Re: Exploitable buffer overflow in bootpd (most unices)

From: Chris Evans (chrisat_private)
Date: Sun Dec 13 1998 - 04:42:21 PST

Next message: Alan Cox: "Triteal release updated CDE with security fixes"

Previous message: mnemonix: "Microsoft's Network Monitor - Buffer Overrun / Page Fault /"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 25 Jun 1997, Willem Pinckaers wrote:

> We don't know of any unix system that is NOT vulnerable to this problem.
> Exploit code was tested against linux systems running debian 2.0 (glibc), and
> debian 1.3, both running bootpd 2.4.3.

This is old news. I spotted the problem several months ago.

For a non-vulnerable UNIX system try Redhat-5.2. Regardless, RedHat don't
enable bootpd by default (dhcp is used).

Oh, I think OpenBSD fixed this too. One of the few vendors who actually
take note when you explain there is a security bug.

Chris

Next message: Alan Cox: "Triteal release updated CDE with security fixes"
Previous message: mnemonix: "Microsoft's Network Monitor - Buffer Overrun / Page Fault /"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:24:54 PDT