The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

networking security holes ?

To: Debian private list <debian-private@lists.debian.org>
Subject: networking security holes ?
From: Ian Jackson <ian@chiark.chu.cam.ac.uk>
Date: Thu, 1 Aug 96 01:16 BST
Old-return-path: <ian@chiark.chu.cam.ac.uk>
Resent-cc: recipient list not shown: ;
Resent-date: 1 Aug 1996 00:16:47 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"8wcPz3.0.H4.lT__n"@vega>
Resent-sender: debian-private-request@lists.debian.org

See the message below, which was sent to linux-alert.  Have we got all
these fixes yet ?

Ian.

------- start of forwarded message (RFC 934 encapsulation) -------
Return-Path: <owner-linux-alert@tarsier.cv.nrao.edu>
Message-Id: <199607240541.BAA18220@hcs.HARVARD.EDU>
From: David Holland <dholland@hcs.harvard.edu>
To: linux-alert@tarsier.cv.nrao.edu, bugtraq@crimelab.com
Subject: [linux-alert] Linux NetKit-B update.
Date: Wed, 24 Jul 1996 01:41:12 -0400 (EDT)

Linux NetKit-B-0.07 has been released (check comp.os.linux.announce
for details).

This fixes the following security problems/hazards:

1. Possible overrun copying DNS results into a buffer on the stack in
fingerd while processing the linux-specific -w ("welcome banner")
option. Patch: convert sprintf to snprintf.

2. Possible overrun copying DNS results into a buffer on the stack in
talkd. This affected FreeBSD, NetBSD, and OpenBSD as well; all have
integrated a fix into the current development tree. It may affect
vendors... Patch: convert sprintf to snprintf in announce.c.

3. Possible overrun copying $TERM into a buffer on the stack in
rlogin. This affects lots of platforms, but has been mentioned here
before I think. Patch: use snprintf or strncpy.

4. Suspicious (but not necessarily exploitable) handling of buffers on
the stack in rshd. Patch: convert sprintf to snprintf.

5. rsh didn't drop root before execing rlogin. This is not a big deal
except in conjunction with (3) -- chmod -s on rlogin is *not*
sufficient. 

6. Buffer overflow in ping mentioned yesterday, but it's not on the
stack and consequently probably not exploitable. Patch: use snprintf.

7. Integrated a fix for the telnetd environment bug (old news, but it
hadn't got into the standard linux sources yet.)

Also, there was a bug in sliplogin where it did "setuid(0); system()"
without clearing the environment. A fixed version has been available
for Linux and FreeBSD for some time, but the news had not reached
NetBSD until last week. Vendor versions could be vulnerable.

- -- 
   - David A. Holland          | Number of words in the English language that
     dholland@hcs.harvard.edu  | exist because of typos or misreadings: 381
------- end -------

Prev by Date: Re: GNU people including Debian stuff in their Makefiles
Next by Date: lrzsz ? Re: forwarded message from CERT Bulletin
Previous by thread: Re: Bug#3977: linux-security] LSF Update#11: Vulnerability of rlogin (fwd)
Next by thread: lrzsz ? Re: forwarded message from CERT Bulletin
Index(es):
- Date
- Thread