[1452] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: NLSPATH Stack Overwrite

daemon@ATHENA.MIT.EDU (Alan Cox)
Wed Feb 19 04:32:29 1997

From: Alan Cox <alan@cymru.net>
To: linux-security@redhat.com
Date: Wed, 19 Feb 1997 09:05:37 +0000 (GMT)
In-Reply-To: <Pine.BSI.3.91.970214190746.5864A-100000@escape.com> from "Dave G." at Feb 14, 97 07:14:05 pm
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

> 5.2.18 is vulnerable (stock Redhat 3.0.3)
> 5.3.12 does not appear vulnerable (stock Redhat 4.0, I think)

Stock Red Hat 4.0 is vulnerable to NLSPATH overruns, one with the current
libc-5.3.12 rpms from about 2 months ago isnt. Thats one of the many things
it fixed. There were also the DNS buffer overruns in rcmd, and some other
BSD shared ones that openbsd I think also swatted about the same time,
if not a bit earlier.

Alan


home help back first fref pref prev next nref lref last post