Bugtraq mailing list archives

Re: rh 6.2 - gid compromises, etc [+ MORE!!!]

From: wietse () PORCUPINE ORG (Wietse Venema)
Date: Fri, 23 Jun 2000 16:14:26 -0400


-----BEGIN PGP SIGNED MESSAGE-----

Stan Bubrouski:

tcp_wrappers has buffer overflow when argv[0] is big
and may have another potential overflow (would be more
serious) in code dealing with hosts and users more info
plus crappy patches can be found at:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=11881


The tcpd process name is specified by the super-user in the
inetd.conf file, which is owned by the super-user.

If an attacker can replace the tcpd process name in the inetd.conf
file, then your system has suffered a total breach of security.

The other claims are even more bogus (the poster overlooks that
null-terminated strings are shorter than their containing buffer).

Waste no time on this.

        Wietse

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBOVPE6dyA8qbVMny5AQH+7QP9EKonM9OHiBwQG5fNhTwjSQR0SKWCnedB
Ad5pTsZ5knmXflKbA9GbMoLZib6/RsL6834metreSXFlZcKGnxTOOwAJMkGRv38R
4rywpX/tQTOIAb5FqszLHyQQDxbDyxHjH7RXpH8b69z0lz8ZXw4/opvKOiuZMhYt
OHCYP0c+vpQ=
=p/NZ
-----END PGP SIGNATURE-----

Current thread:

BlackICE by Network ICE Corp vulnerability against Back Orifice 1.2, (continued)
- BlackICE by Network ICE Corp vulnerability against Back Orifice 1.2 Juancho Forlanda (Jun 20)
  - BEA WebLogic /file/ showcode vulnerability stuart.mcclure () FOUNDSTONE COM (Jun 20)
  - Re: BlackICE by Network ICE Corp vulnerability against Back Orifice 1.2 Mike DeMaria (Jun 21)
- Re: NAI WebShield SMTP does not scan base64 encoding Sato, Ken (Jun 20)
  - Microsoft Security Bulletin MS00-038 Update Microsoft Product Security (Jun 20)
  - rh 6.2 - gid compromises, etc Michal Zalewski (Jun 21)
    - Immunix OS 6.2 (StackGuarded Red Hat 6.2) Crispin Cowan (Jun 21)
    - Warning regarding new kernel RPMs Joseph V Moss (Jun 21)
    - Re: Warning regarding new kernel RPMs Dave Walter (Jun 22)
    - Re: rh 6.2 - gid compromises, etc [+ MORE!!!] Stan Bubrouski (Jun 21)
    - Re: rh 6.2 - gid compromises, etc [+ MORE!!!] Wietse Venema (Jun 23)
    - Re: rh 6.2 - gid compromises, etc Stan Bubrouski (Jun 22)
    - Allaire Security Bulletin (ASB00-15)- Workaround available for vu lnerabilities exposed by JRun 2.3.x code sample Jesse Noller (Jun 22)
    - [RHSA-2000:038-01] Zope update bugzilla () REDHAT COM (Jun 22)
    - FreeBSD Security Advisory: FreeBSD-SA-00:23.ip-options FreeBSD Security Advisories (Jun 22)
    - Re: FreeBSD Security Advisory: FreeBSD-SA-00:23.ip-options yeti (Jan 13)
    - Re: rh 6.2 - gid compromises, etc Stan Bubrouski (Jun 22)
    - [SECURITY] New Debian wu-ftpd packages released Daniel Jacobowitz (Jun 23)
    - Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Joey Maier (Jun 29)
    - Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Jim Knoble (Jun 29)
    - Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd) Andrea Costantino (Jun 29)

(Thread continues...)