John McDonald <jmcdonalat_private> wrote: >I've discovered a remote buffer overflow in the bootpd daemon that, to >my knowledge, is distributed with most linuxs and bsds. >... > >I have not attempted to determine if Solaris, Irix, Digital Unix, or any >other OS's are vulnerable. >... >The problem is that we can specify a htype that is past the end of the >hwinfolist table. >... Unpatched CMU dhcpd 3.3.7 (which traces its roots to the old bootpd) was also vulnerable. Princeton patch 6 (the most recent patch, released July 1998) fixed it. The PU patches are at http://www.princeton.edu/~irwin/dhcpd.html. /ist
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:24:32 PDT