Bugtraq mailing list archives

Re: mtr-0.41 root exploit

From: R.E.Wolff () BITWIZARD NL (Rogier Wolff)
Date: Tue, 25 Apr 2000 23:41:15 +0200


[Elias, please approve either this one or the previous message that I
sent, but not both. Of course, preferably this one, and not the
other. Thanks. ]

Hi Everyone,

FYI, mtr-0.42 was released on march 4th, which fixes the mtr-oversight
that allows this exploit to work. The actual bug (overflow) is in
the Freebsd libncurses implementation.

Back then we were confident that an exploit COULD be written, but
decided not to wait until one would be written. Point proven.

I would've appreciated the lesser "scare" when an accompanying note
would've said that the bug was already fixed.

                                Roger.

--
** R.E.Wolff () BitWizard nl ** http://www.BitWizard.nl/ ** +31-15-2137555 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
*       Common sense is the collection of                                *
******  prejudices acquired by age eighteen.   -- Albert Einstein ********

Current thread:

Re: mtr-0.41 root exploit Rogier Wolff (Apr 25)
- Re: mtr-0.41 root exploit Kris Kennaway (Apr 25)