[1455] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: NLSPATH Stack Overwrite

daemon@ATHENA.MIT.EDU (Hackboy--Defender of all things Di)
Wed Feb 19 13:56:10 1997

Date: Wed, 19 Feb 1997 02:05:16 -0600 (CST)
From: Hackboy--Defender of all things Digital <bkreed@squashduck.com>
To: linux-security@redhat.com
In-Reply-To: <Pine.BSI.3.91.970214190746.5864A-100000@escape.com>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

On Fri, 14 Feb 1997, Dave G. wrote:

> Here are my preliminary tests:
> 
> 5.2.18 is vulnerable (stock Redhat 3.0.3)
> 5.3.12 does not appear vulnerable (stock Redhat 4.0, I think)
> 

The 5.3.12-8 package is vunerable (ran the prog and got a root prompt) but
the 5.3.12-17 package that's in the upgrades dir for 4.0 is not.  

---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
And sanity is really just a one trick pony,       bkreed@acm.org 
anyway. I mean, all you get is one trick,       bkreed@cs.twsu.edu
RATIONAL THINKING!  But when you're good      bkreed@squashduck.com
and crazy, the sky's the limit!"	    http://www.squashduck.com
                - The TICK       		  Bryan K. Reed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


home help back first fref pref prev next nref lref last post