Full Disclosure mailing list archives

Sharutils buggy?

From: full-disclosure () lists netsys com (Peter Bieringer)
Date: Tue, 16 Jul 2002 09:12:53 +0200


--On Tuesday, July 16, 2002 01:24:30 AM +0200 martin f krafft
<madduck () madduck net> wrote:

I'd like to get some educated thoughts and opinions on a recently
found potential bug:

  http://www.aerasec.de/security/index.html?lang=en&id=ae-200205-037
  http://online.securityfocus.com/bid/4742
  http://www.aerasec.de/security/index.html?lang=en&id=ae-200205-049
  http://www.aerasec.de/security/index.html?lang=en&id=ae-200204-033
  http://bugs.debian.org/149454
  http://www.kb.cert.org/vuls/id/336083


One additial memo:

The original advisory and afaik the fixed version from RHL still not
metioned that devices also are candidates for overwriting.

Think about

begin 666 /dev/hda
...


        Peter

Current thread:

Sharutils buggy? martin f krafft (Jul 15)
- Sharutils buggy? Roland Postle (Jul 15)
  - Sharutils buggy? Charles 'core' Stevenson (Jul 15)
- Sharutils buggy? Charles 'core' Stevenson (Jul 15)
  - Sharutils buggy? Charles 'core' Stevenson (Jul 15)
    - Sharutils buggy? Charles 'core' Stevenson (Jul 15)
    - Sharutils buggy? KF (Jul 15)
    - Sharutils buggy? KF (Jul 15)
- Sharutils buggy? Peter Bieringer (Jul 16)
  - Sharutils buggy? Charles 'core' Stevenson (Jul 16)