Bugtraq mailing list archives
talkd problem
From: deraadt () theos com (Theo de Raadt)
Date: Mon, 20 Jan 1997 19:46:28 -0700
Please excuse me if I say a few more things about talkd. I was busy driving from southern California to home when this happened... (almost hit a fox at 1am in southern idaho... next time I'll aim better ;-) Here's a commit log entry from the OpenBSD talkd sources: revision 1.4 date: 1996/07/17 23:41:10; author: deraadt; state: Exp; lines: +10 -8 buffer overflow from dholland () hcs HARVARD EDU; could do with some cleanup? Note the date. Of course, whenever any commit happens in the OpenBSD source tree, for security or other reasons, it gets mailed to the OpenBSD source-changes mailing list. If I were a cracker sitting on the lists 5 months ago I'd probably have muttered to myself "talkd has a buffer exploit. Hmm. Perhaps this is that new remote hole I've been looking for now that the sendmail hole I was using is fixed. After all, everyone uses straight BSD code". I really like it when we get to fix a security hole 5 months before everyone else. "Everyone else" should do something about that.
Current thread:
- Re: BoS: serious security bug in wu-ftpd v2.4 Dave Kinchlea (Jan 05)
- BoS: serious security bug in wu-ftpd v2.4 -- PATCH Dave Kinchlea (Jan 05)
- Re: BoS: serious security bug in wu-ftpd v2.4 -- PATCH Henrik P Johnson (Jan 12)
- Stronghold v1.3.3: Security Release Sean B. Hamor (Jan 13)
- [linux-security] SECURITY: Important bug fix for /sbin/login Erik Troan (Jan 16)
- Smashing the stack on a DEC Alpha Lamont Granquist (Jan 16)
- Re: Smashing the stack on a DEC Alpha Digital Dreamer (Jan 16)
- Re: Smashing the stack on a DEC Alpha Julian Assange (Jan 16)
- FreeBSD Security Advisory: SA-96:21 - talkd FreeBSD Security Officer (Jan 18)
- Re: FreeBSD Security Advisory: SA-96:21 - talkd Theo de Raadt (Jan 20)
- talkd problem Theo de Raadt (Jan 20)
- Re: talkd problem David Holland (Jan 20)
- Smashing the stack Zygo Blaxell (Jan 20)
- Re: Smashing the stack David Holland (Jan 20)
- Re: Smashing the stack Bill Sommerfeld (Jan 21)
- BoS: serious security bug in wu-ftpd v2.4 -- PATCH Dave Kinchlea (Jan 05)
- [linux-security] write(1) leak David Holland (Jan 19)
- [linux-security] write(1) leak David Holland (Jan 20)