Kris Kennaway <kkennawaat_private> writes: > On Sat, 13 Feb 1999, Alfonso De Gregorio wrote: > > BTW, i've tested these bugs only on x86 boxes with the most diffused > > GNU/Linux distro: Debian, Slackware, RedHat (all of them with 2.0.34 kernel), > > and on an alpha with Digital Unix V4.0 > Just confirming that the first one seems to work on Digital Unix v3.2, and > FreeBSD 4.0 as well (both using -w 2147483647). I didn't check the second one > yet. Fixed in FreeBSD 4.0-CURRENT, 3.1-STABLE and 2.2-STABLE as of now. The upcoming 3.1-RELEASE (to be released later today) will not be vulnerable. The attached patch should apply cleanly against most recent versions of FreeBSD (2.2 and up). To update your system, try the following (assuming you have the sources): # cd /usr/src/contrib/traceroute # patch traceroute.c <attached_patch # cd ../../usr.sbin/traceroute # make # make install DES -- Dag-Erling Smorgrav - desat_private Index: traceroute.c =================================================================== RCS file: /home/ncvs/src/contrib/traceroute/traceroute.c,v retrieving revision 1.5 retrieving revision 1.5.2.1 diff -u -r1.5 -r1.5.2.1 --- traceroute.c 1996/10/08 19:16:24 1.5 +++ traceroute.c 1999/02/15 08:24:08 1.5.2.1 @@ -732,6 +732,8 @@ wait.tv_sec = tp->tv_sec + waittime; wait.tv_usec = tp->tv_usec; (void)gettimeofday(&now, &tz); + if (wait.tv_sec < now.tv_sec + 1) + wait.tv_sec = now.tv_sec + 1; tvsub(&wait, &now); if (select(sock + 1, &fds, (fd_set *)0, (fd_set *)0, &wait) > 0)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:35:02 PDT