[707] in linux-security and linux-alert archive
[linux-security] Bounds checking problem, apparently with libc >5.0.0 <5.3.9
daemon@ATHENA.MIT.EDU (lilo)
Wed May 8 16:55:37 1996
From: lilo <TaRDiS@mail.utexas.edu>
Date: Wed, 8 May 1996 02:23:11 -0500 (CDT)
To: Linux Security List <linux-security@tarsier.cv.nrao.edu>
This evening I was given an exploit which suggests a serious bounds-checking
problem in libc >5.0.0 <5.3.9 or so.
I'll provide an announcement including an exploit tomorrow if it hasn't
already been provided. The exploit is an alias which can be run under ircII
which appears to segfault current ircII releases. It's very suggestive and
appears to occur in approximately the range of libc releases suggested.
We've done some testing on #LinPeople (irc.linpeople.org), where I'll refer
anyone who needs background in a hurry.
In the meantime, I'm providing the exploit to the list owners so they can
begin looking at the problem. I suggest anyone within the range of libc
releases which seems to be affected begin looking at an upgrade to 5.3.12.
lilo
