[3782] in bugtraq
Re: CIAC Bulletin H-13: IBM AIX(r) Security Vulnerabilities
daemon@ATHENA.MIT.EDU (zen@trouble.org)
Wed Dec 11 20:02:11 1996
Date: Wed, 11 Dec 1996 16:29:03 -0800
Reply-To: d <zen@trouble.org>
From: d <zen@trouble.org>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: David Crawford <crawford@eek.llnl.gov> "CIAC Bulletin H-13: IBM
AIX(r) Security Vulnerabilities (gethostbyname,lquerypv)" (Dec
11, 17:19)
> The U.S. Department of Energy
> Computer Incident Advisory Capability
[...]
> IBM AIX(r) Security Vulnerabilities (gethostbyname,lquerypv)
> PROBLEM: Two problems have been identified in IBM AIX: (1) Possible
> buffer overrun condition in "gethostbyname()" library function,
Can anyone tell me what a "possible buffer overrun condition" is? Are they
saying that they don't know, or they just read it somewhere (couldn't
imagine where) and want to cover their ass?
Sorry, no new bug info. A security tidbit - a new satan release is tentatively
scheduled for (late) jan; more info will be posted as wietse and I get our
stuff together. Send us your remote bug checks to be included ;-)
-- d
