On Sat, 5 Dec 1998, Crispin Cowan wrote: > Is Linux not vulnerable for some systemic reason, or because the distributed > bootp doesn't have the vulnerability? > > Thanks, > Crispin I looked at Linux a while ago, so this is a somewhat vague memory. I believe I looked at a stable debian release (non-glibc), an older slackware version, freebsd 2.2.5, and freebsd 2.2.2. I apologize for my lack of memory. Anyway, I believe in all of these systems, the vulnerability was present, but it was not exploitable. The values in memory after the hwinfolist table were either too small to overwrite enough of the stack, or so large that they caused a seg fault. I remember there were some appropriate values in some cases, but they were over 255, and the value in memory that would correspond with their description was not a valid deferencable pointer. Thus, the warning that bootpd prints out would cause a bus error. horizon
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:24:38 PDT