[18746] in bugtraq
Re: Buffer overflow in bing
daemon@ATHENA.MIT.EDU (Kris Kennaway)
Tue Jan 23 13:52:37 2001
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="cNdxnHkX5QqsyA0e"
Content-Disposition: inline
Message-Id: <20010122173340.A2782@citusc17.usc.edu>
Date: Mon, 22 Jan 2001 17:33:40 -0800
Reply-To: Kris Kennaway <kris@FREEBSD.ORG>
From: Kris Kennaway <kris@FREEBSD.ORG>
X-To: Pierre Beyssac <pb@FASTERIX.FREENIX.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010119203001.A8935@fasterix.frmug.org>; from
pb@FASTERIX.FREENIX.ORG on Fri, Jan 19, 2001 at 08:30:01PM +0100
--cNdxnHkX5QqsyA0e
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Jan 19, 2001 at 08:30:01PM +0100, Pierre Beyssac wrote:
> On Fri, Jan 19, 2001 at 06:52:27PM +0100, Paul Starzetz wrote:
> > The buffer overflowed is a 80 byte static local buffer:
> > static char buf[80];
>=20
> It is patched by default in FreeBSD's package collection. Here's
> the patch below (author: jseger@freebsd.org).
Actually, the patch was mine :-)
----------------------------
revision 1.1
date: 2000/03/05 05:30:54; author: kris; state: Exp;
This is a setuid root binary. sprintf()s of DNS hostnames into undersized
buffers are bad. Fix this. It should also drop privileges for extra
safety, but doesn't.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
Kris
--=20
NOTE: To fetch an updated copy of my GPG key which has not expired,
finger kris@FreeBSD.org
--cNdxnHkX5QqsyA0e
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE6bN90Wry0BWjoQKURArPTAJ4lIksUa8YjtRaMNG4/IEGWyzMD9gCgiMC1
Gl3NOhK8DuVq1jpfTJAjE5g=
=mxOk
-----END PGP SIGNATURE-----
--cNdxnHkX5QqsyA0e--
