Full Disclosure mailing list archives
Re: SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow
From: KF <dotslash () snosoft com>
Date: Fri, 09 May 2003 09:50:33 -0500
Shawn McMahon wrote:
Well I am glad you can come up with a negative spin on a public notice to help those that are using this buggy software.... this hole was found last summer in a *binary* release and it was not disclosed at that time for whatever reason. Since then ListProc (CREN) has went under and I have lost the binaries and source that I was testing against. As far as the facilities to compile of course we have a linux box and other unix boxen (in fact we provide public access to them on a regular basis). ListProc needed a certain set of application tools to compile and I was really not interested in jumping through hoops to get the compile done. CREN itself could not compile the program and provide a binary to us and I am not really familiar with their development enviornment and I opted not to research the issue any further.... so sue me.On Thu, May 08, 2003 at 12:15:41PM -0500, KF said:not on hand to thoroughly test the fix. SecNetOps did not have the facilities to compile the new version of catmail in efforts to test the fix on our own. The problem appeared to be caused by a series of strcat()Huh? They can't come up with a Linux box with enough HD space to store the source code? What, does the company use PCs in their school library to do all their Important Security Consultant Work?
If you are refering to our page I really do not see how you can determine what boxen we have on our LAN simply by browsing our web page.Never mind, I just looked at their website. Maybe they truly DON'T have any Linux or other UNIX boxes.
Maybe Episode IV http://oa.eiv.com:8080/ can help the community out and compile the source at source forge and let us all know how things go. Maybe you can even bring the shawncam online again so we can watch you work! Looking at your web page you are certainly one to talk about using the school library for "Important Security Consultant Work" since half your staff looks like family I suspect EIV is ran from your house rather than the library.
-KF _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow KF (May 08)
- Re: SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow Shawn McMahon (May 09)
- Re: SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow KF (May 09)
- Re: SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow Shawn McMahon (May 09)
- Re: SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow Larry W. Cashdollar (May 09)
- Re: SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow KF (May 09)
- Re: SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow Shawn McMahon (May 09)