Bugtraq mailing list archives
Re: Buffer overflow in bing
From: Kris Kennaway <kris () FREEBSD ORG>
Date: Mon, 22 Jan 2001 17:33:40 -0800
On Fri, Jan 19, 2001 at 08:30:01PM +0100, Pierre Beyssac wrote:
On Fri, Jan 19, 2001 at 06:52:27PM +0100, Paul Starzetz wrote:The buffer overflowed is a 80 byte static local buffer: static char buf[80];It is patched by default in FreeBSD's package collection. Here's the patch below (author: jseger () freebsd org).
Actually, the patch was mine :-) ---------------------------- revision 1.1 date: 2000/03/05 05:30:54; author: kris; state: Exp; This is a setuid root binary. sprintf()s of DNS hostnames into undersized buffers are bad. Fix this. It should also drop privileges for extra safety, but doesn't. ============================================================================= Kris -- NOTE: To fetch an updated copy of my GPG key which has not expired, finger kris () FreeBSD org
Attachment:
_bin
Description:
Current thread:
- Buffer overflow in bing Paul Starzetz (Jan 22)
- Re: Buffer overflow in bing Pierre Beyssac (Jan 22)
- Re: Buffer overflow in bing Kris Kennaway (Jan 23)
- Re: Buffer overflow in bing Pierre Beyssac (Jan 22)