Bugtraq mailing list archives
Re: dqs 3.2.7 local root exploit.
From: Drake Diedrich <Drake.Diedrich () anu edu au>
Date: Sat, 19 May 2001 14:09:39 +1000
On Sat, May 19, 2001 at 12:09:11AM -0000, dex dex wrote:
DESCRIPTION: I found a buffer overflow vunerability on the /usr/bin/dsh (dqs 3.2.7 package).
...
This bug was reported to Drake Diedrich, Mantainer for dqs (Drake.Diedrich () anu edu adu).
I maintain only the Debian packaging of the DQS suite. /usr/bin/dsh can be entirely removed from a DQS cluster with no ill effects, and was removed from the Debian packages in early 1998 as part of a general cleanup of the package. Debian 2.1 (slink) and later are not vulnerable. The original publisher (SCRI, Florida State University) is no longer maintaining DQS or employing the original author, but has also refused to relax distribution restrictions, making it difficult to found a new developer community. dqs (3.1.8-2) unstable; urgency=low * Summarize and rotate monthly accounting logs * Replaced /bin/mail with /usr/bin/sendmail * Made /etc/dqs/conf_file into a configureation file. Changed DQS_BIN. * Deleted dqs_options, dqs_random, and dsh * Moved qmaster and dqs_execd to /usr/lib/dqs, edit DQS_BIN in /etc/dqs/conf_file * Switched to debhelper from debstd * Added restart and force-reload to /etc/init.d/dqs * A million Lintian fixes. -- Drake Diedrich <Drake.Diedrich () anu edu au> Mon, 16 Feb 1998 11:47:04 +1100 -- Dr. Drake Diedrich, Head - Information and Communications Unit John Curtin School of Medical Research, GPO Box 334 Canberra ACT 2601 Voice: +61(2)6125-2528 FAX: +61(2)6125-4823
Attachment:
_bin
Description:
Current thread:
- dqs 3.2.7 local root exploit. dex dex (May 18)
- Re: dqs 3.2.7 local root exploit. Roman Drahtmueller (May 19)
- Re: dqs 3.2.7 local root exploit. Drake Diedrich (May 19)