Re: another hanterm exploit

From: Jose Nazario (joseat_private)
Date: Fri Feb 08 2002 - 21:59:40 PST

Next message: Kris Kennaway: "Re: [Global InterSec 2002012101] DeleGate Application Proxy - Multiple Vulnerabilities"

Previous message: Powertech: "arescom 800 authentification flaw"
In reply to: Stuart Moore: "another hanterm exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 7 Feb 2002, Stuart Moore wrote:

> There was a FreeBSD fix announced back in July 2002
> (FreeBSD-SA-01:41), but I haven't seen any other vendor fixes.

openbsd isn't subject to root (or privilidged) compromise by this if you
install hanterm from ports. a patch in the makefile in ports installs this
NOT suid, but 0711.

the code needs a serious review, its in pretty bad shape.

____________________________
jose nazario						     joseat_private
	      	     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
				       PGP key ID 0xFD37F4E5 (pgp.mit.edu)

Next message: Kris Kennaway: "Re: [Global InterSec 2002012101] DeleGate Application Proxy - Multiple Vulnerabilities"
Previous message: Powertech: "arescom 800 authentification flaw"
In reply to: Stuart Moore: "another hanterm exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Feb 08 2002 - 22:46:23 PST