Bugtraq mailing list archives
Re: [linux-security] Linux NetKit-B update.
From: leendert () cs vu nl (Leendert van Doorn)
Date: Mon, 5 Aug 1996 14:55:00 +0200
A small historical correction: # >> 6. Buffer overflow in ping mentioned yesterday, but it's not on the # >> stack and consequently probably not exploitable. Patch: use snprintf. # > # >Stack vs. heap is irrelevant. The V6 'login' overrun bug was in data # >space, rather than on the stack, and it gave a very nice way to log in # >as root. ... deleted ... # >No, I don't remember the exact character string to enter ... ;-) # # I'm pretty sure it was something like "password<encrypted password string>" # # Casper It was 6th edition su program which exhibited this behavior. 6th edition login is very careful in checking its 8 byte limit for passwords and login names. Leendert P.s. Finally my quest to restore *old* tapes pays off :-)
Current thread:
- Re: [linux-security] Linux NetKit-B update. Aleph One (Aug 04)
- Re: [linux-security] Linux NetKit-B update. Leendert van Doorn (Aug 05)
- Re: login v6 ??? ALEXANDER SCHUETZ (Aug 07)