Re: bootpd remote vulnerability

From: Irwin Tillman (irwinat_private)
Date: Fri Dec 04 1998 - 12:50:52 PST

Next message: Crispin Cowan: "Re: bootpd remote vulnerability"

Previous message: John McDonald: "bootpd remote vulnerability"
Maybe in reply to: John McDonald: "bootpd remote vulnerability"
Next in thread: Crispin Cowan: "Re: bootpd remote vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

John McDonald <jmcdonalat_private> wrote:

>I've discovered a remote buffer overflow in the bootpd daemon that, to
>my knowledge, is distributed with most linuxs and bsds.
>...
>
>I have not attempted to determine if Solaris, Irix, Digital Unix, or any
>other OS's are vulnerable.
>...
>The problem is that we can specify a htype that is past the end of the
>hwinfolist table.
>...

Unpatched CMU dhcpd 3.3.7 (which traces its roots to the old bootpd)
was also vulnerable.  Princeton patch 6 (the most recent patch, released
July 1998) fixed it.

The PU patches are at http://www.princeton.edu/~irwin/dhcpd.html.

/ist

Next message: Crispin Cowan: "Re: bootpd remote vulnerability"
Previous message: John McDonald: "bootpd remote vulnerability"
Maybe in reply to: John McDonald: "bootpd remote vulnerability"
Next in thread: Crispin Cowan: "Re: bootpd remote vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:24:32 PDT