[32762] in bugtraq
Re: ebola 0.1.4 remote exploit
daemon@ATHENA.MIT.EDU (Paul L Daniels)
Tue Dec 9 20:00:00 2003
Date: Wed, 10 Dec 2003 06:54:43 +1000
From: Paul L Daniels <pldaniels@pldaniels.com>
To: bugtraq@securityfocus.com
Message-Id: <20031210065443.28b35b12.pldaniels@pldaniels.com>
In-Reply-To: <001c01c3be77$1e2913a0$78bd5452@c0wboy>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Please note that this has also been fixed in 0.1.5 which has been available now for well over a week (Thanks to KF's
work at Snosoft).
There were many 'exploits' in version 0.1.4 due to the use of sprintf() calls through out the codebase. These have all
been changed over to the safer usage of snprintf(). Certainly there may still be more exploits in the codebase as the
codebase is no longer actively maintained (apart from when I receive bug/exploit reports), hence it would only be
productive to use the latest release for your hunting.
Furthermore, I believe there's a proceedure and protocol for disclosure of bugs/exploits, please, I would appeciate it
if in future that was used.
Regards.
--
Paul L Daniels http://www.pldaniels.com
Linux/Unix systems Internet Development
ICQ#103642862,AOL:pldsoftware,Yahoo:pldaniels73
A.B.N. 19 500 721 806
