[8699] in bugtraq
Re: Exploitable buffer overflow in bootpd (most unices)
daemon@ATHENA.MIT.EDU (Chris Evans)
Sun Dec 13 14:03:29 1998
Date: Sun, 13 Dec 1998 12:42:21 +0000
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Chris Evans <chris@FERRET.LMH.OX.AC.UK>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19970625000806.A15051@pitel.ml.org>
On Wed, 25 Jun 1997, Willem Pinckaers wrote:
> We don't know of any unix system that is NOT vulnerable to this problem.
> Exploit code was tested against linux systems running debian 2.0 (glibc), and
> debian 1.3, both running bootpd 2.4.3.
This is old news. I spotted the problem several months ago.
For a non-vulnerable UNIX system try Redhat-5.2. Regardless, RedHat don't
enable bootpd by default (dhcp is used).
Oh, I think OpenBSD fixed this too. One of the few vendors who actually
take note when you explain there is a security bug.
Chris
