Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Fw: bug in uml_net

From: "GaLiaRePt" <galiarept () phreaker net>
Date: Fri, 23 May 2003 23:10:21 +0200
There is a vulnerability in uml_net. The latest version is vulnerable too.
The problem is the lack of bounds checking in uml_net.c from uml_utilities,
A possible attack could lead to root compromise on some systems since for
example uml_net comes suided root in RH 8.0 by default.

Suggested patch:

- if(v > CURRENT_VERSION){
+ if ((v > CURRENT_VERSION) || (v < 0)) {

Contact: ktha () hushmail com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: