[14685] in bugtraq
Re: mtr-0.41 root exploit
daemon@ATHENA.MIT.EDU (Rogier Wolff)
Wed Apr 26 09:52:15 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: <200004252141.XAA28968@cave.bitwizard.nl>
Date: Tue, 25 Apr 2000 23:41:15 +0200
Reply-To: Rogier Wolff <R.E.Wolff@BITWIZARD.NL>
From: Rogier Wolff <R.E.Wolff@BITWIZARD.NL>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
[Elias, please approve either this one or the previous message that I
sent, but not both. Of course, preferably this one, and not the
other. Thanks. ]
Hi Everyone,
FYI, mtr-0.42 was released on march 4th, which fixes the mtr-oversight
that allows this exploit to work. The actual bug (overflow) is in
the Freebsd libncurses implementation.
Back then we were confident that an exploit COULD be written, but
decided not to wait until one would be written. Point proven.
I would've appreciated the lesser "scare" when an accompanying note
would've said that the bug was already fixed.
Roger.
--
** R.E.Wolff@BitWizard.nl ** http://www.BitWizard.nl/ ** +31-15-2137555 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
* Common sense is the collection of *
****** prejudices acquired by age eighteen. -- Albert Einstein ********
