Bugtraq mailing list archives

Re: OpenBSD Security Advisory

From: "Todd C. Miller" <Todd.Miller () COURTESAN COM>
Date: Wed, 4 Oct 2000 11:31:23 -0600

In message <39DADCB7.4E416D8B () ktwo ca>
        so spake K2 (ktwo):

        Here is another exploit for an application (fstat) that
OpenBSD's
format string audit has seemingly forgotten about.  What I would like to
know is why this and a number of other privileged applications have
security vulnerabilities in them. They WERE fixed, but NO ADVISORY nor
ANY MENTION IN THEIR DAILY CHANGLOG!  How can the impact of the
vulnerability not be realized when they occur in something as privileged
as that would be using pw_error()?


As one of the people who took part in the audit I can honestly say
that we didn't think they *were* exploitable.  There was no intention
of hiding any fixes, we just went through the entire source tree
(we did not target privileged programs specifically) and fixed
format string problems where we found them and released patches for
those we knew to be exploitable (like xlock).

None of us are in the business of writing exploits--we just fix broken
code...

 - todd

Current thread:

OpenBSD Security Advisory Aaron Campbell (Oct 03)
- <Possible follow-ups>
- Re: OpenBSD Security Advisory K2 (Oct 04)
  - Re: OpenBSD Security Advisory Todd C. Miller (Oct 04)
  - Re: OpenBSD Security Advisory Tim Yardley (Oct 04)
  - talkd [WAS: Re: OpenBSD Security Advisory] Chris Evans (Oct 05)
  - Re: OpenBSD Security Advisory Jeremy C. Reed (Oct 08)