Bugtraq mailing list archives
Re: KSR[T] Advisory #6: deliver
From: chip () ATLANTIC NET (Chip Salzenberg)
Date: Mon, 12 Jan 1998 13:46:07 -0500
KSR's proposed patch to Deliver has a bug: According to KSR[T]:
+ char token[BUFSIZ]; /* Probably paranoid. */ + while (isascii(*lexptr) && isalpha(*lexptr) && i < BUFSIZ) token[i++] = *lexptr++; token[i] = '\0';
Buffer overrun is possible here. I suggest anyone who uses Deliver just get the current tarball: http://www.pobox.com/~chip/deliver-2.1.13.tar.gz -- Chip Salzenberg - a.k.a. - <chip () pobox com> "I stopped that bus and I saved them kids!" "All except one -- the one you let drive!" "He showed me his license..." "He was seven!!!" // MST3K
Current thread:
- Addendum to FrontPage password issue hostmaster (Jan 09)
- Re: Addendum to FrontPage password issue Kosmas Skiadopoulos (Jan 11)
- perl version of that tin opener (IOS decrypt.c) Riku Meskanen (Jan 11)
- Again: perl version of that tin opener (IOS decrypt.c) Riku Meskanen (Jan 11)
- bug in Solaris 2.6 security logging Ruth Milner [VLA] (Jan 12)
- Buffer overflows in Deliver: get 2.1.13 Chip Salzenberg (Jan 12)
- [SIGNED] Buffer overflows in Deliver: get 2.1.13 Chip Salzenberg (Jan 12)
- KSR[T] Advisory #6: deliver KSR[T] (Jan 12)
- Re: KSR[T] Advisory #6: deliver Chip Salzenberg (Jan 12)
- hole in sudo for MP-RAS. osiris () COURIER CB LUCENT COM (Jan 12)
- Re: hole in sudo for MP-RAS. Cy Schubert - ITSD Open Systems Group (Jan 12)
- Re: hole in sudo for MP-RAS. Todd C. Miller (Jan 12)
- Re: hole in sudo for MP-RAS. Cy Schubert - ITSD Open Systems Group (Jan 12)
- Re: hole in sudo for MP-RAS. Todd C. Miller (Jan 12)
- Re: hole in sudo for MP-RAS. Todd C. Miller (Jan 13)
- Re: hole in sudo for MP-RAS. dsiebert () ICAEN UIOWA EDU (Jan 12)
- Re: hole in sudo for MP-RAS. Todd C. Miller (Jan 12)
- CPSN 9:971208: Solaris /var Permission Problems CPIO Advisory Role Account (Jan 12)