Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

talkd problem

From: deraadt () theos com (Theo de Raadt)
Date: Mon, 20 Jan 1997 19:46:28 -0700

Please excuse me if I say a few more things about talkd.  I was busy
driving from southern California to home when this happened... (almost
hit a fox at 1am in southern idaho... next time I'll aim better ;-)

Here's a commit log entry from the OpenBSD talkd sources:

revision 1.4
date: 1996/07/17 23:41:10;  author: deraadt;  state: Exp;  lines: +10 -8
buffer overflow from dholland () hcs HARVARD EDU; could do with some cleanup?

Note the date.

Of course, whenever any commit happens in the OpenBSD source tree, for
security or other reasons, it gets mailed to the OpenBSD
source-changes mailing list.  If I were a cracker sitting on the lists
5 months ago I'd probably have muttered to myself "talkd has a buffer
exploit.  Hmm.  Perhaps this is that new remote hole I've been looking
for now that the sendmail hole I was using is fixed. After all,
everyone uses straight BSD code".

I really like it when we get to fix a security hole 5 months before
everyone else.  "Everyone else" should do something about that.
Previous By Date Next
Previous By Thread Next

Current thread: