[15456] in bugtraq
Re: rh 6.2 - gid compromises, etc [+ MORE!!!]
daemon@ATHENA.MIT.EDU (Wietse Venema)
Sat Jun 24 02:07:35 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: <20000623201426.C308F45633@spike.porcupine.org>
Date: Fri, 23 Jun 2000 16:14:26 -0400
Reply-To: Wietse Venema <wietse@PORCUPINE.ORG>
From: Wietse Venema <wietse@PORCUPINE.ORG>
X-To: satan@FASTDIAL.NET
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000622064042.29536.qmail@securityfocus.com> from Stan
Bubrouski at "Jun 22, 0 06:40:42 am"
-----BEGIN PGP SIGNED MESSAGE-----
Stan Bubrouski:
> tcp_wrappers has buffer overflow when argv[0] is big
> and may have another potential overflow (would be more
> serious) in code dealing with hosts and users more info
> plus crappy patches can be found at:
> http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=11881
The tcpd process name is specified by the super-user in the
inetd.conf file, which is owned by the super-user.
If an attacker can replace the tcpd process name in the inetd.conf
file, then your system has suffered a total breach of security.
The other claims are even more bogus (the poster overlooks that
null-terminated strings are shorter than their containing buffer).
Waste no time on this.
Wietse
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBOVPE6dyA8qbVMny5AQH+7QP9EKonM9OHiBwQG5fNhTwjSQR0SKWCnedB
Ad5pTsZ5knmXflKbA9GbMoLZib6/RsL6834metreSXFlZcKGnxTOOwAJMkGRv38R
4rywpX/tQTOIAb5FqszLHyQQDxbDyxHjH7RXpH8b69z0lz8ZXw4/opvKOiuZMhYt
OHCYP0c+vpQ=
=p/NZ
-----END PGP SIGNATURE-----
