[3052] in bugtraq
Re: [linux-security] Linux NetKit-B update.
daemon@ATHENA.MIT.EDU (Leendert van Doorn)
Mon Aug 5 13:16:39 1996
Date: Mon, 5 Aug 1996 14:55:00 +0200
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Leendert van Doorn <leendert@cs.vu.nl>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: Your message of "Sun, 04 Aug 1996 00:12:13 MET DST."
<Pine.LNX.3.91.960804001007.23451I-100000@underground.org>
A small historical correction:
# >> 6. Buffer overflow in ping mentioned yesterday, but it's not on the
# >> stack and consequently probably not exploitable. Patch: use snprintf.
# >
# >Stack vs. heap is irrelevant. The V6 'login' overrun bug was in data
# >space, rather than on the stack, and it gave a very nice way to log in
# >as root.
... deleted ...
# >No, I don't remember the exact character string to enter ... ;-)
#
# I'm pretty sure it was something like "password<encrypted password string>"
#
# Casper
It was 6th edition su program which exhibited this behavior.
6th edition login is very careful in checking its 8 byte limit for
passwords and login names.
Leendert
P.s. Finally my quest to restore *old* tapes pays off :-)
