On Sat, Jan 19, 2002 at 06:57:03PM -0000, g_463at_private wrote: > Remote overflow in sniffit.0.3.7.beta > tested on slackware 7.1 > found/coded by g463 > -18th january 2002- For what it's worth, this problem is fixed with: PATCH_SITES= http://ftp.debian.org/debian/dists/stable/main/source/net/ PATCHFILES= sniffit_0.3.7.beta-6.1.diff.gz >From the change-log: sniffit (0.3.7.beta-6.1) frozen unstable; urgency=high * Non maintainer upload. * [security] sn_logfile.c: Replaced sprintfs by snprintfs fixing a buffer overflow (bugtraq). * [security] sn_analyse.c: Limit length of TCP packets to the buffer size (buffer overflow with MTU > 5000). -- Torsten Landschoff <torstenat_private> Fri, 26 May 2000 08:40:14 +0200 I assume Debian patches this, the FreeBSD port also applies these patches. Edwin -- Edwin Groothuis | Personal website: http://www.MavEtJu.org edwinat_private | Interested in MUDs? Visit Fatal Dimensions: ------------------+ http://www.FatalDimensions.org/
This archive was generated by hypermail 2b30 : Tue Jan 22 2002 - 08:38:54 PST