars_nwe package. Vulnerable versions: Probably all versions of mars_nwe. Description: By creating carefully designed directories or bindery objects it is possible to execute arbitrary code. Sample code: Sample code (won't work with NLS support enabled) in attachment. Fix: Patches for mars_nwe 0.99pl15 in attachment. - --- * Fido: 2:480/124 ** WWW: FreeBSD.lublin.pl/~venglin ** GSM: +48-601-383657 * * Inet: venglin () FreeBSD lublin pl ** PGP: D48684904685DF43 EA93AFA13BE170BF * -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQA/AwUBN8p7tv6SPyHAYTvjEQI0ogCfdy9TeyHvuQj0UL4Vt79/Sj1o6nEAoJW/ kaJzxLBfV5pECo3/cqiMqbao =DNGn -----END PGP SIGNATURE----- <!-- attachment="ars.c__SizeOnDisk_1879_" --> <HR> <UL> <LI>application/octet-stream attachment: ars.c__SizeOnDisk_1879_ </UL> <HR> <UL> <LI>application/octet-stream attachment: ars.patch__SizeOnDisk_39368_ </UL>
Current thread:
- Babcia Padlina Ltd. security advisory: mars_nwe buffer overf Przemyslaw Frasunek (Aug 30)
- amd remote root exploit code Taeho Oh (Sep 01)
- Re: Babcia Padlina Ltd. security advisory: mars_nwe buffer Taneli Huuskonen (Sep 01)
- Re: Babcia Padlina Ltd. security advisory: mars_nwe bu Przemyslaw Frasunek (Sep 03)
- Information on SCO and the Netscape vulnerabilities. Aaron Sigel (Sep 02)