[3931] in bugtraq
Re: FreeBSD Security Advisory: SA-96:21 - talkd
daemon@ATHENA.MIT.EDU (Theo de Raadt)
Mon Jan 20 20:44:12 1997
Date: Mon, 20 Jan 1997 18:02:39 -0700
Reply-To: Theo de Raadt <deraadt@theos.com>
From: Theo de Raadt <deraadt@theos.com>
X-To: FreeBSD Security Officer <security-officer@freebsd.org>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: Your message of "Sat, 18 Jan 1997 10:38:57 CST."
<199701180919.BAA16314@precipice.shockwave.com>
> Topic: unauthorized access via buffer overrun in talkd
>
> Category: core
> Module: talkd
> Announced: 1997-01-18
> Affects: 1.0, 1.1, 2.1.0, 2.1.5, 2.1.6, 2.1.6.1
> Corrected: 2.2-current as of 1997-01-18
> 2.1-stable as of 1197-01-18
> FreeBSD only: no
>
> Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:21/
> References: AUSCERT AA-97.01 (Australian CERT organization),
> SEI CERT VU#5942 (internal tracking reference only)
>
> =============================================================================
>
> I. Background
>
> Buffer overrun (aka stack overflow) exploits in system
> supplied and locally installed utilities are commonly
> used by individuals wishing to obtain unauthorized access to
> computer systems. The FreeBSD team has been reviewing and
> fixing the source code pool to eliminate potential exploits
> based on this technique.
>
> Recently, the Australian CERT organization received information
> of a buffer-overrun vulnerability in the talkd daemon shipped in
> most modern BSD based systems.
For the record... OpenBSD 2.0 shipped with this bug fixed, too.
