[17050] in bugtraq
Re: OpenBSD Security Advisory
daemon@ATHENA.MIT.EDU (Tim Yardley)
Wed Oct 4 16:07:12 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Message-ID: <5.0.0.25.2.20001004124418.02f05d10@students.uiuc.edu>
Date: Wed, 4 Oct 2000 12:48:31 -0500
Reply-To: Tim Yardley <yardley@UIUC.EDU>
From: Tim Yardley <yardley@UIUC.EDU>
X-To: K2 <ktwo@KTWO.CA>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <39DADCB7.4E416D8B@ktwo.ca>
I would like to add to this in stating that it seems to almost always be
OpernBSD's practice to silently fix bugs. I also agree that it is not in
the best interest of everyone else out there.
To expound upon the fstat issue, on 2.6 (using the canned exploit) you get
egid=2 (kmem). 2.8 does not give you a shell, but instead results in a
"File name too long" message.
/tmy
At 02:31 AM 10/4/2000, K2 wrote:
> Here is another exploit for an application (fstat) that
>OpenBSD's
>format string audit has seemingly forgotten about. What I would like to
<snip>
>Where are these advisories from the OpenBSD TEAM? Is their pride to
>great to accept these bugs, code fix, announce patch and move on?
>
>I do not believe that silently fixing vulnerabilities is in the best
>interest of anybody.
>
>------------------
>K2 (ktwo@ktwo.ca)
>http://www.ktwo.ca
>
>PS. Thx caddis for some tips ;)/*
> * theoBSD fstat - private caddis & K2 release
> * TagTeam exploit coding @$_*#%*&(#%(**(@$*($@
> *
> * greets: #!adm, #!teso, #!w00w00
> *
> */
<snip>
/tmy
-- Diving into infinity my consciousness expands in inverse
proportion to my distance from singularity
+-------- ------- ------ ----- ---- --- -- --- ------ ------- -------- -
--------------+
| Tim Yardley (yardley@uiuc.edu)
| http://www.students.uiuc.edu/~yardley/
+-------- ------- ------ ----- ---- --- -- --- ------ ------- -------- -
--------------+
