[1004] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: [linux-alert] Vulnerability in ALL linux distributions

daemon@ATHENA.MIT.EDU (Alan Cox)
Wed Aug 14 00:59:22 1996

From: alan@lxorguk.ukuu.org.uk (Alan Cox)
To: linux-security@tarsier.cv.nrao.edu
Date: Tue, 13 Aug 1996 23:48:07 +0100 (BST)
In-Reply-To: <32100972.747E6F33@mymail.com> from "bloodmask" at Aug 13, 96 06:49:55 am

> For gods sake, how many more times are we gonna see this kind of problem? 
> It's been with Linux since it's very beggining, and it's so easy to 
> exploit. Similiar buffer overflow vulnerabilities have been found in 
> Linux distributions many times before, splitvt, dip, just to name a few 
> examples. 

I've been doing some libc digging with libc5.2.18 and I think the answer is
LOTS more. Especially as some of the files with buffer overruns are
in resolv+ and other files with a 1983 BSD copyright (like ruserok, and rnetrc)
I've posted a list to linux-gcc. Some like the ones in locale are definitely
working on other systems too.

And I know for sure other vendor libc's are as bad.

Alan

home help back first fref pref prev next nref lref last post