Bugtraq mailing list archives

Re: another hanterm exploit

From: Jose Nazario <jose () biocserver BIOC cwru edu>
Date: Sat, 9 Feb 2002 00:59:40 -0500 (EST)

On Thu, 7 Feb 2002, Stuart Moore wrote:

There was a FreeBSD fix announced back in July 2002
(FreeBSD-SA-01:41), but I haven't seen any other vendor fixes.


openbsd isn't subject to root (or privilidged) compromise by this if you
install hanterm from ports. a patch in the makefile in ports installs this
NOT suid, but 0711.

the code needs a serious review, its in pretty bad shape.

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)

Current thread:

another hanterm exploit Stuart Moore (Feb 08)
- Re: another hanterm exploit Jose Nazario (Feb 08)