[966] in linux-security and linux-alert archive
Re: [linux-security] Linux NetKit-B update.
daemon@ATHENA.MIT.EDU (Joseph S. D. Yao)
Fri Jul 26 05:13:03 1996
Date: Thu, 25 Jul 1996 22:56:29 -0400
From: "Joseph S. D. Yao" <jsdy@cais.cais.com>
To: bugtraq@crimelab.com, dholland@hcs.HARVARD.EDU,
linux-security@tarsier.cv.nrao.edu
> 6. Buffer overflow in ping mentioned yesterday, but it's not on the
> stack and consequently probably not exploitable. Patch: use snprintf.
Stack vs. heap is irrelevant. The V6 'login' overrun bug was in data
space, rather than on the stack, and it gave a very nice way to log in
as root.
No, I don't remember the exact character string to enter ... ;-)
Joe Yao jsdy@cais.com - Joseph S. D. Yao
[REW: If a program is setuid, don't make assumptions about "probably
not exploitable". Maybe you're right. But then again, maybe not. Would
you be willing to bet $1000,- on your statement that it's not
exploitable? For that "prize money" you might interest someone into
actually proving you're wrong. There are others that have hundreds of
users on their machines, who could easily lose much more than $1000 if
a bad break-in occurred through such a hole....]