[1004] in linux-security and linux-alert archive
[linux-security] Re: [linux-alert] Vulnerability in ALL linux distributions
daemon@ATHENA.MIT.EDU (Alan Cox)
Wed Aug 14 00:59:22 1996
From: alan@lxorguk.ukuu.org.uk (Alan Cox)
To: linux-security@tarsier.cv.nrao.edu
Date: Tue, 13 Aug 1996 23:48:07 +0100 (BST)
In-Reply-To: <32100972.747E6F33@mymail.com> from "bloodmask" at Aug 13, 96 06:49:55 am
> For gods sake, how many more times are we gonna see this kind of problem?
> It's been with Linux since it's very beggining, and it's so easy to
> exploit. Similiar buffer overflow vulnerabilities have been found in
> Linux distributions many times before, splitvt, dip, just to name a few
> examples.
I've been doing some libc digging with libc5.2.18 and I think the answer is
LOTS more. Especially as some of the files with buffer overruns are
in resolv+ and other files with a 1983 BSD copyright (like ruserok, and rnetrc)
I've posted a list to linux-gcc. Some like the ones in locale are definitely
working on other systems too.
And I know for sure other vendor libc's are as bad.
Alan