Bugtraq mailing list archives
Re: KSR[T] Advisory #6: deliver
From: chip () ATLANTIC NET (Chip Salzenberg)
Date: Mon, 12 Jan 1998 13:46:07 -0500
KSR's proposed patch to Deliver has a bug: According to KSR[T]:
+ char token[BUFSIZ]; /* Probably paranoid. */
+ while (isascii(*lexptr) && isalpha(*lexptr) && i < BUFSIZ)
token[i++] = *lexptr++;
token[i] = '\0';
Buffer overrun is possible here.
I suggest anyone who uses Deliver just get the current tarball:
http://www.pobox.com/~chip/deliver-2.1.13.tar.gz
--
Chip Salzenberg - a.k.a. - <chip () pobox com>
"I stopped that bus and I saved them kids!" "All except one -- the one
you let drive!" "He showed me his license..." "He was seven!!!" // MST3K
Current thread:
- Addendum to FrontPage password issue hostmaster (Jan 09)
- Re: Addendum to FrontPage password issue Kosmas Skiadopoulos (Jan 11)
- perl version of that tin opener (IOS decrypt.c) Riku Meskanen (Jan 11)
- Again: perl version of that tin opener (IOS decrypt.c) Riku Meskanen (Jan 11)
- bug in Solaris 2.6 security logging Ruth Milner [VLA] (Jan 12)
- Buffer overflows in Deliver: get 2.1.13 Chip Salzenberg (Jan 12)
- [SIGNED] Buffer overflows in Deliver: get 2.1.13 Chip Salzenberg (Jan 12)
- KSR[T] Advisory #6: deliver KSR[T] (Jan 12)
- Re: KSR[T] Advisory #6: deliver Chip Salzenberg (Jan 12)
- hole in sudo for MP-RAS. osiris () COURIER CB LUCENT COM (Jan 12)
- Re: hole in sudo for MP-RAS. Cy Schubert - ITSD Open Systems Group (Jan 12)
- Re: hole in sudo for MP-RAS. Todd C. Miller (Jan 12)
- Re: hole in sudo for MP-RAS. Cy Schubert - ITSD Open Systems Group (Jan 12)
- Re: hole in sudo for MP-RAS. Todd C. Miller (Jan 12)
- Re: hole in sudo for MP-RAS. Todd C. Miller (Jan 13)
- Re: hole in sudo for MP-RAS. dsiebert () ICAEN UIOWA EDU (Jan 12)
- Re: hole in sudo for MP-RAS. Todd C. Miller (Jan 12)
- CPSN 9:971208: Solaris /var Permission Problems CPIO Advisory Role Account (Jan 12)