|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Message-ID: <3.0.6.32.20001121071404.00ae4550@203.16.214.248> Date: Tue, 21 Nov 2000 07:14:04 +1000 Reply-To: Richard Sharpe <sharpe@NS.AUS.COM> From: Richard Sharpe <sharpe@NS.AUS.COM> X-To: Kris Kennaway <kris@FREEBSD.ORG> To: BUGTRAQ@SECURITYFOCUS.COM In-Reply-To: <20001119171703.A4155@citusc17.usc.edu> At 05:17 PM 11/19/00 -0800, Kris Kennaway wrote: >On Sat, Nov 18, 2000 at 09:36:32PM +0900, JW Oh wrote: >> Bug Report >> >> 1. Name: Ethereal 0.8.13 AFS ACL parsing buffer overflow bug >> 2. Release Date: 2000.11.18 >> 3. Affected Application: >> Ethereal 0.8.13(latest version) >> http://www.ethereal.com/ >> ethereal-web@ethereal.com >> 4. Author: mat@hacksware.com > >Looks awfully similar to the identical bug we found in tcpdump. Due >credit, please! Having looked at both tcpdump-latest's print-rx.c and Ethereal's packet-afs.c, while the code is structured very differently, the underlying bug is very much the same, as it is exploiting essentially the same sscanf to pick up the same field in each case. So, I would agree that the FreeBSD folks should get priority on this, FWIW. BTW Kris, I agree that the patch works, as the limit is correctly specified in the caller of acl_print in tcpdump. >Kris > >Attachment Converted: "c:\eudora\attach\Re [hacksware] Ethereal 0.8.13" > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |