Bugtraq mailing list archives
Re: L0pht Advisory: modstat
From: eivind () DIMAGA COM (Eivind Eklund)
Date: Tue, 10 Dec 1996 11:29:16 +0100
L0pht Security Advisory Advisory released Dec 9 1996 Application: modstat Vulnerability Scope: systems with the *BSD distribution of modstat sgid kmem Author: mudge () l0pht com The problem exists in the dostat() routine where an arbitrary sized string is shoved into sbuf.name through a strcpy().
Here is a patch for FreeBSD 2.1.6 (should be extremely similar on other BSD 4.4 derivates) 75,80c75,77 < if (modname != NULL) { < strncpy(sbuf.name, modname, sizeof(sbuf.name)); < sbuf.name[sizeof(sbuf.name)-1] = 0; /* Ensure termination */ < } else { < sbuf.name[0] = 0; < } ---
if (modname != NULL) strcpy(sbuf.name, modname);
This also fix a minor bug with an uninitialized printf() %s parameter if passed a NULL modname. -- Eivind Eklund gopher://nic.follonett.no:79/0eivind Work: eivind () dimaga com http://www.dimaga.com/ Home: perhaps () yes no http://maybes.yes.no/perhaps/ All of the above is a product of either your or my imagination, and not official.
Current thread:
- Re: L0pht Advisory: modstat Eivind Eklund (Dec 10)
- Re: L0pht Advisory: modstat J Wunsch (Dec 11)
- CIAC Bulletin H-13: IBM AIX(r) Security Vulnerabilities David Crawford (Dec 11)
- <Possible follow-ups>
- Re: L0pht Advisory: modstat Jason R. Mastaler (Dec 10)