Bugtraq mailing list archives
FreeBSD recent exploits.
From: andy () bigdog fred net (Andy Dills)
Date: Thu, 18 Jul 1996 17:42:32 -0400
Hello, I run a FreeBSD news server. I have been keeping up with the various recent security holes (the suidperl, rdist, etc.). However, since this is a full disclosure list, I must say my curiousity is piqued about the latest two. First, how would one use the hole in the ppp program? I noticed, looking at the patch, the flawed logic in some of the source code. However, since I am trying to learn C myself, I wasn't sure how they would be exploited. Secondly, the rz/sz. Is this a FreeBSD only hole, or a "bad idea" that is part of the zmodem protocol? And I am dying to see more info about it, as in, exactley what part of the protocol allows you to do this? Also, without knowing the history of rz/sz, why on earth did they include such a thing, if it was in fact a deliberate inclusion? Andy Dills
Current thread:
- Re: HP/UX 10.01 Remote Administration accoun Jeff Uphoff (Jul 18)
- Re: HP/UX 10.01 Remote Administration accoun Mark Sedlock (Jul 18)
- FreeBSD recent exploits. Andy Dills (Jul 18)
- tcp Bj|rge Eikenes (Jul 23)
- Re: tcp Brian Mitchell (Jul 23)
- dg/ux vulnerbility Brian Mitchell (Jul 23)
- vulnerability in vi under AIX 3.2 Marina Buitrago Bravo (Jul 23)
- Re: vulnerability in vi under AIX 3.2 Bill Pemberton (Jul 23)
- Re: vulnerability in vi under AIX 3.2 (IN LINUX) Nelson N. Escravana (Jul 24)
- FreeBSD recent exploits. Andy Dills (Jul 18)
- Re: FreeBSD recent exploits. Cy Schubert - ITSD Open Systems Group (Jul 23)
- Re: HP/UX 10.01 Remote Administration accoun Mark Sedlock (Jul 18)