[15529] in Athena Bugs


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

buffer overflows in traceroute

daemon@ATHENA.MIT.EDU (mhpower@MIT.EDU)
Wed Sep 24 03:44:00 1997

From: <mhpower@MIT.EDU>
To: bugs@MIT.EDU
Date: Wed, 24 Sep 1997 03:43:56 EDT

There appear to be a number of potential buffer overflows in the
version of traceroute built from /mit/source/athena/etc/traceroute.c,
in sections of the code such as:

			memcpy(&to->sin_addr, hp->h_addr, hp->h_length);

		(void) strcpy(hnamebuf, av[0]);

		(void) strcpy(line, cp);

Rather than suggesting specific fixes to this source code, I thought
I'd point out that the buffer-overflow problems that I've noticed
appear to be fixed in the latest version of traceroute available at
ftp://ftp.ee.lbl.gov/traceroute-1.4a5.tar.Z. In other words, I believe
it's a bug that an old version of traceroute with these problems is
installed setuid root.

Matt


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[15529] in Athena Bugs

buffer overflows in traceroute

daemon@ATHENA.MIT.EDU (mhpower@MIT.EDU)Wed Sep 24 03:44:00 1997

daemon@ATHENA.MIT.EDU (mhpower@MIT.EDU)
Wed Sep 24 03:44:00 1997