[10994] in bugtraq
Re: [RHSA-1999:017-01] Potential security problem in Red Hat 6.0
daemon@ATHENA.MIT.EDU (David Wagner)
Mon Jul 12 16:17:26 1999
Message-Id: <7mbhss$sde$1@blowfish.isaac.cs.berkeley.edu>
Date: Sun, 11 Jul 1999 18:54:36 -0700
Reply-To: David Wagner <daw@CS.BERKELEY.EDU>
From: David Wagner <daw@CS.BERKELEY.EDU>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In article <m3iu8coudx.fsf@soma.andreas.org>,
Andreas Bogk <andreas@ANDREAS.ORG> wrote:
> Raymond Dijkxhoorn <raymond@THRIJSWIJK.NL> writes:
>
> > 7. Problem description:
> >
> > Several potential buffer overruns have been corrected within the net-tools
> > package.
>
> Could someone from RedHat please identify the programs in
> question, their version numbers, the history of the code or something
> else which allows me to find out whether I'm affected or not?
>
I'm not from RedHat. But maybe I can try to help a little, since I think I
was the one who reported these vulnerabilities.
I think the problem is present in nettools-1.52 and prior versions. There
were a number of buffer overruns. To see an example of one, try grepping for
strcpy in lib/inet.c; if you see something like ``strcpy(name, hp->h_name);''
you might have the vulnerable version; if you see lots of safe_strncpy()'s,
you probably have the safe version. (I think.)
Maybe this is enough to get you started.
But please take this with a grain of salt. I am an outsider. For official
answers, you'd do better to ask RedHat or the code maintainers.
Credits: These buffer overruns were found with the help of an automated code
auditing tool which was developed in collaboration with Jeff Foster, Eric
Brewer, and Alex Aiken (also at Berkeley).
